added BUILD_SERIAL component and fixed several ac bugs

diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 42d183a..073f66f 100644 (file)
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -27,6 +27,7 @@ ENUM(builder_part_names, BUILD_BLOB_ASN1_DER, BUILD_END,
        "BUILD_ISSUER_ALTNAME",
        "BUILD_NOT_BEFORE_TIME",
        "BUILD_NOT_AFTER_TIME",
+       "BUILD_SERIAL",
        "BUILD_CA_CERT",
        "BUILD_CERT",
        "BUILD_X509_FLAG",

diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 37259e6..92e13c6 100644 (file)
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -60,7 +60,9 @@ enum builder_part_t {
        BUILD_NOT_BEFORE_TIME,
        /** notAfter, time_t* */
        BUILD_NOT_AFTER_TIME,
-       /** a CA certificate, certificate_t* */
+       /** notAfter, time_t* */
+       BUILD_SERIAL,
+       /** a serial number in binary form, chunk_t */
        BUILD_CA_CERT,
        /** a certificate, certificate_t* */
        BUILD_CERT,

diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 0af4998..a65199b 100644 (file)
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -146,6 +146,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
                                case BUILD_END:
                                        break;
                                case BUILD_BLOB_ASN1_DER:
+                               case BUILD_SERIAL:
                                        builder->add(builder, part, va_arg(args, chunk_t));
                                        continue;
                                case BUILD_X509_FLAG:

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index d9614c1..e364c37 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -391,7 +391,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
 static chunk_t build_extensions(private_x509_ac_t *this)
 {
        return asn1_wrap(ASN1_SEQUENCE, "mc",
-                               build_authorityKeyID(this),
+                               build_authorityKeyIdentifier(this),
                                ASN1_noRevAvail_ext);
 }
 
@@ -418,11 +418,14 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this)
 static chunk_t build_ac(private_x509_ac_t *this)
 {
        chunk_t signatureValue;
-       chunk_t attributeCertificateInfo = build_attr_cert_info(this);
-/*
-       signerkey->build_emsa_pkcs1_signature(signerkey, HASH_SHA1,
-                                        attributeCertificateInfo, &signatureValue);
-*/
+    chunk_t attributeCertificateInfo;
+
+       DBG1("build_ac:");
+       attributeCertificateInfo = build_attr_cert_info(this);
+
+       this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
+                                                 attributeCertificateInfo, &signatureValue);
+
        return asn1_wrap(ASN1_SEQUENCE, "mcm",
                                attributeCertificateInfo,
                                asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
@@ -704,6 +707,7 @@ static private_x509_ac_t *create_empty()
        this->signerKey = NULL;
        this->charging = linked_list_create();
        this->groups = linked_list_create();
+       this->ref = 1;
 
        return this;
 }
@@ -754,6 +758,9 @@ static void add(private_builder_t *this, builder_part_t part, ...)
                case BUILD_NOT_AFTER_TIME:
                        this->ac->notAfter = va_arg(args, time_t);
                        break;
+               case BUILD_SERIAL:
+                       this->ac->serialNumber = va_arg(args, chunk_t);
+                       break;
                case BUILD_CERT:
                        cert = va_arg(args, certificate_t*);
                        if (cert->get_type(cert) == CERT_X509)
@@ -766,6 +773,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
                        }
                        break;
                case BUILD_SIGNING_CERT:
+                       cert = va_arg(args, certificate_t*);
                        if (cert->get_type(cert) == CERT_X509)
                        {
                                this->ac->signerCert = cert;

diff --git a/src/openac/openac.c b/src/openac/openac.c
index 10a743e..ac34508 100755 (executable)
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -571,12 +571,12 @@ int main(int argc, char **argv)
                                                                           BUILD_CERT, user_cert,
                                                                           BUILD_NOT_BEFORE_TIME, notBefore,
                                                                           BUILD_NOT_AFTER_TIME, notAfter,
+                                                                          BUILD_SERIAL, serial,
                                                                           BUILD_SIGNING_CERT, signer_cert,
                                                                           BUILD_SIGNING_KEY, signer_key,
                                                                           BUILD_END);
                if (!attr_cert)
                {
-                       status = 1;
                        goto end;
                }
        
@@ -596,10 +596,10 @@ int main(int argc, char **argv)
 
 end:
        /* delete all dynamically allocated objects */
+       DESTROY_IF(attr_cert);
        DESTROY_IF(signer_key);
        DESTROY_IF(signer_cert);
        DESTROY_IF(user_cert);
-       DESTROY_IF(attr_cert);
        free(attr_chunk.ptr);
        free(serial.ptr);
        closelog();