summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/certificates/x509.h
diff options
context:
space:
mode:
authorRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:20:09 +0100
committerRené Mayrhofer <rene@mayrhofer.eu.org>2011-03-05 09:20:09 +0100
commit568905f488e63e28778f87ac0e38d845f45bae79 (patch)
treed9969a147e36413583ff4bc75542d34c955f8823 /src/libstrongswan/credentials/certificates/x509.h
parentf73fba54dc8b30c6482e1e8abf15bbf455592fcd (diff)
downloadvyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.tar.gz
vyos-strongswan-568905f488e63e28778f87ac0e38d845f45bae79.zip
Imported Upstream version 4.5.1
Diffstat (limited to 'src/libstrongswan/credentials/certificates/x509.h')
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h89
1 files changed, 81 insertions, 8 deletions
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 6e0a5002a..fec02dbad 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -24,10 +24,15 @@
#include <utils/enumerator.h>
#include <credentials/certificates/certificate.h>
-#define X509_NO_PATH_LEN_CONSTRAINT -1
+/* constraints are currently restricted to the range 0..127 */
+#define X509_NO_CONSTRAINT 255
typedef struct x509_t x509_t;
+typedef struct x509_cert_policy_t x509_cert_policy_t;
+typedef struct x509_policy_mapping_t x509_policy_mapping_t;
+typedef struct x509_cdp_t x509_cdp_t;
typedef enum x509_flag_t x509_flag_t;
+typedef enum x509_constraint_t x509_constraint_t;
/**
* X.509 certificate flags.
@@ -49,12 +54,55 @@ enum x509_flag_t {
X509_SELF_SIGNED = (1<<5),
/** cert has an ipAddrBlocks extension */
X509_IP_ADDR_BLOCKS = (1<<6),
+ /** cert has CRL sign key usage */
+ X509_CRL_SIGN = (1<<7),
};
/**
- * enum names for x509 flags
+ * Different numerical X.509 constraints.
*/
-extern enum_name_t *x509_flag_names;
+enum x509_constraint_t {
+ /** pathLenConstraint basicConstraints */
+ X509_PATH_LEN,
+ /** inhibitPolicyMapping policyConstraint */
+ X509_INHIBIT_POLICY_MAPPING,
+ /** requireExplicitPolicy policyConstraint */
+ X509_REQUIRE_EXPLICIT_POLICY,
+ /** inhibitAnyPolicy constraint */
+ X509_INHIBIT_ANY_POLICY,
+};
+
+/**
+ * X.509 certPolicy extension.
+ */
+struct x509_cert_policy_t {
+ /** OID of certPolicy */
+ chunk_t oid;
+ /** Certification Practice Statement URI qualifier */
+ char *cps_uri;
+ /** UserNotice Text qualifier */
+ char *unotice_text;
+};
+
+/**
+ * X.509 policyMapping extension
+ */
+struct x509_policy_mapping_t {
+ /** OID of issuerDomainPolicy */
+ chunk_t issuer;
+ /** OID of subjectDomainPolicy */
+ chunk_t subject;
+};
+
+/**
+ * X.509 CRL distributionPoint
+ */
+struct x509_cdp_t {
+ /** CDP URI, as string */
+ char *uri;
+ /** CRL issuer */
+ identification_t *issuer;
+};
/**
* X.509 certificate interface.
@@ -98,11 +146,12 @@ struct x509_t {
chunk_t (*get_authKeyIdentifier)(x509_t *this);
/**
- * Get an optional path length constraint.
+ * Get a numerical X.509 constraint.
*
- * @return pathLenConstraint, -1 if no constraint exists
+ * @param type type of constraint to get
+ * @return constraint, X509_NO_CONSTRAINT if none found
*/
- int (*get_pathLenConstraint)(x509_t *this);
+ u_int (*get_constraint)(x509_t *this, x509_constraint_t type);
/**
* Create an enumerator over all subjectAltNames.
@@ -112,9 +161,9 @@ struct x509_t {
enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
/**
- * Create an enumerator over all CRL URIs.
+ * Create an enumerator over all CRL URIs and CRL Issuers.
*
- * @return enumerator over URIs as char*
+ * @return enumerator over x509_cdp_t
*/
enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
@@ -131,6 +180,30 @@ struct x509_t {
* @return enumerator over ipAddrBlocks as traffic_selector_t*
*/
enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
+
+ /**
+ * Create an enumerator over name constraints.
+ *
+ * @param perm TRUE for permitted, FALSE for excluded subtrees
+ * @return enumerator over subtrees as identification_t
+ */
+ enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
+
+ /**
+ * Create an enumerator over certificate policies.
+ *
+ * @return enumerator over x509_cert_policy_t
+ */
+ enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
+
+ /**
+ * Create an enumerator over policy mappings.
+ *
+ * @return enumerator over x509_policy_mapping
+ */
+ enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
+
+
};
#endif /** X509_H_ @}*/