summaryrefslogtreecommitdiff
path: root/src/libstrongswan/utils/identification.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/utils/identification.h')
-rw-r--r--src/libstrongswan/utils/identification.h89
1 files changed, 76 insertions, 13 deletions
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 2284b7b46..dc0aec18e 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: identification.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -29,6 +27,7 @@
typedef enum id_type_t id_type_t;
typedef struct identification_t identification_t;
typedef enum id_match_t id_match_t;
+typedef enum id_part_t id_part_t;
#include <library.h>
@@ -80,7 +79,8 @@ enum id_type_t {
* An example of an ID_RFC822_ADDR is "jsmith@example.com".
* The string MUST NOT contain any terminators.
*/
- ID_RFC822_ADDR = 3,
+ ID_USER_FQDN = 3, /* IKEv1 only */
+ ID_RFC822_ADDR = 3, /* IKEv2 only */
/**
* ID data is an IPv4 subnet (IKEv1 only)
@@ -143,16 +143,16 @@ enum id_type_t {
* SHA1 hash of the binary DER encoding of a certificate
*/
ID_CERT_DER_SHA1 = 204,
-
+
/**
- * Generic EAP identity
+ * IETF Attribute Syntax String (RFC 3281)
*/
- ID_EAP = 205,
+ ID_IETF_ATTR_STRING = 205,
/**
- * IETF Attribute Syntax String (RFC 3281)
+ * Private ID used by the pluto daemon for opportunistic encryption
*/
- ID_IETF_ATTR_STRING = 206,
+ ID_MYID = 206,
};
/**
@@ -161,6 +161,56 @@ enum id_type_t {
extern enum_name_t *id_type_names;
/**
+ * Type of an ID sub part.
+ */
+enum id_part_t {
+ /** Username part of an RFC822_ADDR */
+ ID_PART_USERNAME,
+ /** Domain part of an RFC822_ADDR */
+ ID_PART_DOMAIN,
+
+ /** Top-Level domain of a FQDN */
+ ID_PART_TLD,
+ /** Second-Level domain of a FQDN */
+ ID_PART_SLD,
+ /** Another Level domain of a FQDN */
+ ID_PART_ALD,
+
+ /** Country RDN of a DN */
+ ID_PART_RDN_C,
+ /** CommonName RDN of a DN */
+ ID_PART_RDN_CN,
+ /** Description RDN of a DN */
+ ID_PART_RDN_D,
+ /** Email RDN of a DN */
+ ID_PART_RDN_E,
+ /** EmployeeNumber RDN of a DN */
+ ID_PART_RDN_EN,
+ /** GivenName RDN of a DN */
+ ID_PART_RDN_G,
+ /** Initials RDN of a DN */
+ ID_PART_RDN_I,
+ /** UniqueIdentifier RDN of a DN */
+ ID_PART_RDN_ID,
+ /** Locality RDN of a DN */
+ ID_PART_RDN_L,
+ /** Name RDN of a DN */
+ ID_PART_RDN_N,
+ /** Organization RDN of a DN */
+ ID_PART_RDN_O,
+ /** OrganizationUnit RDN of a DN */
+ ID_PART_RDN_OU,
+ /** Surname RDN of a DN */
+ ID_PART_RDN_S,
+ /** SerialNumber RDN of a DN */
+ ID_PART_RDN_SN,
+ /** StateOrProvince RDN of a DN */
+ ID_PART_RDN_ST,
+ /** Title RDN of a DN */
+ ID_PART_RDN_T,
+};
+
+/**
* Generic identification, such as used in ID payload.
*
* @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
@@ -225,6 +275,19 @@ struct identification_t {
bool (*contains_wildcards) (identification_t *this);
/**
+ * Create an enumerator over subparts of an identity.
+ *
+ * Some identities are built from several parts, e.g. an E-Mail consists
+ * of a username and a domain part, or a DistinguishedName contains several
+ * RDNs.
+ * For identity without subtypes (support), an empty enumerator is
+ * returned.
+ *
+ * @return an enumerator over (id_part_t type, chunk_t data)
+ */
+ enumerator_t* (*create_part_enumerator)(identification_t *this);
+
+ /**
* Clone a identification_t instance.
*
* @return clone of this
@@ -257,16 +320,16 @@ struct identification_t {
* N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
* unstructuredName, TCGID.
*
+ * This constructor never returns NULL. If it does not find a suitable
+ * conversion function, it will copy the string to an ID_KEY_ID.
+ *
* @param string input string, which will be converted
- * @return created identification_t, NULL if not supported.
+ * @return identification_t
*/
identification_t * identification_create_from_string(char *string);
/**
* Creates an identification_t object from an encoded chunk.
- *
- * In contrast to identification_create_from_string(), this constructor never
- * returns NULL, even when the conversion to a string representation fails.
*
* @param type type of this id, such as ID_IPV4_ADDR
* @param encoded encoded bytes, such as from identification_t.get_encoding