moved credential_store.h from charon/config/credentials to libstrongswan
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 9 Mar 2007 16:50:19 +0000 (16:50 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 9 Mar 2007 16:50:19 +0000 (16:50 -0000)
src/charon/Makefile.am
src/charon/config/credentials/credential_store.h [deleted file]
src/charon/config/credentials/local_credential_store.h
src/charon/daemon.h

index 692ffeb..0eb3b49 100644 (file)
@@ -15,7 +15,7 @@ config/connections/local_connection_store.c config/connections/local_connection_
 config/policies/policy.c config/policies/policy.h \
 config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \
 config/credentials/local_credential_store.c config/credentials/local_credential_store.h \
-config/credentials/credential_store.h config/traffic_selector.c config/traffic_selector.h \
+config/traffic_selector.c config/traffic_selector.h \
 config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
 sa/authenticators/eap_authenticator.h sa/authenticators/eap_authenticator.c \
 sa/authenticators/eap/eap_method.h sa/authenticators/eap/eap_method.c \
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h
deleted file mode 100755 (executable)
index e19f147..0000000
+++ /dev/null
@@ -1,285 +0,0 @@
-/**
- * @file credential_store.h
- * 
- * @brief Interface credential_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CREDENTIAL_STORE_H_
-#define CREDENTIAL_STORE_H_
-
-typedef struct credential_store_t credential_store_t;
-
-#include <library.h>
-#include <crypto/x509.h>
-#include <crypto/ca.h>
-#include <crypto/rsa/rsa_private_key.h>
-#include <crypto/rsa/rsa_public_key.h>
-#include <utils/identification.h>
-
-
-/**
- * @brief The interface for a credential_store backend.
- *
- * @b Constructors:
- *  - stroke_create()
- *
- * @ingroup config
- */
-struct credential_store_t { 
-
-       /**
-        * @brief Returns the secret shared by two specific IDs.
-        * 
-        * The returned chunk must be destroyed by the caller after usage.
-        * 
-        * @param this                                  calling object
-        * @param my_id                                 my ID identifiying the secret.
-        * @param other_id                              peer ID identifying the secret.
-        * @param[out] secret                   the pre-shared secret will be written there.
-        * @return
-        *                                                              - NOT_FOUND     if no preshared secrets for specific ID could be found
-        *                                                              - SUCCESS
-        *
-        */     
-       status_t (*get_shared_key) (credential_store_t *this, identification_t *my_id, identification_t *other_id, chunk_t *shared_key);
-       
-       /**
-        * @brief Returns the RSA public key of a specific ID.
-        * 
-        * @param this                                  calling object
-        * @param id                                    identification_t object identifiying the key.
-        * @return                                              public key, or NULL if not found
-        */
-       rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id);
-       
-       /**
-        * @brief Returns the RSA public key of a specific ID if is trusted
-        * 
-        * @param this                                  calling object
-        * @param id                                    identification_t object identifiying the key.
-        * @return                                              public key, or NULL if not found or not trusted
-        */
-       rsa_public_key_t* (*get_trusted_public_key) (credential_store_t *this, identification_t *id);
-       
-       /**
-        * @brief Returns the RSA private key belonging to an RSA public key
-        * 
-        * The returned rsa_private_key_t must be destroyed by the caller after usage.
-        * 
-        * @param this                                  calling object
-        * @param pubkey                                public key 
-        * @return                                              private key, or NULL if not found
-        */     
-       rsa_private_key_t* (*get_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
-
-       /**
-        * @brief Is there a matching RSA private key belonging to an RSA public key?
-        * 
-        * @param this                                  calling object
-        * @param pubkey                                public key 
-        * @return                                              TRUE if matching private key was found 
-        */     
-       bool (*has_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
-
-       /**
-        * @brief Returns the certificate of a specific ID.
-        * 
-        * @param this                                  calling object
-        * @param id                                    identification_t object identifiying the cert.
-        * @return                                              certificate, or NULL if not found
-        */
-       x509_t* (*get_certificate) (credential_store_t *this, identification_t *id);
-       
-       /**
-        * @brief Returns the auth certificate of a specific subject distinguished name.
-        * 
-        * @param this                                  calling object
-        * @param auth_flags                    set of allowed authority types
-        * @param id                                    identification_t object identifiying the cacert.
-        * @return                                              certificate, or NULL if not found
-        */
-       x509_t* (*get_auth_certificate) (credential_store_t *this, u_int auth_flags, identification_t *id);
-       
-       /**
-        * @brief Returns the ca certificate of a specific keyID.
-        * 
-        * @param this                                  calling object
-        * @param keyid                                 identification_t object identifiying the cacert.
-        * @return                                              certificate, or NULL if not found
-        */
-       x509_t* (*get_ca_certificate_by_keyid) (credential_store_t *this, chunk_t keyid);
-       
-       /**
-        * @brief Returns the issuing ca of a given certificate.
-        * 
-        * @param this                                  calling object
