Class representing an IPsec SA added
[strongswan.git] / src / scepclient / scep.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2005 Jan Hutter, Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #ifndef _SCEP_H
18 #define _SCEP_H
19
20 #include <crypto/pkcs7.h>
21 #include <credentials/certificates/certificate.h>
22
23 /* supported SCEP operation types */
24 typedef enum {
25 SCEP_PKI_OPERATION,
26 SCEP_GET_CA_CERT
27 } scep_op_t;
28
29 /* SCEP pkiStatus values */
30 typedef enum {
31 SCEP_SUCCESS,
32 SCEP_FAILURE,
33 SCEP_PENDING,
34 SCEP_UNKNOWN
35 } pkiStatus_t;
36
37 /* SCEP messageType values */
38 typedef enum {
39 SCEP_CertRep_MSG,
40 SCEP_PKCSReq_MSG,
41 SCEP_GetCertInitial_MSG,
42 SCEP_GetCert_MSG,
43 SCEP_GetCRL_MSG,
44 SCEP_Unknown_MSG
45 } scep_msg_t;
46
47 /* SCEP failure reasons */
48 typedef enum {
49 SCEP_badAlg_REASON = 0,
50 SCEP_badMessageCheck_REASON = 1,
51 SCEP_badRequest_REASON = 2,
52 SCEP_badTime_REASON = 3,
53 SCEP_badCertId_REASON = 4,
54 SCEP_unknown_REASON = 5
55 } failInfo_t;
56
57 /* SCEP attributes */
58 typedef struct {
59 scep_msg_t msgType;
60 pkiStatus_t pkiStatus;
61 failInfo_t failInfo;
62 chunk_t transID;
63 chunk_t senderNonce;
64 chunk_t recipientNonce;
65 } scep_attributes_t;
66
67 extern const scep_attributes_t empty_scep_attributes;
68
69 bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
70 void scep_generate_transaction_id(public_key_t *key,
71 chunk_t *transID,
72 chunk_t *serialNumber);
73 chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
74 chunk_t scep_transId_attribute(chunk_t transaction_id);
75 chunk_t scep_messageType_attribute(scep_msg_t m);
76 chunk_t scep_senderNonce_attribute(void);
77 chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
78 certificate_t *enc_cert, encryption_algorithm_t enc_alg,
79 size_t key_size, certificate_t *signer_cert,
80 hash_algorithm_t digest_alg, private_key_t *private_key);
81 bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
82 bool http_get_request, chunk_t *response);
83 err_t scep_parse_response(chunk_t response, chunk_t transID,
84 pkcs7_t **data, scep_attributes_t *attrs,
85 certificate_t *signer_cert);
86
87 #endif /* _SCEP_H */