credentials/keys/public_key.c credentials/keys/shared_key.c \
credentials/certificates/certificate.c credentials/certificates/crl.c \
credentials/certificates/ocsp_response.c \
+credentials/containers/container.c \
credentials/ietf_attributes/ietf_attributes.c credentials/credential_manager.c \
credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
credentials/certificates/ocsp_response.h \
credentials/certificates/pgp_certificate.h \
+credentials/containers/container.h credentials/containers/pkcs7.h \
credentials/ietf_attributes/ietf_attributes.h \
credentials/credential_manager.h credentials/sets/auth_cfg_wrapper.h \
credentials/sets/ocsp_response_wrapper.h credentials/sets/cert_cache.h \
--- /dev/null
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "container.h"
+
+ENUM(container_type_names, CONTAINER_PKCS7_DATA, CONTAINER_PKCS7_ENVELOPED_DATA,
+ "PKCS7",
+ "PKCS7_DATA",
+ "PKCS7_SIGNED_DATA",
+ "PKCS7_ENVELOPED_DATA",
+);
--- /dev/null
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup container container
+ * @{ @ingroup containers
+ */
+
+#ifndef CONTAINER_H_
+#define CONTAINER_H_
+
+typedef struct container_t container_t;
+typedef enum container_type_t container_type_t;
+
+#include <utils/chunk.h>
+#include <collections/enumerator.h>
+
+/**
+ * Type of the container.
+ */
+enum container_type_t {
+ /* Any kind of PKCS7/CMS container */
+ CONTAINER_PKCS7,
+ /* PKCS7/CMS plain "data" */
+ CONTAINER_PKCS7_DATA,
+ /* PKCS7/CMS "signed-data" */
+ CONTAINER_PKCS7_SIGNED_DATA,
+ /* PKCS7/CMS "enveloped-data" */
+ CONTAINER_PKCS7_ENVELOPED_DATA,
+};
+
+/**
+ * Enum names for container_type_t
+ */
+extern enum_name_t *container_type_names;
+
+/**
+ * Generic interface for cryptographic containers.
+ */
+struct container_t {
+
+ /**
+ * Get the type of the container.
+ *
+ * @return container type
+ */
+ container_type_t (*get_type)(container_t *this);
+
+ /**
+ * Create an enumerator over trustchains for valid container signatures.
+ *
+ * @return enumerator over auth_cfg_t*
+ */
+ enumerator_t* (*create_signature_enumerator)(container_t *this);
+
+ /**
+ * Get signed/decrypted data wrapped in this container.
+ *
+ * This function does not verify any associated signatures, use
+ * create_signature_enumerator() to verify them.
+ *
+ * @param data allocated data wrapped in this container
+ * @return TRUE if data decrypted successfully
+ */
+ bool (*get_data)(container_t *this, chunk_t *data);
+
+ /**
+ * Get the encoding of the full signed/encrypted container.
+ *
+ * @param data allocated container encoding
+ * @return TRUE if encodign successful
+ */
+ bool (*get_encoding)(container_t *this, chunk_t *encoding);
+
+ /**
+ * Destroy a container_t.
+ */
+ void (*destroy)(container_t *this);
+};
+
+#endif /** CONTAINER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs7 pkcs7
+ * @{ @ingroup containers
+ */
+
+#ifndef PKCS7_H_
+#define PKCS7_H_
+
+#include <credentials/containers/container.h>
+
+typedef struct pkcs7_t pkcs7_t;
+
+/**
+ * PKCS#7/CMS container type.
+ */
+struct pkcs7_t {
+
+ /**
+ * Implements container_t.
+ */
+ container_t container;
+};
+
+#endif /** PKCS7_H_ @}*/
#include <threading/thread_value.h>
#include <threading/rwlock.h>
#include <credentials/certificates/x509.h>
+#include <credentials/containers/container.h>
-ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CERTIFICATE,
+ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CONTAINER,
"CRED_PRIVATE_KEY",
"CRED_PUBLIC_KEY",
"CRED_CERTIFICATE",
- "CRED_PLUTO_CERT",
+ "CRED_CONTAINER",
);
typedef struct private_credential_factory_t private_credential_factory_t;
if (!construct && !level)
{
- enum_name_t *names = key_type_names;
+ enum_name_t *names;
- if (type == CRED_CERTIFICATE)
+ switch (type)
{
- names = certificate_type_names;
+ case CRED_CERTIFICATE:
+ names = certificate_type_names;
+ break;
+ case CRED_CONTAINER:
+ names = container_type_names;
+ break;
+ case CRED_PRIVATE_KEY:
+ case CRED_PUBLIC_KEY:
+ default:
+ names = key_type_names;
+ break;
}
DBG1(DBG_LIB, "building %N - %N failed, tried %d builders",
credential_type_names, type, names, subtype, failures);
/**
* Kind of credential.
+ *
+ * While crypto containers are not really credentials, we still use the
+ * credential factory and builders create them.
*/
enum credential_type_t {
/** private key, implemented in private_key_t */
CRED_PUBLIC_KEY,
/** certificates, implemented in certificate_t */
CRED_CERTIFICATE,
+ /** crypto container, implemented in container_t */
+ CRED_CONTAINER,
};
/**
projects / thirdparty / strongswan.git / commitdiff
