diff options
Diffstat (limited to 'src/libstrongswan/utils/identification.h')
| -rw-r--r-- | src/libstrongswan/utils/identification.h | 96 |
1 files changed, 49 insertions, 47 deletions
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index dc0aec18e..fe5c7d0fd 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup identification identification * @{ @ingroup utils @@ -29,9 +29,10 @@ typedef struct identification_t identification_t; typedef enum id_match_t id_match_t; typedef enum id_part_t id_part_t; -#include <library.h> +#include <chunk.h> +#include <utils/enumerator.h> -/** +/** * Matches returned from identification_t.match */ enum id_match_t { @@ -79,8 +80,8 @@ enum id_type_t { * An example of an ID_RFC822_ADDR is "jsmith@example.com". * The string MUST NOT contain any terminators. */ - ID_USER_FQDN = 3, /* IKEv1 only */ - ID_RFC822_ADDR = 3, /* IKEv2 only */ + ID_USER_FQDN = 3, /* IKEv1 only */ + ID_RFC822_ADDR = 3, /* IKEv2 only */ /** * ID data is an IPv4 subnet (IKEv1 only) @@ -128,31 +129,16 @@ enum id_type_t { * private type which represents a GeneralName of type URI */ ID_DER_ASN1_GN_URI = 201, - - /** - * SHA1 hash over PKCS#1 subjectPublicKeyInfo - */ - ID_PUBKEY_INFO_SHA1 = 202, - - /** - * SHA1 hash over PKCS#1 subjectPublicKey - */ - ID_PUBKEY_SHA1 = 203, - - /** - * SHA1 hash of the binary DER encoding of a certificate - */ - ID_CERT_DER_SHA1 = 204, /** * IETF Attribute Syntax String (RFC 3281) */ - ID_IETF_ATTR_STRING = 205, + ID_IETF_ATTR_STRING = 202, /** * Private ID used by the pluto daemon for opportunistic encryption */ - ID_MYID = 206, + ID_MYID = 203, }; /** @@ -168,14 +154,14 @@ enum id_part_t { ID_PART_USERNAME, /** Domain part of an RFC822_ADDR */ ID_PART_DOMAIN, - + /** Top-Level domain of a FQDN */ ID_PART_TLD, /** Second-Level domain of a FQDN */ ID_PART_SLD, /** Another Level domain of a FQDN */ ID_PART_ALD, - + /** Country RDN of a DN */ ID_PART_RDN_C, /** CommonName RDN of a DN */ @@ -212,40 +198,40 @@ enum id_part_t { /** * Generic identification, such as used in ID payload. - * + * * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice. */ struct identification_t { - + /** * Get the encoding of this id, to send over * the network. - * + * * Result points to internal data, do not free. - * + * * @return a chunk containing the encoded bytes */ chunk_t (*get_encoding) (identification_t *this); - + /** * Get the type of this identification. - * + * * @return id_type_t */ id_type_t (*get_type) (identification_t *this); - + /** * Check if two identification_t objects are equal. - * + * * @param other other identification_t object * @return TRUE if the IDs are equal */ bool (*equals) (identification_t *this, identification_t *other); - + /** * Check if an ID matches a wildcard ID. - * + * * An identification_t may contain wildcards, such as * *.strongswan.org. This call checks if a given ID * (e.g. tester.strongswan.org) belongs to a such wildcard @@ -256,24 +242,24 @@ struct identification_t { * * The larger the return value is, the better is the match. Zero means * no match at all, 1 means a bad match, and 2 a slightly better match. - * + * * @param other the ID containing one or more wildcards * @param wildcards returns the number of wildcards, may be NULL * @return match value as described above */ id_match_t (*matches) (identification_t *this, identification_t *other); - + /** * Check if an ID is a wildcard ID. * * If the ID represents multiple IDs (with wildcards, or * as the type ID_ANY), TRUE is returned. If it is unique, * FALSE is returned. - * + * * @return TRUE if ID contains wildcards */ bool (*contains_wildcards) (identification_t *this); - + /** * Create an enumerator over subparts of an identity. * @@ -286,10 +272,10 @@ struct identification_t { * @return an enumerator over (id_part_t type, chunk_t data) */ enumerator_t* (*create_part_enumerator)(identification_t *this); - + /** * Clone a identification_t instance. - * + * * @return clone of this */ identification_t *(*clone) (identification_t *this); @@ -314,23 +300,31 @@ struct identification_t { * pluto resolves domainnames without an @ to IPv4 addresses. Since * we use a seperate host_t class for addresses, this doesn't * make sense for us. - * + * * A distinguished name may contain one or more of the following RDNs: * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D, - * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, + * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, * unstructuredName, TCGID. - * + * * This constructor never returns NULL. If it does not find a suitable * conversion function, it will copy the string to an ID_KEY_ID. - * + * * @param string input string, which will be converted * @return identification_t */ identification_t * identification_create_from_string(char *string); /** + * Creates an identification from a chunk of data, guessing its type. + * + * @param data identification data + * @return identification_t + */ +identification_t * identification_create_from_data(chunk_t data); + +/** * Creates an identification_t object from an encoded chunk. - * + * * @param type type of this id, such as ID_IPV4_ADDR * @param encoded encoded bytes, such as from identification_t.get_encoding * @return identification_t @@ -338,10 +332,18 @@ identification_t * identification_create_from_string(char *string); identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded); /** + * Creates an identification_t object from a sockaddr struct + * + * @param sockaddr sockaddr struct which contains family and address + * @return identification_t + */ +identification_t * identification_create_from_sockaddr(sockaddr_t *sockaddr); + +/** * printf hook function for identification_t. * - * Arguments are: - * identification_t *identification + * Arguments are: + * identification_t *identification */ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); |