/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#ifndef OPENVPN_PKCS11_H
#define OPENVPN_PKCS11_H

#if defined(ENABLE_PKCS11)

#include "ssl_common.h"

bool
pkcs11_initialize(
    const bool fProtectedAuthentication,
    const int nPINCachePeriod
    );

void
pkcs11_terminate();

bool
pkcs11_addProvider(
    const char *const provider,
    const bool fProtectedAuthentication,
    const unsigned private_mode,
    const bool fCertIsPrivate
    );

int
pkcs11_logout();

int
pkcs11_management_id_count();

bool
pkcs11_management_id_get(
    const int index,
    char **id,
    char **base64
    );

int
tls_ctx_use_pkcs11(
    struct tls_root_ctx *const ssl_ctx,
    bool pkcs11_id_management,
    const char *const pkcs11_id
    );

void
show_pkcs11_ids(
    const char *const provider,
    bool cert_private
    );

#endif                  /* ENABLE_PKCS11 */

#endif                  /* OPENVPN_PKCS11H_H */