Moved addrblock plugin to libcharon
authorMartin Willi <martin@revosec.ch>
Mon, 12 Jul 2010 13:57:25 +0000 (15:57 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 13 Jul 2010 08:26:07 +0000 (10:26 +0200)
13 files changed:
configure.in
src/libcharon/Makefile.am
src/libcharon/plugins/addrblock/Makefile.am [new file with mode: 0644]
src/libcharon/plugins/addrblock/addrblock_plugin.c [new file with mode: 0644]
src/libcharon/plugins/addrblock/addrblock_plugin.h [new file with mode: 0644]
src/libcharon/plugins/addrblock/addrblock_validator.c [new file with mode: 0644]
src/libcharon/plugins/addrblock/addrblock_validator.h [new file with mode: 0644]
src/libstrongswan/Makefile.am
src/libstrongswan/plugins/addrblock/Makefile.am [deleted file]
src/libstrongswan/plugins/addrblock/addrblock_plugin.c [deleted file]
src/libstrongswan/plugins/addrblock/addrblock_plugin.h [deleted file]
src/libstrongswan/plugins/addrblock/addrblock_validator.c [deleted file]
src/libstrongswan/plugins/addrblock/addrblock_validator.h [deleted file]

index a7a3171..db70906 100644 (file)
@@ -763,9 +763,6 @@ fi
 if test x$agent = xtrue; then
        libstrongswan_plugins=${libstrongswan_plugins}" agent"
 fi
-if test x$addrblock = xtrue; then
-       libstrongswan_plugins=${libstrongswan_plugins}" addrblock"
-fi
 if test x$gmp = xtrue; then
        libstrongswan_plugins=${libstrongswan_plugins}" gmp"
        pluto_plugins=${pluto_plugins}" gmp"
@@ -821,7 +818,6 @@ AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue)
 AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue)
 AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue)
 AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue)
-AM_CONDITIONAL(USE_ADDRBLOCK, test x$addrblock = xtrue)
 
 dnl charon plugins
 dnl ==============
@@ -858,6 +854,7 @@ AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
 AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue)
 AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
 AM_CONDITIONAL(USE_FARP, test x$farp = xtrue)
+AM_CONDITIONAL(USE_ADDRBLOCK, test x$addrblock = xtrue)
 
 dnl hydra plugins
 dnl =============
@@ -947,7 +944,6 @@ AC_OUTPUT(
        src/libstrongswan/plugins/openssl/Makefile
        src/libstrongswan/plugins/gcrypt/Makefile
        src/libstrongswan/plugins/agent/Makefile
-       src/libstrongswan/plugins/addrblock/Makefile
        src/libstrongswan/plugins/test_vectors/Makefile
        src/libhydra/Makefile
        src/libhydra/plugins/attr/Makefile
@@ -985,6 +981,7 @@ AC_OUTPUT(
        src/libcharon/plugins/medsrv/Makefile
        src/libcharon/plugins/medcli/Makefile
        src/libcharon/plugins/nm/Makefile
+       src/libcharon/plugins/addrblock/Makefile
        src/libcharon/plugins/uci/Makefile
        src/libcharon/plugins/ha/Makefile
        src/libcharon/plugins/android/Makefile
index d9540e6..44501c0 100644 (file)
@@ -400,6 +400,14 @@ if MONOLITHIC
 endif
 endif
 
