support of ca info records
[strongswan.git] / src / libstrongswan / crypto / ca.c
1 /**
2 * @file ca.c
3 *
4 * @brief Implementation of ca_info_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2007 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <string.h>
26 #include <printf.h>
27
28 #include "ca.h"
29
30 #include <library.h>
31 #include <debug.h>
32 #include <utils/linked_list.h>
33 #include <utils/identification.h>
34
35 typedef struct private_ca_info_t private_ca_info_t;
36
37 /**
38 * Private data of a ca_info_t object.
39 */
40 struct private_ca_info_t {
41 /**
42 * Public interface for this ca info record
43 */
44 ca_info_t public;
45
46 /**
47 * Name of the ca info record
48 */
49 char *name;
50
51 /**
52 * Time when ca info record was installed
53 */
54 time_t installed;
55
56 /**
57 * Distinguished Name of the CA
58 */
59 identification_t *authName;
60
61 /**
62 * Authority Key Identifier
63 */
64 chunk_t authKeyID;
65
66 /**
67 * Authority Key Serial Number
68 */
69 chunk_t authKeySerialNumber;
70
71 /**
72 * List of crlDistributionPoints
73 */
74 linked_list_t *crlDistributionPoints;
75
76 /**
77 * List of ocspAccessPoints
78 */
79 linked_list_t *ocspAccessPoints;
80 };
81
82 /**
83 * Implements ca_info_t.add_crluri
84 */
85 static void add_crluri(private_ca_info_t *this, const char* uri)
86 {
87 if (uri == NULL)
88 {
89 return;
90 }
91 if (!strncasecmp(uri, "http", 4)
92 && !strncasecmp(uri, "ldap", 4)
93 && !strncasecmp(uri, "file", 4)
94 && !strncasecmp(uri, "ftp", 3))
95 {
96 DBG1(" invalid CRL URI: '%s'", uri);
97 return;
98 }
99 }
100
101 /**
102 * Implements ca_info_t.add_ocspuri
103 */
104 static void add_ocspuri(private_ca_info_t *this, const char* uri)
105 {
106 if (uri == NULL)
107 {
108 return;
109 }
110 if (!strncasecmp(uri, "http", 4))
111 {
112 DBG1(" invalid OCSP URI: '%s'", uri);
113 return;
114 }
115 }
116
117 /**
118 * Implements ca_info_t.destroy
119 */
120 static void destroy(private_ca_info_t *this)
121 {
122 this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
123 offsetof(identification_t, destroy));
124 this->ocspAccessPoints->destroy_offset(this->ocspAccessPoints,
125 offsetof(identification_t, destroy));
126 DESTROY_IF(this->authName);
127 free(this->authKeyID.ptr);
128 free(this->authKeySerialNumber.ptr);
129 free(this->name);
130 free(this);
131 }
132
133 /**
134 * output handler in printf()
135 */
136 static int print(FILE *stream, const struct printf_info *info,
137 const void *const *args)
138 {
139 private_ca_info_t *this = *((private_ca_info_t**)(args[0]));
140 bool utc = TRUE;
141 int written = 0;
142 time_t now;
143
144 if (info->alt)
145 {
146 utc = *((bool*)args[1]);
147 }
148
149 if (this == NULL)
150 {
151 return fprintf(stream, "(null)");
152 }
153
154 now = time(NULL);
155
156 written += fprintf(stream, "%#T, ", &this->installed, utc);
157 written += fprintf(stream, "\"%s\"\n", this->name);
158 written += fprintf(stream, " authname: '%D'\n", this->authName);
159
160 return written;
161 }
162
163 /**
164 * register printf() handlers
165 */
166 static void __attribute__ ((constructor))print_register()
167 {
168 register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int);
169 }
170
171 /*
172 * Described in header.
173 */
174 ca_info_t *ca_info_create(const char *name, const x509_t *cacert)
175 {
176 private_ca_info_t *this = malloc_thing(private_ca_info_t);
177
178 /* initialize */
179 this->name = strdup(name);
180 this->authName = NULL;
181 this->authKeyID = chunk_empty;
182 this->authKeySerialNumber = chunk_empty;
183 this->crlDistributionPoints = linked_list_create();
184 this->ocspAccessPoints = linked_list_create();
185
186 /* public functions */
187 this->public.add_crluri = (void (*) (ca_info_t*,const char*))add_crluri;
188 this->public.add_ocspuri = (void (*) (ca_info_t*,const char*))add_ocspuri;
189 this->public.destroy = (void (*) (ca_info_t*))destroy;
190
191 return &this->public;
192 }