implemented dynamic http-based CRL fetching
[strongswan.git] / src / libstrongswan / crypto / ca.h
index 1b2e33e..440ac4f 100644 (file)
@@ -28,6 +28,8 @@ typedef struct ca_info_t ca_info_t;
 #include <library.h>
 #include <chunk.h>
 
+#include <credential_store.h>
+
 #include "x509.h"
 #include "crl.h"
 
@@ -103,15 +105,34 @@ struct ca_info_t {
        bool (*has_crl) (ca_info_t *this);
 
        /**
+        * @brief Does the CA have OCSP certinfos?
+        * 
+        * @param this                  ca info object
+        * @return                              TRUE if there are any certinfos
+        */
+       bool (*has_certinfos) (ca_info_t *this);
+
+       /**
         * @brief List the CRL onto the console
         * 
         * @param this                  ca info object
+        * @param out                   output stream
         * @param utc                   TRUE -  utc
                                                        FALSE - local time
         */
        void (*list_crl) (ca_info_t *this, FILE *out, bool utc);
 
        /**
+        * @brief List the OCSP certinfos onto the console
+        * 
+        * @param this                  ca info object
+        * @param out                   output stream
+        * @param utc                   TRUE -  utc
+                                                       FALSE - local time
+        */
+       void (*list_certinfos) (ca_info_t *this, FILE *out, bool utc);
+
+       /**
         * @brief Adds a CRL URI to a list
         * 
         * @param this                  ca info object
@@ -139,21 +160,27 @@ struct ca_info_t {
         * @brief Verify the status of a certificate by CRL
         * 
         * @param this                  ca info object
-        * @param cert                  certificate to be verified
         * @param certinfo              detailed certificate status information
         * @return                              certificate status
         */
-       cert_status_t (*verify_by_crl) (ca_info_t* this, const x509_t* cert, certinfo_t* certinfo);
+       cert_status_t (*verify_by_crl) (ca_info_t* this, certinfo_t* certinfo);
 
        /**
         * @brief Verify the status of a certificate by OCSP
         * 
         * @param this                  ca info object
-        * @param cert                  certificate to be verified
         * @param certinfo              detailed certificate status information
+        * @param credentials   credential store needed for trust path verification
         * @return                              certificate status
         */
-       cert_status_t (*verify_by_ocsp) (ca_info_t* this, const x509_t* cert, certinfo_t* certinfo);
+       cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials);
+
+       /**
+        * @brief Purge the OCSP certinfos of a ca info record
+        * 
+        * @param this                  ca info object
+        */
+       void (*purge_ocsp) (ca_info_t *this);
 
        /**
         * @brief Destroys a ca info record