2 * @file identification.h
4 * @brief Interface of identification_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
24 #ifndef IDENTIFICATION_H_
25 #define IDENTIFICATION_H_
30 typedef enum id_type_t id_type_t
;
33 * @brief ID Types in a ID payload.
40 * ID data is a single four (4) octet IPv4 address.
45 * ID data is a fully-qualified domain name string.
46 * An example of a ID_FQDN is, "example.com".
47 * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
52 * ID data is a fully-qualified RFC822 email address string, An example of
53 * a ID_RFC822_ADDR is, "jsmith@example.com". The string MUST
54 * not contain any terminators.
59 * ID data is a single sixteen (16) octet IPv6 address.
64 * ID data is the binary DER encoding of an ASN.1 X.500 Distinguished Name
70 * ID data is the binary DER encoding of an ASN.1 X.500 GeneralName
76 * ID data is an opaque octet stream which may be used to pass vendor-
77 * specific information necessary to do certain proprietary
78 * types of identification.
83 * Special type of PRIVATE USE which matches to any other id.
89 * String mappings for id_type_t.
91 extern mapping_t id_type_m
[];
93 typedef struct identification_t identification_t
;
96 * @brief Generic identification, such as used in ID payload.
98 * The following types are possible:
108 * - identification_create_from_string()
109 * - identification_create_from_encoding()
111 * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
112 * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice.
116 struct identification_t
{
119 * @brief Get the encoding of this id, to send over
122 * @warning Result points to internal data, do NOT free!
124 * @param this the identification_t object
125 * @return a chunk containing the encoded bytes
127 chunk_t (*get_encoding
) (identification_t
*this);
130 * @brief Get the type of this identification.
132 * @param this the identification_t object
135 id_type_t (*get_type
) (identification_t
*this);
138 * @brief Get a string representation of this id.
140 * @warning Result points to internal data, do NOT free!
142 * @param this the identification_t object
145 char *(*get_string
) (identification_t
*this);
148 * @brief Check if two identification_t objects are equal.
150 * @param this the identification_t object
151 * @param other other identification_t object
152 * @return TRUE if the IDs are equal
154 bool (*equals
) (identification_t
*this,identification_t
*other
);
157 * @brief Check if an ID belongs to a wildcard ID.
159 * An identification_t may contain wildcards, such as
160 * *@strongswan.org. This call checks if a given ID
161 * (e.g. tester@strongswan.org) belongs to a such wildcard
162 * ID. Returns TRUE if
163 * - IDs are identical
164 * - other is of type ID_ANY
165 * - other contains a wildcard and matches this
167 * @param this the ID without wildcard
168 * @param other the ID containing a wildcard
169 * @return TRUE if other belongs to this
171 bool (*belongs_to
) (identification_t
*this, identification_t
*other
);
174 * @brief Check if an ID is a wildcard ID.
176 * If the ID represents multiple IDs (with wildcards, or
177 * as the type ID_ANY), TRUE is returned. If it is unique,
180 * @param this identification_t object
181 * @return TRUE if ID contains wildcards
183 bool (*contains_wildcards
) (identification_t
*this);
186 * @brief Clone a identification_t instance.
188 * @param this the identification_t object to clone
189 * @return clone of this
191 identification_t
*(*clone
) (identification_t
*this);
194 * @brief Destroys a identification_t object.
196 * @param this identification_t object
198 void (*destroy
) (identification_t
*this);
202 * @brief Creates an identification_t object from a string.
204 * @param string input string, which will be converted
206 * - created identification_t object, or
207 * - NULL if unsupported string supplied.
209 * The input string may be e.g. one of the following:
210 * - ID_IPV4_ADDR: 192.168.0.1
211 * - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345
212 * - ID_FQDN: @www.strongswan.org (@indicates FQDN)
213 * - ID_RFC822_ADDR: alice@wonderland.org
214 * - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
216 * In favour of pluto, domainnames are prepended with an @, since
217 * pluto resolves domainnames without an @ to IPv4 addresses. Since
218 * we use a seperate host_t class for addresses, this doesn't
221 * A distinguished name may contain one or more of the following RDNs:
222 * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D,
223 * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
224 * unstructuredName, TCGID.
228 identification_t
* identification_create_from_string(char *string
);
231 * @brief Creates an identification_t object from an encoded chunk.
233 * @param type type of this id, such as ID_IPV4_ADDR
234 * @param encoded encoded bytes, such as from identification_t.get_encoding
235 * @return identification_t object
237 * In contrast to identification_create_from_string(), this constructor never
238 * returns NULL, even when the conversion to a sring representation fails.
242 identification_t
* identification_create_from_encoding(id_type_t type
, chunk_t encoded
);
245 #endif /* IDENTIFICATION_H_ */