src/libstrongswan/plugins/pubkey/pubkey_cert.c

   1 /*
   2  * Copyright (C) 2008 Martin Willi
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "pubkey_cert.h"
  17
  18 #include <time.h>
  19
  20 #include <debug.h>
  21
  22 typedef struct private_pubkey_cert_t private_pubkey_cert_t;
  23
  24 /**
  25  * private data of pubkey_cert
  26  */
  27 struct private_pubkey_cert_t {
  28
  29         /**
  30          * public functions
  31          */
  32         pubkey_cert_t public;
  33
  34         /**
  35          * wrapped public key
  36          */
  37         public_key_t *key;
  38
  39         /**
  40          * dummy issuer id, ID_ANY
  41          */
  42         identification_t *issuer;
  43
  44         /**
  45          * subject, ID_KEY_ID of the public key
  46          */
  47         identification_t *subject;
  48
  49         /**
  50          * key inception time
  51          */
  52         time_t notBefore;
  53
  54         /**
  55          * key expiration time
  56          */
  57         time_t notAfter;
  58
  59         /**
  60          * reference count
  61          */
  62         refcount_t ref;
  63 };
  64
  65 METHOD(certificate_t, get_type, certificate_type_t,
  66         private_pubkey_cert_t *this)
  67 {
  68         return CERT_TRUSTED_PUBKEY;
  69 }
  70
  71 METHOD(certificate_t, get_subject, identification_t*,
  72         private_pubkey_cert_t *this)
  73 {
  74         return this->subject;
  75 }
  76
  77 METHOD(certificate_t, get_issuer, identification_t*,
  78         private_pubkey_cert_t *this)
  79 {
  80         return this->issuer;
  81 }
  82
  83 METHOD(certificate_t, has_subject, id_match_t,
  84         private_pubkey_cert_t *this, identification_t *subject)
  85 {
  86         if (subject->get_type(subject) == ID_KEY_ID)
  87         {
  88                 cred_encoding_type_t type;
  89                 chunk_t fingerprint;
  90
  91                 for (type = 0; type < CRED_ENCODING_MAX; type++)
  92                 {
  93                         if (this->key->get_fingerprint(this->key, type, &fingerprint) &&
  94                                 chunk_equals(fingerprint, subject->get_encoding(subject)))
  95                         {
  96                                 return ID_MATCH_PERFECT;
  97                         }
  98                 }
  99         }
 100
 101         return this->subject->matches(this->subject, subject);
 102 }
 103
 104 METHOD(certificate_t, has_issuer, id_match_t,
 105         private_pubkey_cert_t *this, identification_t *issuer)
 106 {
 107         return ID_MATCH_NONE;
 108 }
 109
 110 METHOD(certificate_t, equals, bool,
 111         private_pubkey_cert_t *this, certificate_t *other)
 112 {
 113         public_key_t *other_key;
 114
 115         other_key = other->get_public_key(other);
 116         if (other_key)
 117         {
 118                 if (public_key_equals(this->key, other_key))
 119                 {
 120                         other_key->destroy(other_key);
 121                         return TRUE;
 122                 }
 123                 other_key->destroy(other_key);
 124         }
 125         return FALSE;
 126 }
 127
 128 METHOD(certificate_t, issued_by, bool,
 129         private_pubkey_cert_t *this, certificate_t *issuer)
 130 {
 131         return equals(this, issuer);
 132 }
 133
 134 METHOD(certificate_t, get_public_key,  public_key_t*,
 135         private_pubkey_cert_t *this)
 136 {
 137         this->key->get_ref(this->key);
 138         return this->key;
 139 }
 140
 141 METHOD(certificate_t, get_validity, bool,
 142         private_pubkey_cert_t *this, time_t *when, time_t *not_before,
 143         time_t *not_after)
 144 {
 145         time_t t = when ? *when : time(NULL);
 146
 147         if (not_before)
 148         {
 149                 *not_before = this->notBefore;
 150         }
 151         if (not_after)
 152         {
 153                 *not_after = this->notAfter;
 154         }
 155         return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) &&
 156                         (this->notAfter  == UNDEFINED_TIME || t <= this->notAfter));
 157 }
 158
 159 METHOD(certificate_t, get_encoding, bool,
 160         private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
 161 {
 162         return this->key->get_encoding(this->key, type, encoding);
 163 }
 164
 165 METHOD(certificate_t, get_ref, certificate_t*,
 166         private_pubkey_cert_t *this)
 167 {
 168         ref_get(&this->ref);
