8d4602dc6939acb327a8c47a5cd960a0136939db
[strongswan.git] / src / pluto / ca.h
1 /* Certification Authority (CA) support for IKE authentication
2 * Copyright (C) 2002-2004 Andreas Steffen, Zuercher Hochschule Winterthur
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: ca.h,v 1.5 2005/12/25 12:28:40 as Exp $
15 */
16
17 #ifndef _CA_H
18 #define _CA_H
19
20 #include "x509.h"
21 #include "whack.h"
22
23 #define MAX_CA_PATH_LEN 7
24
25 /* authority flags */
26
27 #define AUTH_NONE 0x00 /* no authorities */
28 #define AUTH_CA 0x01 /* certification authority */
29 #define AUTH_AA 0x02 /* authorization authority */
30 #define AUTH_OCSP 0x04 /* ocsp signing authority */
31
32 /* CA info structures */
33
34 typedef struct ca_info ca_info_t;
35
36 struct ca_info {
37 ca_info_t *next;
38 char *name;
39 time_t installed;
40 chunk_t authName;
41 chunk_t authKeyID;
42 chunk_t authKeySerialNumber;
43 char *ldaphost;
44 char *ldapbase;
45 char *ocspuri;
46 generalName_t *crluri;
47 bool strictcrlpolicy;
48 };
49
50 extern bool trusted_ca(chunk_t a, chunk_t b, int *pathlen);
51 extern bool match_requested_ca(generalName_t *requested_ca
52 , chunk_t our_ca, int *our_pathlen);
53 extern x509cert_t* get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid
54 , u_char auth_flags);
55 extern void load_authcerts(const char *type, const char *path
56 , u_char auth_flags);
57 extern bool add_authcert(x509cert_t *cert, u_char auth_flags);
58 extern void free_authcerts(void);
59 extern void list_authcerts(const char *caption, u_char auth_flags, bool utc);
60 extern bool trust_authcert_candidate(const x509cert_t *cert
61 , const x509cert_t *alt_chain);
62 extern ca_info_t* get_ca_info(chunk_t name, chunk_t serial, chunk_t keyid);
63 extern bool find_ca_info_by_name(const char *name, bool delete);
64 extern void add_ca_info(const whack_message_t *msg);
65 extern void delete_ca_info(const char *name);
66 extern void free_ca_infos(void);
67 extern void list_ca_infos(bool utc);
68
69 #endif /* _CA_H */
70