added create_part_enumerator() to indentity, allows to enumerate RDNs etc.
authorMartin Willi <martin@strongswan.org>
Tue, 14 Apr 2009 14:32:22 +0000 (14:32 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 14 Apr 2009 14:32:22 +0000 (14:32 -0000)
src/charon/plugins/unit_tester/Makefile.am
src/charon/plugins/unit_tester/tests.h
src/charon/plugins/unit_tester/tests/test_id.c [new file with mode: 0644]
src/libstrongswan/utils/identification.c
src/libstrongswan/utils/identification.h

index 9c86aa6..af03e4e 100644 (file)
@@ -20,7 +20,8 @@ libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
   tests/test_chunk.c \
   tests/test_pool.c \
   tests/test_agent.c \
-  tests/test_rng.c
+  tests/test_rng.c \
+  tests/test_id.c
 
 libstrongswan_unit_tester_la_LDFLAGS = -module
 
index 2576391..9e56a8a 100644 (file)
@@ -25,7 +25,7 @@ DEFINE_TEST("simple enumerator", test_enumerate, FALSE)
 DEFINE_TEST("nested enumerator", test_enumerate_nested, FALSE)
 DEFINE_TEST("filtered enumerator", test_enumerate_filtered, FALSE)
 DEFINE_TEST("token enumerator", test_enumerate_token, FALSE)
-DEFINE_TEST("auth info", test_auth_info, FALSE)
+DEFINE_TEST("auth cfg", test_auth_cfg, FALSE)
 DEFINE_TEST("FIPS PRF", fips_prf_test, FALSE)
 DEFINE_TEST("CURL get", test_curl_get, FALSE)
 DEFINE_TEST("MySQL operations", test_mysql, FALSE)
@@ -41,5 +41,6 @@ DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE)
 DEFINE_TEST("IP pool", test_pool, FALSE)
 DEFINE_TEST("SSH agent", test_agent, FALSE)
 DEFINE_TEST("RNG quality", test_rng, FALSE)
+DEFINE_TEST("ID parts", test_id_parts, FALSE)
 
 /** @}*/
diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/charon/plugins/unit_tester/tests/test_id.c
new file mode 100644 (file)
index 0000000..56dab24
--- /dev/null
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <daemon.h>
+
+/*******************************************************************************
+ * identification part enumeration test
+ ******************************************************************************/
+bool test_id_parts()
+{
+       identification_t *id;
+       enumerator_t *enumerator;
+       id_part_t part;
+       chunk_t data;
+       int i = 0;
+       
+       id = identification_create_from_string("C=CH, O=strongSwan, CN=tester");
+       
+       enumerator = id->create_part_enumerator(id);
+       while (enumerator->enumerate(enumerator, &part, &data))
+       {
+               switch (i++)
+               {
+                       case 0:
+                               if (part != ID_PART_RDN_C ||
+                                       !chunk_equals(data, chunk_create("CH", 2)))
+                               {
+                                       return FALSE;
+                               }
+                               break;
+                       case 1:
+                               if (part != ID_PART_RDN_O ||
+                                       !chunk_equals(data, chunk_create("strongSwan", 10)))
+                               {
+                                       return FALSE;
+                               }
+                               break;
+                       case 2:
+                               if (part != ID_PART_RDN_CN ||
+                                       !chunk_equals(data, chunk_create("tester", 6)))
+                               {
+                                       return FALSE;
+                               }
+                               break;
+                       default:
+                               return FALSE;
+               }
+       }
+       if (i < 3)
+       {
+               return FALSE;
+       }
+       enumerator->destroy(enumerator);
+       id->destroy(id);
+       return TRUE;
+}
+
index a274757..7245b42 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -921,6 +921,124 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
 }
 
