libimcv: Fixed processing of PTS Simple Component Evidence
[strongswan.git] / src / pki / pki.h
1 /*
2 * Copyright (C) 2015-2017 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup pki pki
19 *
20 * @addtogroup pki
21 * @{
22 */
23
24 #ifndef PKI_H_
25 #define PKI_H_
26
27 #include "command.h"
28
29 #include <library.h>
30 #include <selectors/traffic_selector.h>
31 #include <credentials/keys/private_key.h>
32
33 /**
34 * Convert a form string to a encoding type
35 */
36 bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type);
37
38 /**
39 * Calculate start/end lifetime for certificates.
40 *
41 * If both nbstr and nastr are given, span is ignored. Otherwise missing
42 * arguments are calculated, or assumed to be now.
43 *
44 * @param format strptime() format, NULL for default: %d.%m.%y %T
45 * @param nbstr string describing notBefore datetime, or NULL
46 * @param nastr string describing notAfter datetime, or NULL
47 * @param span lifetime span, from notBefore to notAfter
48 * @param nb calculated notBefore time
49 * @param na calculated notAfter time
50 * @return TRUE of nb/na calculated successfully
51 */
52 bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
53 time_t *nb, time_t *na);
54
55 /**
56 * Set output file mode appropriate for credential encoding form on Windows
57 */
58 void set_file_mode(FILE *stream, cred_encoding_type_t enc);
59
60 /**
61 * Determine the signature scheme and parameters for the given private key and
62 * hash algorithm and whether to use PSS padding for RSA.
63 *
64 * @param private private key
65 * @param digest hash algorithm (if HASH_UNKNOWN a default is determined
66 * based on the key)
67 * @param pss use PSS padding for RSA keys
68 * @return allocated signature scheme and parameters
69 */
70 signature_params_t *get_signature_scheme(private_key_t *private,
71 hash_algorithm_t digest, bool pss);
72
73 /**
74 * Create a traffic selector from a CIDR or range string.
75 *
76 * @param str input string, either a.b.c.d/e or a.b.c.d-e.f.g.h
77 * @return traffic selector, NULL on error
78 */
79 traffic_selector_t* parse_ts(char *str);
80
81 #endif /** PKI_H_ @}*/