-        * @param cert                                  certificate for which issuer ca info is required
-        * @return                                              ca info, or NULL if not found
-        */
-       ca_info_t* (*get_issuer) (credential_store_t *this, const x509_t* cert);
-
-       /**
-        * @brief Verify an X.509 certificate up to trust anchor without any status checks
-        *
-        * @param this          calling object
-        * @param cert          certificate to be verified
-        * @return                      TRUE if trusted
-        */
-       bool (*is_trusted) (credential_store_t *this, x509_t *cert);
-
-       /**
-        * @brief Verify an X.509 certificate up to trust anchor including status checks
-        *
-        * @param this          calling object
-        * @param cert          certificate to be verified
-        * @param found         found a certificate copy in the credential store
-        * @return                      TRUE if valid, trusted, and current status is good
-        */
-       bool (*verify) (credential_store_t *this, x509_t *cert, bool *found);
-
-       /**
-        * @brief If an end certificate does not already exists in the credential store then add it.
-        *
-        * @param this          calling object
-        * @param cert          certificate to be added
-        * @return                      pointer to the added or already existing certificate
-        */
-       x509_t* (*add_end_certificate) (credential_store_t *this, x509_t *cert);
-
-       /**
-        * @brief If an authority certificate does not already exists in the credential store then add it.
-        *
-        * @param this                  calling object
-        * @param cert                  authority certificate to be added
-        * @param auth_flag             authority flags to add to the certificate
-        * @return                              pointer to the added or already existing certificate
-        */
-       x509_t* (*add_auth_certificate) (credential_store_t *this, x509_t *cert, u_int auth_flag);
-
-       /**
-        * @brief If a ca info record does not already exists in the credential store then add it.
-        *
-        * @param this          calling object
-        * @param ca_info       ca info record to be added
-        */
-       void (*add_ca_info) (credential_store_t *this, ca_info_t *ca_info);
-
-       /**
-        * @brief Release a ca info record with a given name.
-        *
-        * @param this          calling object
-        * @param name          name of the ca info record to be released
-        * @return
-        *                                                      - SUCCESS, or
-        *                                                      - NOT_FOUND
-        */
-       status_t (*release_ca_info) (credential_store_t *this, const char *name);
-
-       /**
-        * @brief Create an iterator over all end certificates.
-        *
-        * @param this          calling object
-        * @return                      iterator
-        */
-       iterator_t* (*create_cert_iterator) (credential_store_t *this);
-
-       /**
-        * @brief Create an iterator over all authority certificates.
-        *
-        * @param this          calling object
-        * @return                      iterator
-        */
-       iterator_t* (*create_auth_cert_iterator) (credential_store_t *this);
-
-       /**
-        * @brief Create an iterator over all CA info records
-        *
-        * @param this          calling object
-        * @return                      iterator
-        */
-       iterator_t* (*create_cainfo_iterator) (credential_store_t *this);
-
-       /**
-        * @brief Check if there are any CRLs.
-        *
-        * @param this          calling object
-        * @param out           output stream
-        * @param utc           either utc or local time
-        */
-       void (*list_crls) (credential_store_t *this, FILE *out, bool utc);
-
-       /**
-        * @brief Loads ca certificates from a default directory.
-        *
-        * Certificates in both DER and PEM format are accepted
-        *
-        * @param this          calling object
-        */
-       void (*load_ca_certificates) (credential_store_t *this);
-       
-       /**
-        * @brief Loads ocsp certificates from a default directory.
-        *
-        * Certificates in both DER and PEM format are accepted
-        *
-        * @param this          calling object
-        */
-       void (*load_ocsp_certificates) (credential_store_t *this);
-       
-       /**
-        * @brief Loads CRLs from a default directory.
-        *
-        * Certificates in both DER and PEM format are accepted
-        *
-        * @param this          calling object
-        * @param path          directory to load crls from 
-        */
-       void (*load_crls) (credential_store_t *this);
-       
-       /**
-        * @brief Loads secrets in ipsec.secrets
-        * 
-        * Currently, all RSA private key files must be in unencrypted form
-     * either in DER or PEM format.
-        * 
-        * @param this                  calling object
-        */
-       void (*load_secrets) (credential_store_t *this);
-
-       /**
-        * @brief Destroys a credential_store_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (credential_store_t *this);
-};
-
-/**
- * @brief Creates a credential_store_t instance.
- *
- * @param  strict              enforce a strict crl policy
- * @return                             credential store instance.
- * 
- * @ingroup config
- */
-credential_store_t *credential_store_create(bool strict);
-
-
-#endif /*CREDENTIAL_STORE_H_*/
index 160ac35..88a94d6 100644 (file)
@@ -26,8 +26,8 @@
 typedef struct local_credential_store_t local_credential_store_t;
 
 #include <library.h>
+#include <credential_store.h>
 #include <daemon.h>
-#include <config/credentials/credential_store.h>
 
 
 /**
index 720fbde..b0b191b 100644 (file)
@@ -27,6 +27,8 @@
 
 typedef struct daemon_t daemon_t;
 
+#include <credential_store.h>
+
 #include <threads/sender.h>
 #include <threads/receiver.h>
 #include <threads/scheduler.h>
@@ -44,7 +46,6 @@ typedef struct daemon_t daemon_t;
 #include <config/configuration.h>
 #include <config/connections/connection_store.h>
 #include <config/policies/policy_store.h>
-#include <config/credentials/credential_store.h>
 
 /**
  * @defgroup charon charon