diff options
Diffstat (limited to 'src/libstrongswan/credentials/certificates/x509.h')
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 6e0a5002a..3ab26c8c5 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,10 +24,22 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> +<<<<<<< HEAD #define X509_NO_PATH_LEN_CONSTRAINT -1 typedef struct x509_t x509_t; typedef enum x509_flag_t x509_flag_t; +======= +/* constraints are currently restricted to the range 0..127 */ +#define X509_NO_CONSTRAINT 255 + +typedef struct x509_t x509_t; +typedef struct x509_cert_policy_t x509_cert_policy_t; +typedef struct x509_policy_mapping_t x509_policy_mapping_t; +typedef struct x509_cdp_t x509_cdp_t; +typedef enum x509_flag_t x509_flag_t; +typedef enum x509_constraint_t x509_constraint_t; +>>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -49,12 +61,64 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), +<<<<<<< HEAD }; /** * enum names for x509 flags */ extern enum_name_t *x509_flag_names; +======= + /** cert has CRL sign key usage */ + X509_CRL_SIGN = (1<<7), +}; + +/** + * Different numerical X.509 constraints. + */ +enum x509_constraint_t { + /** pathLenConstraint basicConstraints */ + X509_PATH_LEN, + /** inhibitPolicyMapping policyConstraint */ + X509_INHIBIT_POLICY_MAPPING, + /** requireExplicitPolicy policyConstraint */ + X509_REQUIRE_EXPLICIT_POLICY, + /** inhibitAnyPolicy constraint */ + X509_INHIBIT_ANY_POLICY, +}; + +/** + * X.509 certPolicy extension. + */ +struct x509_cert_policy_t { + /** OID of certPolicy */ + chunk_t oid; + /** Certification Practice Statement URI qualifier */ + char *cps_uri; + /** UserNotice Text qualifier */ + char *unotice_text; +}; + +/** + * X.509 policyMapping extension + */ +struct x509_policy_mapping_t { + /** OID of issuerDomainPolicy */ + chunk_t issuer; + /** OID of subjectDomainPolicy */ + chunk_t subject; +}; + +/** + * X.509 CRL distributionPoint + */ +struct x509_cdp_t { + /** CDP URI, as string */ + char *uri; + /** CRL issuer */ + identification_t *issuer; +}; +>>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -98,11 +162,20 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** +<<<<<<< HEAD * Get an optional path length constraint. * * @return pathLenConstraint, -1 if no constraint exists */ int (*get_pathLenConstraint)(x509_t *this); +======= + * Get a numerical X.509 constraint. + * + * @param type type of constraint to get + * @return constraint, X509_NO_CONSTRAINT if none found + */ + u_int (*get_constraint)(x509_t *this, x509_constraint_t type); +>>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -112,9 +185,15 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** +<<<<<<< HEAD * Create an enumerator over all CRL URIs. * * @return enumerator over URIs as char* +======= + * Create an enumerator over all CRL URIs and CRL Issuers. + * + * @return enumerator over x509_cdp_t +>>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -131,6 +210,33 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); +<<<<<<< HEAD +======= + + /** + * Create an enumerator over name constraints. + * + * @param perm TRUE for permitted, FALSE for excluded subtrees + * @return enumerator over subtrees as identification_t + */ + enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm); + + /** + * Create an enumerator over certificate policies. + * + * @return enumerator over x509_cert_policy_t + */ + enumerator_t* (*create_cert_policy_enumerator)(x509_t *this); + + /** + * Create an enumerator over policy mappings. + * + * @return enumerator over x509_policy_mapping + */ + enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); + + +>>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ |