refactored trustchain verification, this should fix #33
[strongswan.git] / src / charon / credentials / sets / ocsp_response_wrapper.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 #include "ocsp_response_wrapper.h"
19
20 typedef struct private_ocsp_response_wrapper_t private_ocsp_response_wrapper_t;
21
22 /**
23 * private data of ocsp_response_wrapper
24 */
25 struct private_ocsp_response_wrapper_t {
26
27 /**
28 * public functions
29 */
30 ocsp_response_wrapper_t public;
31
32 /**
33 * wrapped OCSP response
34 */
35 ocsp_response_t *response;
36 };
37
38 /**
39 * enumerator for ocsp_response_wrapper_t.create_cert_enumerator()
40 */
41 typedef struct {
42 /** implements enumerator_t */
43 enumerator_t public;
44 /** enumerator over ocsp response */
45 enumerator_t *inner;
46 /** type of cert */
47 certificate_type_t cert;
48 /** type of key */
49 key_type_t key;
50 /** filtering identity */
51 identification_t *id;
52 } wrapper_enumerator_t;
53
54 /**
55 * enumerate function wrapper_enumerator_t
56 */
57 static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
58 {
59 certificate_t *current;
60 public_key_t *public;
61
62 while (this->inner->enumerate(this->inner, &current))
63 {
64 if (this->cert != CERT_ANY && this->cert != current->get_type(current))
65 { /* CERT type requested, but does not match */
66 continue;
67 }
68 public = current->get_public_key(current);
69 if (this->key != KEY_ANY && !public)
70 { /* key type requested, but no public key */
71 DESTROY_IF(public);
72 continue;
73 }
74 if (this->key != KEY_ANY && public && this->key != public->get_type(public))
75 { /* key type requested, but public key has another type */
76 DESTROY_IF(public);
77 continue;
78 }
79 DESTROY_IF(public);
80 if (this->id && !current->has_subject(current, this->id))
81 { /* subject requested, but does not match */
82 continue;
83 }
84 *cert = current;
85 return TRUE;
86 }
87 return FALSE;
88 }
89
90 /**
91 * destroy function for wrapper_enumerator_t
92 */
93 static void enumerator_destroy(wrapper_enumerator_t *this)
94 {
95 this->inner->destroy(this->inner);
96 free(this);
97 }
98
99 /**
100 * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator
101 */
102 static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this,
103 certificate_type_t cert, key_type_t key,
104 identification_t *id, bool trusted)
105 {
106 wrapper_enumerator_t *enumerator;
107
108 if (trusted)
109 {
110 return NULL;
111 }
112
113 enumerator = malloc_thing(wrapper_enumerator_t);
114 enumerator->cert = cert;
115 enumerator->key = key;
116 enumerator->id = id;
117 enumerator->inner = this->response->create_cert_enumerator(this->response);
118 enumerator->public.enumerate = (void*)enumerate;
119 enumerator->public.destroy = (void*)enumerator_destroy;
120 return &enumerator->public;
121 }
122
123 /**
124 * Implementation of ocsp_response_wrapper_t.destroy
125 */
126 static void destroy(private_ocsp_response_wrapper_t *this)
127 {
128 free(this);
129 }
130
131 /*
132 * see header file
133 */
134 ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response)
135 {
136 private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t);
137
138 this->public.set.create_private_enumerator = (void*)return_null;
139 this->public.set.create_cert_enumerator = (void*)create_enumerator;
140 this->public.set.create_shared_enumerator = (void*)return_null;
141 this->public.set.create_cdp_enumerator = (void*)return_null;
142 this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy;
143
144 this->response = response;
145
146 return &this->public;
147 }
148