 169         return &this->public.interface;
 170 }
 171
 172 METHOD(certificate_t, destroy, void,
 173         private_pubkey_cert_t *this)
 174 {
 175         if (ref_put(&this->ref))
 176         {
 177                 this->subject->destroy(this->subject);
 178                 this->issuer->destroy(this->issuer);
 179                 this->key->destroy(this->key);
 180                 free(this);
 181         }
 182 }
 183
 184 /*
 185  * see header file
 186  */
 187 static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
 188                                                                                  time_t notBefore, time_t notAfter,
 189                                                                                  identification_t *subject)
 190 {
 191         private_pubkey_cert_t *this;
 192         chunk_t fingerprint;
 193
 194         INIT(this,
 195                 .public = {
 196                         .interface = {
 197                                 .get_type = _get_type,
 198                                 .get_subject = _get_subject,
 199                                 .get_issuer = _get_issuer,
 200                                 .has_subject = _has_subject,
 201                                 .has_issuer = _has_issuer,
 202                                 .issued_by = _issued_by,
 203                                 .get_public_key = _get_public_key,
 204                                 .get_validity = _get_validity,
 205                                 .get_encoding = _get_encoding,
 206                                 .equals = _equals,
 207                                 .get_ref = _get_ref,
 208                                 .destroy = _destroy,
 209                         },
 210                 },
 211                 .ref = 1,
 212                 .key = key,
 213                 .notBefore = notBefore,
 214                 .notAfter = notAfter,
 215                 .issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
 216         );
 217
 218         if (subject)
 219         {
 220                 this->subject = subject->clone(subject);
 221         }
 222         else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
 223         {
 224                 this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
 225         }
 226         else
 227         {
 228                 this->subject = identification_create_from_encoding(ID_ANY, chunk_empty);
 229         }
 230
 231         return &this->public;
 232 }
 233
 234 /**
 235  * See header.
 236  */
 237 pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
 238 {
 239         public_key_t *key = NULL;
 240         chunk_t blob = chunk_empty;
 241         identification_t *subject = NULL;
 242         time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME;
 243
 244         while (TRUE)
 245         {
 246                 switch (va_arg(args, builder_part_t))
 247                 {
 248                         case BUILD_BLOB_ASN1_DER:
 249                                 blob = va_arg(args, chunk_t);
 250                                 continue;
 251                         case BUILD_PUBLIC_KEY:
 252                                 key = va_arg(args, public_key_t*);
 253                                 continue;
 254                         case BUILD_NOT_BEFORE_TIME:
 255                                 notBefore = va_arg(args, time_t);
 256                                 continue;
 257                         case BUILD_NOT_AFTER_TIME:
 258                                 notAfter = va_arg(args, time_t);
 259                                 continue;
 260                         case BUILD_SUBJECT:
 261                                 subject = va_arg(args, identification_t*);
 262                                 continue;
 263                         case BUILD_END:
 264                                 break;
 265                         default:
 266                                 return NULL;
 267                 }
 268                 break;
 269         }
 270         if (key)
 271         {
 272                 key->get_ref(key);
 273         }
 274         else if (blob.ptr)
 275         {
 276                 key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
 277                                                                  BUILD_BLOB_ASN1_DER, blob, BUILD_END);
 278         }
 279         if (key)
 280         {
 281                 return pubkey_cert_create(key, notBefore, notAfter, subject);
 282         }
 283         return NULL;
 284 }
 285