 /**
+ * Enumerator over RDNs
+ */
+typedef struct {
+       /* implements enumerator interface */
+       enumerator_t public;
+       /* current RDN */
+       chunk_t rdn;
+       /* current attribute */
+       chunk_t attr;
+       /** have another RDN? */
+       bool next;
+} rdn_enumerator_t;
+
+/**
+ * Implementation of rdn_enumerator_t.enumerate
+ */
+static bool rdn_enumerate(rdn_enumerator_t *this,
+                                                 id_part_t *type, chunk_t *data)
+{
+       chunk_t oid, value;
+       asn1_t asn1_type;
+       
+       while (this->next)
+       {
+               if (!get_next_rdn(&this->rdn, &this->attr, &oid,
+                                                 &value, &asn1_type, &this->next))
+               {
+                       return FALSE;
+               }
+               switch (asn1_known_oid(oid))
+               {
+                       case OID_COMMON_NAME:
+                                *type = ID_PART_RDN_CN;
+                               break;
+                       case OID_SURNAME:
+                                *type = ID_PART_RDN_S;
+                               break;
+                       case OID_SERIAL_NUMBER:
+                                *type = ID_PART_RDN_SN;
+                               break;
+                       case OID_COUNTRY:
+                                *type = ID_PART_RDN_C;
+                               break;
+                       case OID_LOCALITY:
+                                *type = ID_PART_RDN_L;
+                               break;
+                       case OID_STATE_OR_PROVINCE:
+                                *type = ID_PART_RDN_ST;
+                               break;
+                       case OID_ORGANIZATION:
+                                *type = ID_PART_RDN_O;
+                               break;
+                       case OID_ORGANIZATION_UNIT:
+                                *type = ID_PART_RDN_OU;
+                               break;
+                       case OID_TITLE:
+                                *type = ID_PART_RDN_T;
+                               break;
+                       case OID_DESCRIPTION:
+                                *type = ID_PART_RDN_D;
+                               break;
+                       case OID_NAME:
+                                *type = ID_PART_RDN_N;
+                               break;
+                       case OID_GIVEN_NAME:
+                                *type = ID_PART_RDN_G;
+                               break;
+                       case OID_INITIALS:
+                                *type = ID_PART_RDN_I;
+                               break;
+                       case OID_UNIQUE_IDENTIFIER:
+                                *type = ID_PART_RDN_ID;
+                               break;
+                       case OID_EMAIL_ADDRESS:
+                               *type = ID_PART_RDN_E;
+                               break;
+                       case OID_EMPLOYEE_NUMBER:
+                               *type = ID_PART_RDN_EN;
+                               break;
+                       default:
+                               continue;
+               }
+               *data = value;
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
+ * Implementation of identification_t.create_part_enumerator
+ */
+static enumerator_t* create_part_enumerator(private_identification_t *this)
+{
+       switch (this->type)
+       {
+               case ID_DER_ASN1_DN:
+               {
+                       rdn_enumerator_t *e = malloc_thing(rdn_enumerator_t);
+                       
+                       e->public.enumerate = (void*)rdn_enumerate;
+                       e->public.destroy = (void*)free;
+                       if (init_rdn(this->encoded, &e->rdn, &e->attr, &e->next))
+                       {
+                               return &e->public;
+                       }
+                       free(e);
+                       /* FALL */
+               }
+               case ID_RFC822_ADDR:
+                       /* TODO */
+               case ID_FQDN:
+                       /* TODO */
+               default:
+                       return enumerator_create_empty();
+       }
+}
+
+/**
  * Implementation of identification_t.clone.
  */
 static identification_t *clone_(private_identification_t *this)
@@ -957,6 +1075,7 @@ static private_identification_t *identification_create(void)
        this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding;
        this->public.get_type = (id_type_t (*) (identification_t*))get_type;
        this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards;
+       this->public.create_part_enumerator = (enumerator_t*(*)(identification_t*))create_part_enumerator;
        this->public.clone = (identification_t* (*) (identification_t*))clone_;
        this->public.destroy = (void (*) (identification_t*))destroy;
        /* we use these as defaults, the may be overloaded for special ID types */
index 90eadb6..3ffbab7 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -29,6 +29,7 @@
 typedef enum id_type_t id_type_t;
 typedef struct identification_t identification_t;
 typedef enum id_match_t id_match_t;
+typedef enum id_part_t id_part_t;
 
 #include <library.h>
 
@@ -156,6 +157,56 @@ enum id_type_t {
 extern enum_name_t *id_type_names;
 
 /**
+ * Type of an ID sub part.
+ */
+enum id_part_t {
+       /** Username part of an RFC822_ADDR */
+       ID_PART_USERNAME,
+       /** Domain part of an RFC822_ADDR */
+       ID_PART_DOMAIN,
+       
+       /** Top-Level domain of a FQDN */
+       ID_PART_TLD,
+       /** Second-Level domain of a FQDN */
+       ID_PART_SLD,
+       /** Another Level domain of a FQDN */
+       ID_PART_ALD,
+       
+       /** Country RDN of a DN */
+       ID_PART_RDN_C,
+       /** CommonName RDN of a DN */
+       ID_PART_RDN_CN,
+       /** Description RDN of a DN */
+       ID_PART_RDN_D,
+       /** Email RDN of a DN */
+       ID_PART_RDN_E,
+       /** EmployeeNumber RDN of a DN */
+       ID_PART_RDN_EN,
+       /** GivenName RDN of a DN */
+       ID_PART_RDN_G,
+       /** Initials RDN of a DN */
+       ID_PART_RDN_I,
+       /** UniqueIdentifier RDN of a DN */
+       ID_PART_RDN_ID,
+       /** Locality RDN of a DN */
+       ID_PART_RDN_L,
+       /** Name RDN of a DN */
+       ID_PART_RDN_N,
+       /** Organization RDN of a DN */
+       ID_PART_RDN_O,
+       /** OrganizationUnit RDN of a DN */
+       ID_PART_RDN_OU,
+       /** Surname RDN of a DN */
+       ID_PART_RDN_S,
+       /** SerialNumber RDN of a DN */
+       ID_PART_RDN_SN,
+       /** StateOrProvince RDN of a DN */
+       ID_PART_RDN_ST,
+       /** Title RDN of a DN */
+       ID_PART_RDN_T,
+};
+
+/**
  * Generic identification, such as used in ID payload.
  * 
  * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
@@ -220,6 +271,19 @@ struct identification_t {
        bool (*contains_wildcards) (identification_t *this);
        
        /**
+        * Create an enumerator over subparts of an identity.
+        *
+        * Some identities are built from several parts, e.g. an E-Mail consists
+        * of a username and a domain part, or a DistinguishedName contains several
+        * RDNs.
+        * For identity without subtypes (support), an empty enumerator is
+        * returned.
+        *
+        * @return                      an enumerator over (id_part_t type, chunk_t data)
+        */
+       enumerator_t* (*create_part_enumerator)(identification_t *this);
+       
+       /**
         * Clone a identification_t instance.
         * 
         * @return                      clone of this
@@ -262,9 +326,6 @@ identification_t * identification_create_from_string(char *string);
 
 /**
  * Creates an identification_t object from an encoded chunk.
- *
- * In contrast to identification_create_from_string(), this constructor never
- * returns NULL, even when the conversion to a string representation fails.
  * 
  * @param type         type of this id, such as ID_IPV4_ADDR
  * @param encoded      encoded bytes, such as from identification_t.get_encoding