summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/credential_set.h
blob: d0b2c574df864d841951a979896d879b6662981e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
 * Copyright (C) 2007 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup credential_set credential_set
 * @{ @ingroup credentials
 */

#ifndef CREDENTIAL_SET_H_
#define CREDENTIAL_SET_H_

typedef struct credential_set_t credential_set_t;

#include <credentials/keys/public_key.h>
#include <credentials/keys/shared_key.h>
#include <credentials/certificates/certificate.h>

/**
 * A set of credentials.
 *
 * Contains private keys, shared keys and different kinds of certificates.
 * Enumerators are used because queries might return multiple matches.
 * Filter parameters restrict enumeration over specific items only.
 * See credential_manager_t for an overview of the credential framework.
 *
 * A credential set enumerator may not block the credential set, i.e. multiple
 * threads must be able to hold multiple enumerators, as the credential manager
 * is higly parallelized. The best way to achieve this is by using shared
 * read locks for the enumerators only. Otherwise deadlocks will occur.
 * The writing cache_cert() routine is called by the manager only if no
 * enumerator is alive, so it is save to use a write lock there.
 */
struct credential_set_t {

	/**
	 * Create an enumerator over private keys (private_key_t).
	 *
	 * The id is either a key identifier of the requested key, or an identity
	 * of the key owner.
	 *
	 * @param type		type of requested private key
	 * @param id		key identifier/owner
	 * @return			enumerator over private_key_t's.
	 */
	enumerator_t *(*create_private_enumerator)(credential_set_t *this,
						key_type_t type, identification_t *id);
	/**
	 * Create an enumerator over certificates (certificate_t).
	 *
	 * @param cert		kind of certificate
	 * @param key		kind of key in certificate
	 * @param id		identity (subject) this certificate belongs to
	 * @param trusted	whether the certificate must be trustworthy
	 * @return			enumerator as described above
	 */
	enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
						certificate_type_t cert, key_type_t key,
						identification_t *id, bool trusted);
	/**
	 * Create an enumerator over shared keys (shared_key_t).
	 *
	 * The enumerator enumerates over:
	 *  shared_key_t*, id_match_t me, id_match_t other
	 * But must accept NULL values for the id_matches.
	 *
	 * @param type		kind of requested shared key
	 * @param me		own identity
	 * @param other		other identity who owns that secret
	 * @return			enumerator as described above
	 */
	enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
						shared_key_type_t type,
						identification_t *me, identification_t *other);

	/**
	 * Create an enumerator over certificate distribution points.
	 *
	 * @param type		type of the certificate to get a CDP
	 * @param id		identification of the distributed certificate
	 * @return			an enumerator over CDPs as char*
	 */
	enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
						certificate_type_t type, identification_t *id);

	/**
	 * Cache a certificate in the credential set.
	 *
	 * The caching policy is implementation dependent. The sets may cache the
	 * certificate in-memory, persistent on disk or not at all.
	 *
	 * @param cert		certificate to cache
	 */
	void (*cache_cert)(credential_set_t *this, certificate_t *cert);
};

#endif /** CREDENTIAL_SET_H_ @}*/