summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/certificates/crl.h
blob: 11ad7f2f386729550bafbd3bd6a958b5f648928e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/*
 * Copyright (C) 2008 Martin Willi
 * Copyright (C) 2006 Andreas Steffen
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup crl crl
 * @{ @ingroup certificates
 */

#ifndef CRL_H_
#define CRL_H_

typedef struct crl_t crl_t;
typedef enum crl_reason_t crl_reason_t;

#include <library.h>
#include <credentials/certificates/certificate.h>

/**
 * RFC 2459 CRL reason codes
 */
enum crl_reason_t {
	CRL_REASON_UNSPECIFIED			= 0,
	CRL_REASON_KEY_COMPROMISE		 = 1,
	CRL_REASON_CA_COMPROMISE		  = 2,
	CRL_REASON_AFFILIATION_CHANGED	= 3,
	CRL_REASON_SUPERSEDED			 = 4,
	CRL_REASON_CESSATION_OF_OPERATON  = 5,
	CRL_REASON_CERTIFICATE_HOLD	   = 6,
	CRL_REASON_REMOVE_FROM_CRL		= 8,
};

/**
 * enum names for crl_reason_t
 */
extern enum_name_t *crl_reason_names;

/**
 * X509 certificate revocation list (CRL) interface definition.
 */
struct crl_t {

	/**
	 * Implements (parts of) the certificate_t interface
	 */
	certificate_t certificate;

	/**
	 * Get the CRL serial number.
	 *
	 * @return			chunk pointing to internal crlNumber
	 */
	chunk_t (*get_serial)(crl_t *this);

	/**
	 * Get the the authorityKeyIdentifier.
	 *
	 * @return			authKeyIdentifier chunk, point to internal data
	 */
	chunk_t (*get_authKeyIdentifier)(crl_t *this);

	/**
<<<<<<< HEAD
=======
	 * Is this CRL a delta CRL?
	 *
	 * @param base_crl	gets to baseCrlNumber, if this is a delta CRL
	 * @return			TRUE if delta CRL
	 */
	bool (*is_delta_crl)(crl_t *this, chunk_t *base_crl);

	/**
	 * Create an enumerator over Freshest CRL distribution points and issuers.
	 *
	 * @return			enumerator over x509_cdp_t
	 */
	enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this);

	/**
>>>>>>> upstream/4.5.1
	 * Create an enumerator over all revoked certificates.
	 *
	 * The enumerator takes 3 pointer arguments:
	 * chunk_t serial, time_t revocation_date, crl_reason_t reason
	 *
	 * @return			enumerator over revoked certificates.
	 */
	enumerator_t* (*create_enumerator)(crl_t *this);
};

/**
 * Generic check if a given CRL is newer than another.
 *
 * @param this			first CRL to check
 * @param other			second CRL
 * @return				TRUE if this newer than other
 */
bool crl_is_newer(crl_t *this, crl_t *other);

#endif /** CRL_H_ @}*/