1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
/**
* @file crl.h
*
* @brief Interface of crl_t.
*
*/
/*
* Copyright (C) 2006 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef CRL_H_
#define CRL_H_
typedef struct crl_t crl_t;
#include <library.h>
#include <crypto/rsa/rsa_public_key.h>
#include <crypto/certinfo.h>
#include <utils/identification.h>
#include <utils/iterator.h>
/**
* @brief X.509 certificate revocation list
*
* @b Constructors:
* - crl_create_from_chunk()
* - crl_create_from_file()
*
* @ingroup transforms
*/
struct crl_t {
/**
* @brief Get the crl's issuer ID.
*
* The resulting ID is always a identification_t
* of type ID_DER_ASN1_DN.
*
* @param this calling object
* @return issuers ID
*/
identification_t *(*get_issuer) (const crl_t *this);
/**
* @brief Check if both crls have the same issuer.
*
* @param this calling object
* @param other other crl
* @return TRUE if the same issuer
*/
bool (*equals_issuer) (const crl_t *this, const crl_t *other);
/**
* @brief Check if ia candidate cert is the issuer of the crl
*
* @param this calling object
* @param issuer candidate issuer of the crl
* @return TRUE if issuer
*/
bool (*is_issuer) (const crl_t *this, const x509_t *issuer);
/**
* @brief Checks the validity interval of the crl
*
* @param this calling object
* @return TRUE if the crl is valid
*/
bool (*is_valid) (const crl_t *this);
/**
* @brief Checks if this crl is newer (thisUpdate) than the other crl
*
* @param this calling object
* @param other other crl object
* @return TRUE if this was issued more recently than other
*/
bool (*is_newer) (const crl_t *this, const crl_t *other);
/**
* @brief Check if a crl is trustworthy.
*
* @param this calling object
* @param signer signer's RSA public key
* @return TRUE if crl is trustworthy
*/
bool (*verify) (const crl_t *this, const rsa_public_key_t *signer);
/**
* @brief Get the certificate status
*
* @param this calling object
* @param certinfo certinfo is updated
*/
void (*get_status) (const crl_t *this, certinfo_t *certinfo);
/**
* @brief Write a der-encoded crl to a file
*
* @param this calling object
* @param path path where the file is to be stored
* @param mask file access control rights
* @param force overwrite the file if it already exists
* @return TRUE if successfully written
*/
bool (*write_to_file) (const crl_t *this, const char *path, mode_t mask, bool force);
/**
* @brief Destroys the crl.
*
* @param this crl to destroy
*/
void (*destroy) (crl_t *this);
};
/**
* @brief Read a x509 crl from a DER encoded blob.
*
* @param chunk chunk containing DER encoded data
* @return created crl_t, or NULL if invalid.
*
* @ingroup transforms
*/
crl_t *crl_create_from_chunk(chunk_t chunk);
/**
* @brief Read a x509 crl from a DER encoded file.
*
* @param filename file containing DER encoded data
* @return created crl_t, or NULL if invalid.
*
* @ingroup transforms
*/
crl_t *crl_create_from_file(const char *filename);
#endif /* CRL_H_ */
|
