src/libcharon/encoding/payloads/cert_payload.h

   1 /*
   2  * Copyright (C) 2008 Tobias Brunner
   3  * Copyright (C) 2005-2007 Martin Willi
   4  * Copyright (C) 2005 Jan Hutter
   5  *
   6  * Copyright (C) secunet Security Networks AG
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by the
  10  * Free Software Foundation; either version 2 of the License, or (at your
  11  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  15  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  16  * for more details.
  17  */
  18
  19 /**
  20  * @defgroup cert_payload cert_payload
  21  * @{ @ingroup payloads
  22  */
  23
  24 #ifndef CERT_PAYLOAD_H_
  25 #define CERT_PAYLOAD_H_
  26
  27 typedef struct cert_payload_t cert_payload_t;
  28 typedef enum cert_encoding_t cert_encoding_t;
  29
  30 #include <library.h>
  31 #include <credentials/certificates/certificate.h>
  32 #include <credentials/containers/container.h>
  33 #include <encoding/payloads/payload.h>
  34
  35 /**
  36  * Certificate encodings, as in RFC4306
  37  */
  38 enum cert_encoding_t {
  39         ENC_PKCS7_WRAPPED_X509 =                 1,
  40         ENC_PGP =                                                2,
  41         ENC_DNS_SIGNED_KEY =                     3,
  42         ENC_X509_SIGNATURE =                     4,
  43         ENC_KERBEROS_TOKEN      =                        6,
  44         ENC_CRL =                                                7,
  45         ENC_ARL =                                                8,
  46         ENC_SPKI =                                               9,
  47         ENC_X509_ATTRIBUTE =                    10,
  48         ENC_RAW_RSA_KEY =                               11,
  49         ENC_X509_HASH_AND_URL =                 12,
  50         ENC_X509_HASH_AND_URL_BUNDLE =  13,
  51         ENC_OCSP_CONTENT =                              14,  /* from RFC 4806 */
  52 };
  53
  54 /**
  55  * Enum names for cert_encoding_t
  56  */
  57 extern enum_name_t *cert_encoding_names;
  58
  59 /**
  60  * Class representing an IKEv1/IKEv2 CERT payload.
  61  */
  62 struct cert_payload_t {
  63
  64         /**
  65          * The payload_t interface.
  66          */
  67         payload_t payload_interface;
  68
  69         /**
  70          * Get the payloads encoded certificate.
  71          *
  72          * @return                              certificate copy
  73          */
  74         certificate_t *(*get_cert)(cert_payload_t *this);
  75
  76         /**
  77          * Get the payloads certificate container.
  78          *
  79          * @return                              container copy
  80          */
  81         container_t *(*get_container)(cert_payload_t *this);
  82
  83         /**
  84          * Get the encoding of the certificate.
  85          *
  86          * @return                              encoding
  87          */
  88         cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
  89
  90         /**
  91          * Get the hash if this is a hash and URL encoded certificate.
  92          *
  93          * This function returns internal data, do not free.
  94          *
  95          * @return                              hash
  96          */
  97         chunk_t (*get_hash)(cert_payload_t *this);
  98
  99         /**
 100          * Get the URL if this is a hash and URL encoded certificate.
 101          *
 102          * This function returns internal data, do not free.
 103          *
 104          * @return                              url
 105          */
 106         char *(*get_url)(cert_payload_t *this);
 107
 108         /**
 109          * Destroys the cert_payload object.
 110          */
 111         void (*destroy) (cert_payload_t *this);
 112 };
 113
 114 /**
 115  * Creates an empty certificate payload.
 116  *
 117  * @param type                          payload type (for IKEv1 or IKEv2)
 118  * @return                                      cert_payload_t object
 119  */
 120 cert_payload_t *cert_payload_create(payload_type_t type);
 121
 122 /**
 123  * Creates a certificate payload with an embedded certificate.
 124  *
 125  * @param type                          payload type (for IKEv1 or IKEv2)
 126  * @param cert                          certificate to embed
 127  * @return                                      cert_payload_t object
 128  */
 129 cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
 130                                                                                           certificate_t *cert);
 131
 132 /**
 133  * Creates an IKEv2 certificate payload with hash and URL encoding.
 134  *
 135  * @param hash                          hash of the DER encoded certificate (gets cloned)
 136  * @param url                           URL to the certificate
 137  * @return                                      cert_payload_t object
 138  */
 139 cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
 140
 141 /**
 142  * Creates a custom certificate payload using type and associated data.
 143  *
 144  * @param type                          payload type (for IKEv1 or IKEv2)
 145  * @param encoding                      encoding type of certificate
 146  * @param data                          associated data (gets owned)
 147  * @return                                      cert_payload_t object
 148  */
 149 cert_payload_t *cert_payload_create_custom(payload_type_t type,
 150                                                                                 cert_encoding_t encoding, chunk_t data);
 151
 152 #endif /** CERT_PAYLOAD_H_ @}*/