projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Migrated pubkey_cert to INIT/METHOD macros
[strongswan.git] / src / libstrongswan / plugins / pubkey / pubkey_cert.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pubkey_cert.h"
17
18 #include <debug.h>
19
20 typedef struct private_pubkey_cert_t private_pubkey_cert_t;
21
22 /**
23 * private data of pubkey_cert
24 */
25 struct private_pubkey_cert_t {
26
27 /**
28 * public functions
29 */
30 pubkey_cert_t public;
31
32 /**
33 * wrapped public key
34 */
35 public_key_t *key;
36
37 /**
38 * dummy issuer id, ID_ANY
39 */
40 identification_t *issuer;
41
42 /**
43 * subject, ID_KEY_ID of the public key
44 */
45 identification_t *subject;
46
47 /**
48 * reference count
49 */
50 refcount_t ref;
51 };
52
53 METHOD(certificate_t, get_type, certificate_type_t,
54 private_pubkey_cert_t *this)
55 {
56 return CERT_TRUSTED_PUBKEY;
57 }
58
59 METHOD(certificate_t, get_subject, identification_t*,
60 private_pubkey_cert_t *this)
61 {
62 return this->subject;
63 }
64
65 METHOD(certificate_t, get_issuer, identification_t*,
66 private_pubkey_cert_t *this)
67 {
68 return this->issuer;
69 }
70
71 METHOD(certificate_t, has_subject, id_match_t,
72 private_pubkey_cert_t *this, identification_t *subject)
73 {
74 if (subject->get_type(subject) == ID_KEY_ID)
75 {
76 cred_encoding_type_t type;
77 chunk_t fingerprint;
78
79 for (type = 0; type < CRED_ENCODING_MAX; type++)
80 {
81 if (this->key->get_fingerprint(this->key, type, &fingerprint) &&
82 chunk_equals(fingerprint, subject->get_encoding(subject)))
83 {
84 return ID_MATCH_PERFECT;
85 }
86 }
87 }
88 return ID_MATCH_NONE;
89 }
90
91 METHOD(certificate_t, has_issuer, id_match_t,
92 private_pubkey_cert_t *this, identification_t *issuer)
93 {
94 return ID_MATCH_NONE;
95 }
96
97 METHOD(certificate_t, equals, bool,
98 private_pubkey_cert_t *this, certificate_t *other)
99 {
100 public_key_t *other_key;
101
102 other_key = other->get_public_key(other);
103 if (other_key)
104 {
105 if (public_key_equals(this->key, other_key))
106 {
107 other_key->destroy(other_key);
108 return TRUE;
109 }
110 other_key->destroy(other_key);
111 }
112 return FALSE;
113 }
114
115 METHOD(certificate_t, issued_by, bool,
116 private_pubkey_cert_t *this, certificate_t *issuer)
117 {
118 return equals(this, issuer);
119 }
120
121 METHOD(certificate_t, get_public_key, public_key_t*,
122 private_pubkey_cert_t *this)
123 {
124 this->key->get_ref(this->key);
125 return this->key;
126 }
127
128 METHOD(certificate_t, get_validity, bool,
129 private_pubkey_cert_t *this, time_t *when, time_t *not_before,
130 time_t *not_after)
131 {
132 if (not_before)
133 {
134 *not_before = 0;
135 }
136 if (not_after)
137 {
138 *not_after = ~0;
139 }
140 return TRUE;
141 }
142
143 METHOD(certificate_t, get_encoding, bool,
144 private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
145 {
146 return this->key->get_encoding(this->key, type, encoding);
147 }
148
149 METHOD(certificate_t, get_ref, certificate_t*,
150 private_pubkey_cert_t *this)
151 {
152 ref_get(&this->ref);
153 return &this->public.interface;
154 }
155
156 METHOD(certificate_t, destroy, void,
157 private_pubkey_cert_t *this)
158 {
159 if (ref_put(&this->ref))
160 {
161 this->subject->destroy(this->subject);
162 this->issuer->destroy(this->issuer);
163 this->key->destroy(this->key);
164 free(this);
165 }
166 }
167
168 /*
169 * see header file
170 */
171 static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
172 {
173 private_pubkey_cert_t *this;
174 chunk_t fingerprint;
175
176 INIT(this,
177 .public = {
178 .interface = {
179 .get_type = _get_type,
180 .get_subject = _get_subject,
181 .get_issuer = _get_issuer,
182 .has_subject = _has_subject,
183 .has_issuer = _has_issuer,
184 .issued_by = _issued_by,
185 .get_public_key = _get_public_key,
186 .get_validity = _get_validity,
187 .get_encoding = _get_encoding,
188 .equals = _equals,
189 .get_ref = _get_ref,
190 .destroy = _destroy,
191 },
192 },
193 .ref = 1,
194 .key = key,
195 .issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
196 );
197
198 if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
199 {
200 this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
201 }
202 else
203 {
204 this->subject = identification_create_from_encoding(ID_ANY, chunk_empty);
205 }
206
207 return &this->public;
208 }
209
210 /**
211 * See header.
212 */
213 pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
214 {
215 public_key_t *key = NULL;
216 chunk_t blob = chunk_empty;
217
218 while (TRUE)
219 {
220 switch (va_arg(args, builder_part_t))
221 {
222 case BUILD_BLOB_ASN1_DER:
223 blob = va_arg(args, chunk_t);
224 continue;
225 case BUILD_PUBLIC_KEY:
226 key = va_arg(args, public_key_t*);
227 continue;
228 case BUILD_END:
229 break;
230 default:
231 return NULL;
232 }
233 break;
234 }
235 if (key)
236 {
237 key->get_ref(key);
238 }
239 else if (blob.ptr)
240 {
241 key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
242 BUILD_BLOB_ASN1_DER, blob, BUILD_END);
243 }
244 if (key)
245 {
246 return pubkey_cert_create(key);
247 }
248 return NULL;
249 }
250
strongSwan - IPsec VPN