summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/builder.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/builder.h')
-rw-r--r--src/libstrongswan/credentials/builder.h105
1 files changed, 51 insertions, 54 deletions
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 01ccf2a5c..62a6ffaaf 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -21,16 +21,21 @@
#ifndef BUILDER_H_
#define BUILDER_H_
-typedef struct builder_t builder_t;
+#include <stdarg.h>
+
typedef enum builder_part_t builder_part_t;
/**
- * Constructor function which creates a new builder instance.
+ * Constructor function to build credentials.
+ *
+ * Any added parts are cloned/refcounted by the builder implementation, a
+ * caller may need to free the passed ressources themself.
*
- * @param subtype constructor specific subtype, e.g. certificate_type_t
- * @return builder to construct a instance of type
+ * @param subtype constructor specific subtype, e.g. a certificate_type_t
+ * @param args list of builder part types, followed by parts, BUILD_END
+ * @return builder specific credential, NULL on error
*/
-typedef builder_t* (*builder_constructor_t)(int subtype);
+typedef void* (*builder_function_t)(int subtype, va_list args);
#include <library.h>
@@ -38,18 +43,26 @@ typedef builder_t* (*builder_constructor_t)(int subtype);
* Parts to build credentials from.
*/
enum builder_part_t {
- /** path to a file containing an ASN.1 blob, char* */
+ /** path to a file encoded in any format, char* */
BUILD_FROM_FILE,
+ /** file descriptor to read data, encoded in any format, int */
+ BUILD_FROM_FD,
/** unix socket of a ssh/pgp agent, char* */
BUILD_AGENT_SOCKET,
/** DER encoded ASN.1 blob, chunk_t */
BUILD_BLOB_ASN1_DER,
- /** PEM encoded ASN.1 blob, null terminated char* */
- BUILD_BLOB_ASN1_PEM,
+ /** PEM encoded ASN.1/PGP blob, chunk_t */
+ BUILD_BLOB_PEM,
/** OpenPGP key blob, chunk_t */
BUILD_BLOB_PGP,
- /** RFC 3110 DNS public key blob, chunk_t */
- BUILD_BLOB_RFC_3110,
+ /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
+ BUILD_BLOB_DNSKEY,
+ /** passphrase for e.g. PEM decryption, chunk_t */
+ BUILD_PASSPHRASE,
+ /** passphrase callback, chunk_t(*fn)(void *user, int try), void *user.
+ * The callback is invoked until the returned passphrase is accepted, or
+ * a zero-length passphrase is returned. Try starts at 1. */
+ BUILD_PASSPHRASE_CALLBACK,
/** key size in bits, as used for key generation, u_int */
BUILD_KEY_SIZE,
/** private key to use for signing, private_key_t* */
@@ -60,30 +73,54 @@ enum builder_part_t {
BUILD_PUBLIC_KEY,
/** subject for e.g. certificates, identification_t* */
BUILD_SUBJECT,
- /** additional subject name, identification_t* */
- BUILD_SUBJECT_ALTNAME,
+ /** additional subject names, linked_list_t* containing identification_t* */
+ BUILD_SUBJECT_ALTNAMES,
/** issuer for e.g. certificates, identification_t* */
BUILD_ISSUER,
- /** additional issuer name, identification_t* */
- BUILD_ISSUER_ALTNAME,
+ /** additional issuer names, linked_list_t* containing identification_t* */
+ BUILD_ISSUER_ALTNAMES,
/** notBefore, time_t* */
BUILD_NOT_BEFORE_TIME,
/** notAfter, time_t* */
BUILD_NOT_AFTER_TIME,
/** a serial number in binary form, chunk_t */
BUILD_SERIAL,
+ /** digest algorithm to be used for signature, int */
+ BUILD_DIGEST_ALG,
/** a comma-separated list of ietf group attributes, char* */
BUILD_IETF_GROUP_ATTR,
/** a ca certificate, certificate_t* */
BUILD_CA_CERT,
/** a certificate, certificate_t* */
BUILD_CERT,
+ /** CRL distribution point URIs, linked_list_t* containing char* */
+ BUILD_CRL_DISTRIBUTION_POINTS,
+ /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */
+ BUILD_OCSP_ACCESS_LOCATIONS,
+ /** certificate path length constraint */
+ BUILD_PATHLEN,
/** enforce an additional X509 flag, x509_flag_t */
BUILD_X509_FLAG,
/** key ID of a key on a smartcard, null terminated char* ([slot:]keyid) */
BUILD_SMARTCARD_KEYID,
/** pin to access a key on a smartcard, null terminated char* */
BUILD_SMARTCARD_PIN,
+ /** modulus (n) of a RSA key, chunk_t */
+ BUILD_RSA_MODULUS,
+ /** public exponent (e) of a RSA key, chunk_t */
+ BUILD_RSA_PUB_EXP,
+ /** private exponent (d) of a RSA key, chunk_t */
+ BUILD_RSA_PRIV_EXP,
+ /** prime 1 (p) of a RSA key (p < q), chunk_t */
+ BUILD_RSA_PRIME1,
+ /** prime 2 (q) of a RSA key (p < q), chunk_t */
+ BUILD_RSA_PRIME2,
+ /** exponent 1 (exp1) of a RSA key, chunk_t */
+ BUILD_RSA_EXP1,
+ /** exponent 2 (exp1) of a RSA key, chunk_t */
+ BUILD_RSA_EXP2,
+ /** coefficient (coeff) of a RSA key, chunk_t */
+ BUILD_RSA_COEFF,
/** end of variable argument builder list */
BUILD_END,
};
@@ -93,44 +130,4 @@ enum builder_part_t {
*/
extern enum_name_t *builder_part_names;
-/**
- * Credential construction API.
- *
- * The builder allows the construction of credentials in a generic and
- * flexible way.
- */
-struct builder_t {
-
- /**
- * Add a part to the construct.
- *
- * Any added parts are cloned/refcounted by the builder implementation, a
- * caller may need to free the passed ressources themself.
- *
- * @param part kind of part
- * @param ... part specific variable argument
- */
- void (*add)(builder_t *this, builder_part_t part, ...);
-
- /**
- * Build the construct with all supplied parts.
- *
- * Once build() is called, the builder gets destroyed.
- *
- * @return specific interface, as requested with constructor.
- */
- void* (*build)(builder_t *this);
-};
-
-/**
- * Helper macro to cancel a build in a builder
- */
-#define builder_cancel(builder) { (builder)->add = (void*)nop; \
- (builder)->build = (void*)builder_free; }
-
-/**
- * Helper function for a cancelled build.
- */
-void* builder_free(builder_t *this);
-
#endif /** BUILDER_H_ @}*/