summaryrefslogtreecommitdiff
path: root/src/charon/encoding/payloads/cert_payload.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/encoding/payloads/cert_payload.h')
-rw-r--r--src/charon/encoding/payloads/cert_payload.h144
1 files changed, 59 insertions, 85 deletions
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h
index bcb961398..aa16104a8 100644
--- a/src/charon/encoding/payloads/cert_payload.h
+++ b/src/charon/encoding/payloads/cert_payload.h
@@ -1,12 +1,6 @@
-/**
- * @file cert_payload.h
- *
- * @brief Interface of cert_payload_t.
- *
- */
-
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -19,69 +13,58 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $
+ */
+
+/**
+ * @defgroup cert_payload cert_payload
+ * @{ @ingroup payloads
*/
#ifndef CERT_PAYLOAD_H_
#define CERT_PAYLOAD_H_
-typedef enum cert_encoding_t cert_encoding_t;
typedef struct cert_payload_t cert_payload_t;
+typedef enum cert_encoding_t cert_encoding_t;
#include <library.h>
-#include <crypto/x509.h>
+#include <credentials/certificates/certificate.h>
#include <encoding/payloads/payload.h>
/**
* Length of a cert payload without the cert data in bytes.
- *
- * @ingroup payloads
*/
#define CERT_PAYLOAD_HEADER_LENGTH 5
/**
- * @brief Certificate encoding, as described in IKEv2 RFC section 3.6
- *
- * @ingroup payloads
+ * Certifcate encodings, as in RFC4306
*/
enum cert_encoding_t {
- CERT_NONE = 0,
- CERT_PKCS7_WRAPPED_X509 = 1,
- CERT_PGP = 2,
- CERT_DNS_SIGNED_KEY = 3,
- CERT_X509_SIGNATURE = 4,
- CERT_KERBEROS_TOKEN = 6,
- CERT_CRL = 7,
- CERT_ARL = 8,
- CERT_SPKI = 9,
- CERT_X509_ATTRIBUTE = 10,
- CERT_RAW_RSA_KEY = 11,
- CERT_X509_HASH_AND_URL = 12,
- CERT_X509_HASH_AND_URL_BUNDLE = 13,
- CERT_OCSP_CONTENT = 14, /* from RFC 4806 */
- CERT_ROOF = 15
+ ENC_PKCS7_WRAPPED_X509 = 1,
+ ENC_PGP = 2,
+ ENC_DNS_SIGNED_KEY = 3,
+ ENC_X509_SIGNATURE = 4,
+ ENC_KERBEROS_TOKEN = 6,
+ ENC_CRL = 7,
+ ENC_ARL = 8,
+ ENC_SPKI = 9,
+ ENC_X509_ATTRIBUTE = 10,
+ ENC_RAW_RSA_KEY = 11,
+ ENC_X509_HASH_AND_URL = 12,
+ ENC_X509_HASH_AND_URL_BUNDLE = 13,
+ ENC_OCSP_CONTENT = 14, /* from RFC 4806 */
};
/**
- * string mappings for cert_encoding_t.
- *
- * @ingroup payloads
+ * Enum names for cert_encoding_t
*/
extern enum_name_t *cert_encoding_names;
/**
- * @brief Class representing an IKEv2 CERT payload.
+ * Class representing an IKEv2 CERT payload.
*
* The CERT payload format is described in RFC section 3.6.
- * This is just a dummy implementation to fullfill the standards
- * requirements. A full implementation would offer setters/getters
- * for the different encoding types.
- *
- * @b Constructors:
- * - cert_payload_create()
- *
- * @todo Implement setters/getters for the different certificate encodings.
- *
- * @ingroup payloads
*/
struct cert_payload_t {
@@ -89,78 +72,69 @@ struct cert_payload_t {
* The payload_t interface.
*/
payload_t payload_interface;
-
- /**
- * @brief Set the CERT encoding.
- *
- * @param this calling cert_payload_t object
- * @param encoding CERT encoding
- */
- void (*set_cert_encoding) (cert_payload_t *this, cert_encoding_t encoding);
/**
- * @brief Get the CERT encoding.
+ * Get the playoads encoded certifcate.
*
- * @param this calling cert_payload_t object
- * @return Encoding of the CERT
+ * @return certifcate copy
*/
- cert_encoding_t (*get_cert_encoding) (cert_payload_t *this);
+ certificate_t *(*get_cert)(cert_payload_t *this);
/**
- * @brief Set the CERT data.
+ * Get the encoding of the certificate.
*
- * Data are getting cloned.
- *
- * @param this calling cert_payload_t object
- * @param data CERT data as chunk_t
+ * @return encoding
*/
- void (*set_data) (cert_payload_t *this, chunk_t data);
+ cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
/**
- * @brief Get the CERT data.
+ * Get the hash if this is a hash and URL encoded certificate.
*
- * Returned data are a copy of the internal one.
- *
- * @param this calling cert_payload_t object
- * @return CERT data as chunk_t
+ * This function returns internal data, do not free.
+ *
+ * @return hash
*/
- chunk_t (*get_data_clone) (cert_payload_t *this);
+ chunk_t (*get_hash)(cert_payload_t *this);
/**
- * @brief Get the CERT data.
+ * Get the URL if this is a hash and URL encoded certificate.
*
- * Returned data are NOT copied.
- *
- * @param this calling cert_payload_t object
- * @return CERT data as chunk_t
+ * This function returns internal data, do not free.
+ *
+ * @return url
*/
- chunk_t (*get_data) (cert_payload_t *this);
+ char *(*get_url)(cert_payload_t *this);
+
/**
- * @brief Destroys an cert_payload_t object.
- *
- * @param this cert_payload_t object to destroy
+ * Destroys the cert_payload object.
*/
void (*destroy) (cert_payload_t *this);
};
/**
- * @brief Creates an empty cert_payload_t object.
+ * Creates an empty certificate payload.
*
+ * @param cert certificate to embed
* @return cert_payload_t object
- *
- * @ingroup payloads
*/
cert_payload_t *cert_payload_create(void);
/**
- * @brief Creates a cert_payload_t object with an X.509 certificate.
+ * Creates a certificate payload with an embedded certificate.
*
- * @param cert X.509 certificate
+ * @param cert certificate to embed
* @return cert_payload_t object
+ */
+cert_payload_t *cert_payload_create_from_cert(certificate_t *cert);
+
+/**
+ * Creates a certificate payload with hash and URL encoding of a certificate.
*
- * @ingroup payloads
+ * @param hash hash of the DER encoded certificate (get's cloned)
+ * @param url the URL to locate the certificate (get's cloned)
+ * @return cert_payload_t object
*/
-cert_payload_t *cert_payload_create_from_x509(x509_t *cert);
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
-#endif /* CERT_PAYLOAD_H_ */
+#endif /* CERT_PAYLOAD_H_ @} */