diff options
Diffstat (limited to 'src/charon/encoding/payloads/cert_payload.h')
-rw-r--r-- | src/charon/encoding/payloads/cert_payload.h | 144 |
1 files changed, 59 insertions, 85 deletions
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h index bcb961398..aa16104a8 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/charon/encoding/payloads/cert_payload.h @@ -1,12 +1,6 @@ -/** - * @file cert_payload.h - * - * @brief Interface of cert_payload_t. - * - */ - /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -19,69 +13,58 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $ + */ + +/** + * @defgroup cert_payload cert_payload + * @{ @ingroup payloads */ #ifndef CERT_PAYLOAD_H_ #define CERT_PAYLOAD_H_ -typedef enum cert_encoding_t cert_encoding_t; typedef struct cert_payload_t cert_payload_t; +typedef enum cert_encoding_t cert_encoding_t; #include <library.h> -#include <crypto/x509.h> +#include <credentials/certificates/certificate.h> #include <encoding/payloads/payload.h> /** * Length of a cert payload without the cert data in bytes. - * - * @ingroup payloads */ #define CERT_PAYLOAD_HEADER_LENGTH 5 /** - * @brief Certificate encoding, as described in IKEv2 RFC section 3.6 - * - * @ingroup payloads + * Certifcate encodings, as in RFC4306 */ enum cert_encoding_t { - CERT_NONE = 0, - CERT_PKCS7_WRAPPED_X509 = 1, - CERT_PGP = 2, - CERT_DNS_SIGNED_KEY = 3, - CERT_X509_SIGNATURE = 4, - CERT_KERBEROS_TOKEN = 6, - CERT_CRL = 7, - CERT_ARL = 8, - CERT_SPKI = 9, - CERT_X509_ATTRIBUTE = 10, - CERT_RAW_RSA_KEY = 11, - CERT_X509_HASH_AND_URL = 12, - CERT_X509_HASH_AND_URL_BUNDLE = 13, - CERT_OCSP_CONTENT = 14, /* from RFC 4806 */ - CERT_ROOF = 15 + ENC_PKCS7_WRAPPED_X509 = 1, + ENC_PGP = 2, + ENC_DNS_SIGNED_KEY = 3, + ENC_X509_SIGNATURE = 4, + ENC_KERBEROS_TOKEN = 6, + ENC_CRL = 7, + ENC_ARL = 8, + ENC_SPKI = 9, + ENC_X509_ATTRIBUTE = 10, + ENC_RAW_RSA_KEY = 11, + ENC_X509_HASH_AND_URL = 12, + ENC_X509_HASH_AND_URL_BUNDLE = 13, + ENC_OCSP_CONTENT = 14, /* from RFC 4806 */ }; /** - * string mappings for cert_encoding_t. - * - * @ingroup payloads + * Enum names for cert_encoding_t */ extern enum_name_t *cert_encoding_names; /** - * @brief Class representing an IKEv2 CERT payload. + * Class representing an IKEv2 CERT payload. * * The CERT payload format is described in RFC section 3.6. - * This is just a dummy implementation to fullfill the standards - * requirements. A full implementation would offer setters/getters - * for the different encoding types. - * - * @b Constructors: - * - cert_payload_create() - * - * @todo Implement setters/getters for the different certificate encodings. - * - * @ingroup payloads */ struct cert_payload_t { @@ -89,78 +72,69 @@ struct cert_payload_t { * The payload_t interface. */ payload_t payload_interface; - - /** - * @brief Set the CERT encoding. - * - * @param this calling cert_payload_t object - * @param encoding CERT encoding - */ - void (*set_cert_encoding) (cert_payload_t *this, cert_encoding_t encoding); /** - * @brief Get the CERT encoding. + * Get the playoads encoded certifcate. * - * @param this calling cert_payload_t object - * @return Encoding of the CERT + * @return certifcate copy */ - cert_encoding_t (*get_cert_encoding) (cert_payload_t *this); + certificate_t *(*get_cert)(cert_payload_t *this); /** - * @brief Set the CERT data. + * Get the encoding of the certificate. * - * Data are getting cloned. - * - * @param this calling cert_payload_t object - * @param data CERT data as chunk_t + * @return encoding */ - void (*set_data) (cert_payload_t *this, chunk_t data); + cert_encoding_t (*get_cert_encoding)(cert_payload_t *this); /** - * @brief Get the CERT data. + * Get the hash if this is a hash and URL encoded certificate. * - * Returned data are a copy of the internal one. - * - * @param this calling cert_payload_t object - * @return CERT data as chunk_t + * This function returns internal data, do not free. + * + * @return hash */ - chunk_t (*get_data_clone) (cert_payload_t *this); + chunk_t (*get_hash)(cert_payload_t *this); /** - * @brief Get the CERT data. + * Get the URL if this is a hash and URL encoded certificate. * - * Returned data are NOT copied. - * - * @param this calling cert_payload_t object - * @return CERT data as chunk_t + * This function returns internal data, do not free. + * + * @return url */ - chunk_t (*get_data) (cert_payload_t *this); + char *(*get_url)(cert_payload_t *this); + /** - * @brief Destroys an cert_payload_t object. - * - * @param this cert_payload_t object to destroy + * Destroys the cert_payload object. */ void (*destroy) (cert_payload_t *this); }; /** - * @brief Creates an empty cert_payload_t object. + * Creates an empty certificate payload. * + * @param cert certificate to embed * @return cert_payload_t object - * - * @ingroup payloads */ cert_payload_t *cert_payload_create(void); /** - * @brief Creates a cert_payload_t object with an X.509 certificate. + * Creates a certificate payload with an embedded certificate. * - * @param cert X.509 certificate + * @param cert certificate to embed * @return cert_payload_t object + */ +cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); + +/** + * Creates a certificate payload with hash and URL encoding of a certificate. * - * @ingroup payloads + * @param hash hash of the DER encoded certificate (get's cloned) + * @param url the URL to locate the certificate (get's cloned) + * @return cert_payload_t object */ -cert_payload_t *cert_payload_create_from_x509(x509_t *cert); +cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); -#endif /* CERT_PAYLOAD_H_ */ +#endif /* CERT_PAYLOAD_H_ @} */ |