diff options
Diffstat (limited to 'src/pluto/x509.h')
-rw-r--r-- | src/pluto/x509.h | 117 |
1 files changed, 9 insertions, 108 deletions
diff --git a/src/pluto/x509.h b/src/pluto/x509.h index ab0fbac9e..e904618b3 100644 --- a/src/pluto/x509.h +++ b/src/pluto/x509.h @@ -18,122 +18,23 @@ #ifndef _X509_H #define _X509_H -#include <credentials/keys/public_key.h> +#include <utils/identification.h> +#include <utils/linked_list.h> #include <credentials/keys/private_key.h> +#include <credentials/certificates/x509.h> #include "constants.h" -#include "id.h" +#include "certs.h" -/* Definition of generalNames kinds */ - -typedef enum { - GN_OTHER_NAME = 0, - GN_RFC822_NAME = 1, - GN_DNS_NAME = 2, - GN_X400_ADDRESS = 3, - GN_DIRECTORY_NAME = 4, - GN_EDI_PARTY_NAME = 5, - GN_URI = 6, - GN_IP_ADDRESS = 7, - GN_REGISTERED_ID = 8 -} generalNames_t; - -/* access structure for a GeneralName */ - -typedef struct generalName generalName_t; - -struct generalName { - generalName_t *next; - generalNames_t kind; - chunk_t name; -}; - -/* access structure for an X.509v3 certificate */ - -typedef struct x509cert x509cert_t; - -struct x509cert { - x509cert_t *next; - time_t installed; - int count; - bool smartcard; - u_char authority_flags; - chunk_t certificate; - chunk_t tbsCertificate; - u_int version; - chunk_t serialNumber; - /* signature */ - int sigAlg; - chunk_t issuer; - /* validity */ - time_t notBefore; - time_t notAfter; - chunk_t subject; - public_key_t *public_key; - /* issuerUniqueID */ - /* subjectUniqueID */ - /* v3 extensions */ - /* extension */ - /* extension */ - /* extnID */ - /* critical */ - /* extnValue */ - bool isCA; - bool isOcspSigner; /* ocsp */ - chunk_t subjectKeyID; - chunk_t authKeyID; - chunk_t authKeySerialNumber; - chunk_t accessLocation; /* ocsp */ - generalName_t *subjectAltName; - generalName_t *crlDistributionPoints; - /* signatureAlgorithm */ - int algorithm; - chunk_t signature; -}; - -/* used for initialization */ -extern const x509cert_t empty_x509cert; - -extern bool same_serial(chunk_t a, chunk_t b); extern bool same_keyid(chunk_t a, chunk_t b); -extern bool same_dn(chunk_t a, chunk_t b); -extern bool match_dn(chunk_t a, chunk_t b, int *wildcards); -extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b); -extern void hex_str(chunk_t bin, chunk_t *str); -extern int dn_count_wildcards(chunk_t dn); -extern int dntoa(char *dst, size_t dstlen, chunk_t dn); -extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn, - const char* null_dn); -extern err_t atodn(char *src, chunk_t *dn); -extern void gntoid(struct id *id, const generalName_t *gn); -extern bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID); -extern void select_x509cert_id(x509cert_t *cert, struct id *end_id); -extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert); -extern time_t parse_time(chunk_t blob, int level0); -extern void parse_authorityKeyIdentifier(chunk_t blob, int level0 - , chunk_t *authKeyID, chunk_t *authKeySerialNumber); -extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit); -extern err_t check_validity(const x509cert_t *cert, time_t *until); - extern bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm, - const x509cert_t *issuer_cert); + certificate_t *issuer_cert); extern chunk_t x509_build_signature(chunk_t tbs, int algorithm, private_key_t *key, bool bit_string); - -extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until); -extern x509cert_t* add_x509cert(x509cert_t *cert); -extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid, - x509cert_t* chain); -extern void build_x509cert(x509cert_t *cert, public_key_t *cert_key, - private_key_t *signer_key); -extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames); -extern void share_x509cert(x509cert_t *cert); -extern void release_x509cert(x509cert_t *cert); -extern void free_x509cert(x509cert_t *cert); -extern void store_x509certs(x509cert_t **firstcert, bool strict); -extern void list_x509cert_chain(const char *caption, x509cert_t* cert, - u_char auth_flags, bool utc); +extern bool verify_x509cert(cert_t *cert, bool strict, time_t *until); +extern void store_x509certs(linked_list_t *certs, bool strict); +extern void list_x509cert_chain(const char *caption, cert_t* cert, + x509_flag_t flags, bool utc); extern void list_x509_end_certs(bool utc); -extern void free_generalNames(generalName_t* gn, bool free_name); #endif /* _X509_H */ |