diff options
Diffstat (limited to 'src/pluto/ac.h')
| -rw-r--r-- | src/pluto/ac.h | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/src/pluto/ac.h b/src/pluto/ac.h new file mode 100644 index 000000000..3913d745d --- /dev/null +++ b/src/pluto/ac.h @@ -0,0 +1,103 @@ +/* Support of X.509 attribute certificates + * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler + * Copyright (C) 2003 Martin Berner, Lukas Suter + + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: ac.h,v 1.8 2005/02/17 20:56:04 as Exp $ + */ + +#ifndef _AC_H +#define _AC_H + +/* definition of ietfAttribute kinds */ + +typedef enum { + IETF_ATTRIBUTE_OCTETS = 0, + IETF_ATTRIBUTE_OID = 1, + IETF_ATTRIBUTE_STRING = 2 +} ietfAttribute_t; + +/* access structure for an ietfAttribute */ + +typedef struct ietfAttr ietfAttr_t; + +struct ietfAttr { + time_t installed; + int count; + ietfAttribute_t kind; + chunk_t value; +}; + +typedef struct ietfAttrList ietfAttrList_t; + +struct ietfAttrList { + ietfAttrList_t *next; + ietfAttr_t *attr; +}; + + +/* access structure for an X.509 attribute certificate */ + +typedef struct x509acert x509acert_t; + +struct x509acert { + x509acert_t *next; + time_t installed; + chunk_t certificate; + chunk_t certificateInfo; + u_int version; + /* holder */ + /* baseCertificateID */ + chunk_t holderIssuer; + chunk_t holderSerial; + chunk_t entityName; + /* v2Form */ + chunk_t issuerName; + /* signature */ + int sigAlg; + chunk_t serialNumber; + /* attrCertValidityPeriod */ + time_t notBefore; + time_t notAfter; + /* attributes */ + ietfAttrList_t *charging; + ietfAttrList_t *groups; + /* extensions */ + chunk_t authKeyID; + chunk_t authKeySerialNumber; + bool noRevAvail; + /* signatureAlgorithm */ + int algorithm; + chunk_t signature; +}; + +/* used for initialization */ +extern const x509acert_t empty_ac; + +extern void unshare_ietfAttrList(ietfAttrList_t **listp); +extern void free_ietfAttrList(ietfAttrList_t *list); +extern void decode_groups(char *groups, ietfAttrList_t **listp); +extern bool group_membership(const ietfAttrList_t *my_list + , const char *conn, const ietfAttrList_t *conn_list); +extern bool parse_ac(chunk_t blob, x509acert_t *ac); +extern bool verify_x509acert(x509acert_t *ac, bool strict); +extern x509acert_t* get_x509acert(chunk_t issuer, chunk_t serial); +extern void load_acerts(void); +extern void free_acert(x509acert_t *ac); +extern void free_acerts(void); +extern void list_acerts(bool utc); +extern void list_groups(bool utc); +extern void format_groups(const ietfAttrList_t *list, char *buf, int len); + + +#endif /* _AH_H */ |