2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * @defgroup cert_payload cert_payload
21 * @{ @ingroup payloads
24 #ifndef CERT_PAYLOAD_H_
25 #define CERT_PAYLOAD_H_
27 typedef struct cert_payload_t cert_payload_t
;
28 typedef enum cert_encoding_t cert_encoding_t
;
31 #include <credentials/certificates/certificate.h>
32 #include <credentials/containers/container.h>
33 #include <encoding/payloads/payload.h>
36 * Certificate encodings, as in RFC4306
38 enum cert_encoding_t
{
39 ENC_PKCS7_WRAPPED_X509
= 1,
41 ENC_DNS_SIGNED_KEY
= 3,
42 ENC_X509_SIGNATURE
= 4,
43 ENC_KERBEROS_TOKEN
= 6,
47 ENC_X509_ATTRIBUTE
= 10,
49 ENC_X509_HASH_AND_URL
= 12,
50 ENC_X509_HASH_AND_URL_BUNDLE
= 13,
51 ENC_OCSP_CONTENT
= 14, /* from RFC 4806 */
55 * Enum names for cert_encoding_t
57 extern enum_name_t
*cert_encoding_names
;
60 * Class representing an IKEv1/IKEv2 CERT payload.
62 struct cert_payload_t
{
65 * The payload_t interface.
67 payload_t payload_interface
;
70 * Get the payloads encoded certificate.
72 * @return certificate copy
74 certificate_t
*(*get_cert
)(cert_payload_t
*this);
77 * Get the payloads certificate container.
79 * @return container copy
81 container_t
*(*get_container
)(cert_payload_t
*this);
84 * Get the encoding of the certificate.
88 cert_encoding_t (*get_cert_encoding
)(cert_payload_t
*this);
91 * Get the hash if this is a hash and URL encoded certificate.
93 * This function returns internal data, do not free.
97 chunk_t (*get_hash
)(cert_payload_t
*this);
100 * Get the URL if this is a hash and URL encoded certificate.
102 * This function returns internal data, do not free.
106 char *(*get_url
)(cert_payload_t
*this);
109 * Destroys the cert_payload object.
111 void (*destroy
) (cert_payload_t
*this);
115 * Creates an empty certificate payload.
117 * @param type payload type (for IKEv1 or IKEv2)
118 * @return cert_payload_t object
120 cert_payload_t
*cert_payload_create(payload_type_t type
);
123 * Creates a certificate payload with an embedded certificate.
125 * @param type payload type (for IKEv1 or IKEv2)
126 * @param cert certificate to embed
127 * @return cert_payload_t object
129 cert_payload_t
*cert_payload_create_from_cert(payload_type_t type
,
130 certificate_t
*cert
);
133 * Creates an IKEv2 certificate payload with hash and URL encoding.
135 * @param hash hash of the DER encoded certificate (gets cloned)
136 * @param url URL to the certificate
137 * @return cert_payload_t object
139 cert_payload_t
*cert_payload_create_from_hash_and_url(chunk_t hash
, char *url
);
142 * Creates a custom certificate payload using type and associated data.
144 * @param type payload type (for IKEv1 or IKEv2)
145 * @param encoding encoding type of certificate
146 * @param data associated data (gets owned)
147 * @return cert_payload_t object
149 cert_payload_t
*cert_payload_create_custom(payload_type_t type
,
150 cert_encoding_t encoding
, chunk_t data
);
152 #endif /** CERT_PAYLOAD_H_ @}*/