src/scepclient/scep.h

   1 /**
   2  * @file scep.h
   3  * @brief SCEP specific functions
   4  *
   5  * Contains functions to build and parse SCEP requests and replies
   6  */
   7
   8 /*
   9  * Copyright (C) 2005 Jan Hutter, Martin Willi
  10  * Hochschule fuer Technik Rapperswil
  11  *
  12  * This program is free software; you can redistribute it and/or modify it
  13  * under the terms of the GNU General Public License as published by the
  14  * Free Software Foundation; either version 2 of the License, or (at your
  15  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  16  *
  17  * This program is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  19  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  20  * for more details.
  21  */
  22
  23 #ifndef _SCEP_H
  24 #define _SCEP_H
  25
  26 #include "../pluto/defs.h"
  27 #include "../pluto/pkcs1.h"
  28 #include "../pluto/pkcs7.h"
  29
  30 /* supported SCEP operation types */
  31 typedef enum {
  32         SCEP_PKI_OPERATION,
  33         SCEP_GET_CA_CERT
  34 } scep_op_t;
  35
  36 /* SCEP pkiStatus values */
  37 typedef enum {
  38    SCEP_SUCCESS,
  39    SCEP_FAILURE,
  40    SCEP_PENDING,
  41    SCEP_UNKNOWN
  42 } pkiStatus_t;
  43
  44 /* SCEP messageType values */
  45 typedef enum {
  46    SCEP_CertRep_MSG,
  47    SCEP_PKCSReq_MSG,
  48    SCEP_GetCertInitial_MSG,
  49    SCEP_GetCert_MSG,
  50    SCEP_GetCRL_MSG,
  51    SCEP_Unknown_MSG
  52 } scep_msg_t;
  53
  54 /* SCEP failure reasons */
  55 typedef enum {
  56    SCEP_badAlg_REASON =          0,
  57    SCEP_badMessageCheck_REASON = 1,
  58    SCEP_badRequest_REASON =      2,
  59    SCEP_badTime_REASON =         3,
  60    SCEP_badCertId_REASON =       4,
  61    SCEP_unknown_REASON =         5
  62 } failInfo_t;
  63
  64 /* SCEP attributes */
  65 typedef struct {
  66         scep_msg_t  msgType;
  67         pkiStatus_t pkiStatus;
  68         failInfo_t  failInfo;
  69         chunk_t     transID;
  70         chunk_t     senderNonce;
  71         chunk_t     recipientNonce;
  72 } scep_attributes_t;
  73
  74 extern const scep_attributes_t empty_scep_attributes;
  75
  76 extern bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
  77 extern void scep_generate_pkcs10_fingerprint(chunk_t pkcs10
  78         , chunk_t *fingerprint);
  79 extern void scep_generate_transaction_id(const RSA_public_key_t *rsak
  80         , chunk_t *transID, chunk_t *serialNumber);
  81 extern chunk_t scep_transId_attribute(chunk_t transaction_id);
  82 extern chunk_t scep_messageType_attribute(scep_msg_t m);
  83 extern chunk_t scep_senderNonce_attribute(void);
  84 extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg
  85         , const x509cert_t *enc_cert, int enc_alg
  86         , const x509cert_t *signer_cert, int digest_alg
  87         , const RSA_private_key_t *private_key);
  88 extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op
  89         ,  bool http_get_request, chunk_t *response);
  90 extern err_t scep_parse_response(chunk_t response, chunk_t transID
  91         , contentInfo_t *data, scep_attributes_t *attrs, x509cert_t *signer_cert);
  92
  93 #endif /* _SCEP_H */