backwards compatibility with SQL format
[strongswan.git] / src / libstrongswan / credentials / certificates / certificate.h
index cc3f73a..0399d92 100644 (file)
@@ -47,8 +47,16 @@ enum certificate_type_t {
        CERT_X509_AC,
        /** trusted, preinstalled public key */
        CERT_TRUSTED_PUBKEY,
+       /** PKCS#10 certificate request */
+       CERT_PKCS10_REQUEST,
        /** PGP certificate */
-       CERT_PGP,
+       CERT_GPG,
+       /** Pluto cert_t (not a certificate_t), either x509 or PGP */
+       CERT_PLUTO_CERT,
+       /** Pluto x509acert_t (not a certificate_t), attribute certificate */
+       CERT_PLUTO_AC,
+       /** Pluto x509crl_t (not a certificate_t), certificate revocation list */
+       CERT_PLUTO_CRL,
 };
 
 /**
@@ -58,18 +66,20 @@ extern enum_name_t *certificate_type_names;
 
 /**
  * Result of a certificate validation.
+ *
+ * Order of values is relevant, sorted from good to bad.
  */
 enum cert_validation_t {
        /** certificate has been validated successfully */
-       VALIDATION_GOOD,
-       /** validation failed, certificate is revoked */
-       VALIDATION_REVOKED,
-       /* ocsp status is unknown or crl is stale */
-       VALIDATION_UNKNOWN,
-       /** validation process failed due to an error */
-       VALIDATION_FAILED,
-       /** validation has been skipped (no cdps available) */
+       VALIDATION_GOOD = 0,
+       /** validation has been skipped due to missing validation information */
        VALIDATION_SKIPPED,
+       /** certificate has been validated, but check based on stale information */
+       VALIDATION_STALE,
+       /** validation failed due to a processing error */
+       VALIDATION_FAILED,
+       /** certificate has been revoked */
+       VALIDATION_REVOKED,
 };
 
 /**
@@ -80,7 +90,7 @@ extern enum_name_t *cert_validation_names;
 /**
  * An abstract certificate.
  *
- * A certificate designs a subject-issuer relationship. It may have an 
+ * A certificate designs a subject-issuer relationship. It may have an
  * associated public key.
  */
 struct certificate_t {
@@ -88,7 +98,7 @@ struct certificate_t {
        /**
         * Get the type of the certificate.
         *
-        * @return                      certifcate type
+        * @return                      certificate type
         */
        certificate_type_t (*get_type)(certificate_t *this);
 
@@ -98,7 +108,7 @@ struct certificate_t {
         * @return                      subject identity
         */
        identification_t* (*get_subject)(certificate_t *this);
-       
+
        /**
         * Check if certificate contains a subject ID.
         *
@@ -109,14 +119,14 @@ struct certificate_t {
         * @return                      matching value of best match
         */
        id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
-               
+
        /**
         * Get the issuer which signed this certificate.
         *
         * @return                      issuer identity
         */
        identification_t* (*get_issuer)(certificate_t *this);
-       
+
        /**
         * Check if certificate contains an issuer ID.
         *
@@ -127,27 +137,22 @@ struct certificate_t {
         * @return                      matching value of best match
         */
        id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
-       
+
        /**
-        * Check if this certificate is issued by a specific issuer.
+        * Check if this certificate is issued and signed by a specific issuer.
         *
-        * As signature verification is computional expensive, it is optional 
-        * and may be skipped. While this is not sufficient for verification
-        * purposes, it is to e.g. find matching certificates.
-        * 
         * @param issuer        issuer's certificate
-        * @param checksig      TRUE to verify signature, FALSE to compare issuer only
         * @return                      TRUE if certificate issued by issuer and trusted
         */
-       bool (*issued_by)(certificate_t *this, certificate_t *issuer, bool checksig);
-       
+       bool (*issued_by)(certificate_t *this, certificate_t *issuer);
+
        /**
         * Get the public key associated to this certificate.
         *
         * @return                      newly referenced public_key, NULL if none available
         */
        public_key_t* (*get_public_key)(certificate_t *this);
-       
+
        /**
         * Check the lifetime of the certificate.
         *
@@ -158,21 +163,21 @@ struct certificate_t {
         */
        bool (*get_validity)(certificate_t *this, time_t *when,
                                                 time_t *not_before, time_t *not_after);
-       
+
        /**
         * Is this newer than that?
         *
         * @return                      TRUE if newer, FALSE otherwise
         */
        bool (*is_newer)(certificate_t *this, certificate_t *that);
-       
+
        /**
         * Get the certificate in an encoded form.
         *
         * @return                              allocated chunk of encoded cert
         */
        chunk_t (*get_encoding)(certificate_t *this);
-       
+
        /**
         * Check if two certificates are equal.
         *
@@ -180,18 +185,18 @@ struct certificate_t {
         * @return                              TRUE if certificates are equal
         */
        bool (*equals)(certificate_t *this, certificate_t *other);
-       
+
        /**
         * Get a new reference to the certificate.
         *
-        * @return                      this, with an increased refcount 
+        * @return                      this, with an increased refcount
         */
        certificate_t* (*get_ref)(certificate_t *this);
-       
+
        /**
-     * Destroy a certificate.
-     */
-    void (*destroy)(certificate_t *this);
+        * Destroy a certificate.
+        */
+       void (*destroy)(certificate_t *this);
 };
 
-#endif /* CERTIFICATE_H_ @}*/
+#endif /** CERTIFICATE_H_ @}*/