src/libstrongswan/plugins/pubkey/pubkey_cert.c

   1 /*
   2  * Copyright (C) 2008 Martin Willi
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "pubkey_cert.h"
  17
  18 #include <debug.h>
  19
  20 typedef struct private_pubkey_cert_t private_pubkey_cert_t;
  21
  22 /**
  23  * private data of pubkey_cert
  24  */
  25 struct private_pubkey_cert_t {
  26
  27         /**
  28          * public functions
  29          */
  30         pubkey_cert_t public;
  31
  32         /**
  33          * wrapped public key
  34          */
  35         public_key_t *key;
  36
  37         /**
  38          * dummy issuer id, ID_ANY
  39          */
  40         identification_t *issuer;
  41
  42         /**
  43          * subject, ID_KEY_ID of the public key
  44          */
  45         identification_t *subject;
  46
  47         /**
  48          * reference count
  49          */
  50         refcount_t ref;
  51 };
  52
  53 /**
  54  * Implementation of certificate_t.get_type
  55  */
  56 static certificate_type_t get_type(private_pubkey_cert_t *this)
  57 {
  58         return CERT_TRUSTED_PUBKEY;
  59 }
  60
  61 /**
  62  * Implementation of certificate_t.get_subject
  63  */
  64 static identification_t* get_subject(private_pubkey_cert_t *this)
  65 {
  66         return this->subject;
  67 }
  68
  69 /**
  70  * Implementation of certificate_t.get_issuer
  71  */
  72 static identification_t* get_issuer(private_pubkey_cert_t *this)
  73 {
  74         return this->issuer;
  75 }
  76
  77 /**
  78  * Implementation of certificate_t.has_subject.
  79  */
  80 static id_match_t has_subject(private_pubkey_cert_t *this,
  81                                                           identification_t *subject)
  82 {
  83         if (subject->get_type(subject) == ID_KEY_ID)
  84         {
  85                 cred_encoding_type_t type;
  86                 chunk_t fingerprint;
  87
  88                 for (type = 0; type < CRED_ENCODING_MAX; type++)
  89                 {
  90                         if (this->key->get_fingerprint(this->key, type, &fingerprint) &&
  91                                 chunk_equals(fingerprint, subject->get_encoding(subject)))
  92                         {
  93                                 return ID_MATCH_PERFECT;
  94                         }
  95                 }
  96         }
  97         return ID_MATCH_NONE;
  98 }
  99
 100 /**
 101  * Implementation of certificate_t.has_subject.
 102  */
 103 static id_match_t has_issuer(private_pubkey_cert_t *this,
 104                                                          identification_t *issuer)
 105 {
 106         return ID_MATCH_NONE;
 107 }
 108
 109 /**
 110  * Implementation of certificate_t.equals.
 111  */
 112 static bool equals(private_pubkey_cert_t *this, certificate_t *other)
 113 {
 114         public_key_t *other_key;
 115
 116         other_key = other->get_public_key(other);
 117         if (other_key)
 118         {
 119                 if (public_key_equals(this->key, other_key))
 120                 {
 121                         other_key->destroy(other_key);
 122                         return TRUE;
 123                 }
 124                 other_key->destroy(other_key);
 125         }
 126         return FALSE;
 127 }
 128
 129 /**
 130  * Implementation of certificate_t.issued_by
 131  */
 132 static bool issued_by(private_pubkey_cert_t *this, certificate_t *issuer)
 133 {
 134         return equals(this, issuer);
 135 }
 136
 137 /**
 138  * Implementation of certificate_t.get_public_key
 139  */
 140 static public_key_t* get_public_key(private_pubkey_cert_t *this)
 141 {
 142         this->key->get_ref(this->key);
 143         return this->key;
 144 }
 145
 146 /**
 147  * Implementation of certificate_t.get_validity.
 148  */
 149 static bool get_validity(private_pubkey_cert_t *this, time_t *when,
 150                                                  time_t *not_before, time_t *not_after)
 151 {
 152         if (not_before)
 153         {
 154                 *not_before = 0;
 155         }
 156         if (not_after)
 157         {
 158                 *not_after = ~0;
 159         }
 160         return TRUE;
 161 }
 162
 163 /**
 164  * Implementation of certificate_t.get_encoding.
 165  */
 166 static bool get_encoding(private_pubkey_cert_t *this, cred_encoding_type_t type,
 167                                                  chunk_t *encoding)
 168 {
 169         return this->key->get_encoding(this->key, type, encoding);
 170 }
 171
 172 /**
 173  * Implementation of certificate_t.get_ref
 174  */
 175 static private_pubkey_cert_t* get_ref(private_pubkey_cert_t *this)
 176 {
 177         ref_get(&this->ref);
 178         return this;
 179 }
 180
 181 /**
 182  * Implementation of pubkey_cert_t.destroy
 183  */
 184 static void destroy(private_pubkey_cert_t *this)
 185 {
 186         if (ref_put(&this->ref))
 187         {
 188                 this->subject->destroy(this->subject);
 189                 this->issuer->destroy(this->issuer);
 190                 this->key->destroy(this->key);
 191                 free(this);
 192         }
 193 }
 194
 195 /*
 196  * see header file
 197  */
 198 static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
 199 {
 200         private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t);
 201         chunk_t fingerprint;
 202
 203         this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
 204         this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
 205         this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
 206         this->public.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
 207         this->public.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
 208         this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
 209         this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
 210         this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
 211         this->public.interface.get_encoding = (bool (*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
 212         this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
 213         this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
 214         this->public.interface.destroy = (void (*)(certificate_t *this))destroy;
 215
 216         this->ref = 1;
 217         this->key = key;
 218         this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty);
 219         if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
 220         {
 221                 this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
 222         }
 223         else
 224         {
 225                 this->subject = identification_create_from_encoding(ID_ANY, chunk_empty);
 226         }
 227
 228         return &this->public;
 229 }
 230
 231 /**
 232  * See header.
 233  */
 234 pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
 235 {
 236         public_key_t *key = NULL;
 237         chunk_t blob = chunk_empty;
 238
 239         while (TRUE)
 240         {
 241                 switch (va_arg(args, builder_part_t))
 242                 {
 243                         case BUILD_BLOB_ASN1_DER:
 244                                 blob = va_arg(args, chunk_t);
 245                                 continue;
 246                         case BUILD_PUBLIC_KEY:
 247                                 key = va_arg(args, public_key_t*);
 248                                 continue;
 249                         case BUILD_END:
 250                                 break;
 251                         default:
 252                                 return NULL;
 253                 }
 254                 break;
 255         }
 256         if (key)
 257         {
 258                 key->get_ref(key);
 259         }
 260         else if (blob.ptr)
 261         {
 262                 key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
 263                                                                  BUILD_BLOB_ASN1_DER, blob, BUILD_END);
 264         }
 265         if (key)
 266         {
 267                 return pubkey_cert_create(key);
 268         }
 269         return NULL;
 270 }
 271