Added an AUTH_HELPER for revocation certificates
authorMartin Willi <martin@revosec.ch>
Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:06 +0000 (16:46 +0100)
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/credentials/auth_cfg.h
src/libstrongswan/credentials/sets/auth_cfg_wrapper.c

index 98659f7..23a3f62 100644 (file)
@@ -131,6 +131,7 @@ static void destroy_entry_value(entry_t *entry)
                case AUTH_RULE_SUBJECT_CERT:
                case AUTH_HELPER_IM_CERT:
                case AUTH_HELPER_SUBJECT_CERT:
+               case AUTH_HELPER_REVOCATION_CERT:
                {
                        certificate_t *cert = (certificate_t*)entry->value;
                        cert->destroy(cert);
@@ -192,6 +193,7 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator,
                        case AUTH_HELPER_SUBJECT_CERT:
                        case AUTH_HELPER_IM_HASH_URL:
                        case AUTH_HELPER_SUBJECT_HASH_URL:
+                       case AUTH_HELPER_REVOCATION_CERT:
                                /* pointer type */
                                enumerator->current->value = va_arg(args, void*);
                                break;
@@ -261,6 +263,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type)
                case AUTH_HELPER_SUBJECT_CERT:
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_SUBJECT_HASH_URL:
+               case AUTH_HELPER_REVOCATION_CERT:
                default:
                        return NULL;
        }
@@ -300,6 +303,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
                case AUTH_HELPER_SUBJECT_CERT:
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_SUBJECT_HASH_URL:
+               case AUTH_HELPER_REVOCATION_CERT:
                        /* pointer type */
                        entry->value = va_arg(args, void*);
                        break;
@@ -561,6 +565,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
                        case AUTH_HELPER_SUBJECT_CERT:
                        case AUTH_HELPER_IM_HASH_URL:
                        case AUTH_HELPER_SUBJECT_HASH_URL:
+                       case AUTH_HELPER_REVOCATION_CERT:
                                /* skip helpers */
                                continue;
                }
@@ -607,6 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
                                case AUTH_RULE_SUBJECT_CERT:
                                case AUTH_HELPER_IM_CERT:
                                case AUTH_HELPER_SUBJECT_CERT:
+                               case AUTH_HELPER_REVOCATION_CERT:
                                {
                                        certificate_t *cert = (certificate_t*)value;
 
@@ -702,6 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
                                        case AUTH_RULE_SUBJECT_CERT:
                                        case AUTH_HELPER_IM_CERT:
                                        case AUTH_HELPER_SUBJECT_CERT:
+                                       case AUTH_HELPER_REVOCATION_CERT:
                                        {
                                                certificate_t *c1, *c2;
 
@@ -815,6 +822,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this)
                        case AUTH_RULE_SUBJECT_CERT:
                        case AUTH_HELPER_IM_CERT:
                        case AUTH_HELPER_SUBJECT_CERT:
+                       case AUTH_HELPER_REVOCATION_CERT:
                        {
                                certificate_t *cert = (certificate_t*)entry->value;
                                clone->add(clone, entry->type, cert->get_ref(cert));
index 8391f79..489ce11 100644 (file)
@@ -105,6 +105,8 @@ enum auth_rule_t {
        AUTH_HELPER_IM_HASH_URL,
        /** Hash and URL of a end-entity certificate, char* */
        AUTH_HELPER_SUBJECT_HASH_URL,
+       /** revocation certificate (CRL, OCSP), certificate_t* */
+       AUTH_HELPER_REVOCATION_CERT,
 };
 
 /**
index 5e84586..225fabe 100644 (file)
@@ -132,7 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
                        }
                }
                else if (rule != AUTH_HELPER_SUBJECT_CERT &&
-                                rule != AUTH_HELPER_IM_CERT)
+                                rule != AUTH_HELPER_IM_CERT &&
+                                rule != AUTH_HELPER_REVOCATION_CERT)
                {       /* handle only HELPER certificates */
                        continue;
                }