diff options
Diffstat (limited to 'src/libstrongswan/credentials/certificates')
| -rw-r--r-- | src/libstrongswan/credentials/certificates/ac.h | 25 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 22 |
2 files changed, 25 insertions, 22 deletions
diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h index 57b44adca..9a3d8f0b9 100644 --- a/src/libstrongswan/credentials/certificates/ac.h +++ b/src/libstrongswan/credentials/certificates/ac.h @@ -24,9 +24,18 @@ #include <library.h> #include <credentials/certificates/certificate.h> -#include <credentials/ietf_attributes/ietf_attributes.h> typedef struct ac_t ac_t; +typedef enum ac_group_type_t ac_group_type_t; + +/** + * Common group types, from IETF Attributes Syntax + */ +enum ac_group_type_t { + AC_GROUP_TYPE_OCTETS, + AC_GROUP_TYPE_STRING, + AC_GROUP_TYPE_OID, +}; /** * X.509 attribute certificate interface. @@ -70,19 +79,11 @@ struct ac_t { chunk_t (*get_authKeyIdentifier)(ac_t *this); /** - * Get the group memberships as a list of IETF attributes - * - * @return object containing a list of IETF attributes - */ - ietf_attributes_t* (*get_groups)(ac_t *this); - - /** - * @brief Checks if two attribute certificates belong to the same holder + * Create an enumerator of contained Group memberships. * - * @param that other attribute certificate - * @return TRUE if same holder + * @return enumerator over (ac_group_type_t, chunk_t) */ - bool (*equals_holder) (ac_t *this, ac_t *other); + enumerator_t* (*create_group_enumerator)(ac_t *this); }; #endif /** AC_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 4e8d4317f..6cbfcdeed 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -39,25 +39,27 @@ typedef enum x509_constraint_t x509_constraint_t; */ enum x509_flag_t { /** cert has no constraints */ - X509_NONE = 0, + X509_NONE = 0, /** cert has CA constraint */ - X509_CA = (1<<0), + X509_CA = (1<<0), /** cert has AA constraint */ - X509_AA = (1<<1), + X509_AA = (1<<1), /** cert has OCSP signer constraint */ - X509_OCSP_SIGNER = (1<<2), + X509_OCSP_SIGNER = (1<<2), /** cert has serverAuth key usage */ - X509_SERVER_AUTH = (1<<3), + X509_SERVER_AUTH = (1<<3), /** cert has clientAuth key usage */ - X509_CLIENT_AUTH = (1<<4), + X509_CLIENT_AUTH = (1<<4), /** cert is self-signed */ - X509_SELF_SIGNED = (1<<5), + X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ - X509_IP_ADDR_BLOCKS = (1<<6), + X509_IP_ADDR_BLOCKS = (1<<6), /** cert has CRL sign key usage */ - X509_CRL_SIGN = (1<<7), + X509_CRL_SIGN = (1<<7), /** cert has iKEIntermediate key usage */ - X509_IKE_INTERMEDIATE = (1<<8), + X509_IKE_INTERMEDIATE = (1<<8), + /** cert has Microsoft Smartcard Logon usage */ + X509_MS_SMARTCARD_LOGON = (1<<9), }; /** |