+if USE_ADDRBLOCK
+  SUBDIRS += plugins/addrblock
+  PLUGINS += addrblock
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/uci/libstrongswan-addrblock.la
+endif
+endif
+
 if USE_UNIT_TESTS
   SUBDIRS += plugins/unit_tester
   PLUGINS += unit-tester
diff --git a/src/libcharon/plugins/addrblock/Makefile.am b/src/libcharon/plugins/addrblock/Makefile.am
new file mode 100644 (file)
index 0000000..d844674
--- /dev/null
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+       -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-addrblock.la
+else
+plugin_LTLIBRARIES = libstrongswan-addrblock.la
+endif
+
+libstrongswan_addrblock_la_SOURCES = \
+       addrblock_plugin.h addrblock_plugin.c \
+       addrblock_validator.h addrblock_validator.c
+
+libstrongswan_addrblock_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/addrblock/addrblock_plugin.c b/src/libcharon/plugins/addrblock/addrblock_plugin.c
new file mode 100644 (file)
index 0000000..6c1ef73
--- /dev/null
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "addrblock_plugin.h"
+
+#include <library.h>
+#include "addrblock_validator.h"
+
+typedef struct private_addrblock_plugin_t private_addrblock_plugin_t;
+
+/**
+ * private data of addrblock_plugin
+ */
+struct private_addrblock_plugin_t {
+
+       /**
+        * public functions
+        */
+       addrblock_plugin_t public;
+
+       /**
+        * Validator implementation instance.
+        */
+       addrblock_validator_t *validator;
+};
+
+METHOD(plugin_t, destroy, void,
+       private_addrblock_plugin_t *this)
+{
+       lib->credmgr->remove_validator(lib->credmgr, &this->validator->validator);
+       this->validator->destroy(this->validator);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *addrblock_plugin_create()
+{
+       private_addrblock_plugin_t *this;
+
+       INIT(this,
+               .public.plugin.destroy = _destroy,
+               .validator = addrblock_validator_create(),
+       );
+       lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
+
+       return &this->public.plugin;
+}
diff --git a/src/libcharon/plugins/addrblock/addrblock_plugin.h b/src/libcharon/plugins/addrblock/addrblock_plugin.h
new file mode 100644 (file)
index 0000000..87bd516
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup addrblock addrblock
+ * @ingroup cplugins
+ *
+ * @defgroup addrblock_plugin addrblock_plugin
+ * @{ @ingroup addrblock
+ */
+
+#ifndef ADDRBLOCK_PLUGIN_H_
+#define ADDRBLOCK_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct addrblock_plugin_t addrblock_plugin_t;
+
+/**
+ * RFC 3779 address block checking.
+ */
+struct addrblock_plugin_t {
+
+       /**
+        * Implements plugin_t. interface.
+        */
+       plugin_t plugin;
+};
+
+#endif /** ADDRBLOCK_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c
new file mode 100644 (file)
index 0000000..44ef38d
--- /dev/null
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "addrblock_validator.h"
+
+#include <debug.h>
+#include <credentials/certificates/x509.h>
+#include <selectors/traffic_selector.h>
+
+typedef struct private_addrblock_validator_t private_addrblock_validator_t;
+
+/**
+ * Private data of an addrblock_validator_t object.
+ */
+struct private_addrblock_validator_t {
+
+       /**
+        * Public addrblock_validator_t interface.
+        */
+       addrblock_validator_t public;
+};
+
+/**
+ * Do the addrblock check for two x509 plugins
+ */
+static bool check_addrblock(x509_t *subject, x509_t *issuer)
+{
+       bool subject_const, issuer_const, contained = TRUE;
+       enumerator_t *subject_enumerator, *issuer_enumerator;
+       traffic_selector_t *subject_ts, *issuer_ts;
+
+       subject_const = subject->get_flags(subject) & X509_IP_ADDR_BLOCKS;
+       issuer_const = issuer->get_flags(issuer) & X509_IP_ADDR_BLOCKS;
+
+       if (!subject_const && !issuer_const)
+       {
+               return TRUE;
+       }
+       if (!subject_const)
+       {
+               DBG1(DBG_CFG, "subject certficate lacks ipAddrBlocks extension");
+               return FALSE;
+       }
+       if (!issuer_const)
+       {
+               DBG1(DBG_CFG, "issuer certficate lacks ipAddrBlocks extension");
+               return FALSE;
+       }
+       subject_enumerator = subject->create_ipAddrBlock_enumerator(subject);
+       while (subject_enumerator->enumerate(subject_enumerator, &subject_ts))
+       {
+               contained = FALSE;
+
+               issuer_enumerator = issuer->create_ipAddrBlock_enumerator(issuer);
+               while (issuer_enumerator->enumerate(issuer_enumerator, &issuer_ts))
+               {
+                       if (subject_ts->is_contained_in(subject_ts, issuer_ts))
+                       {
+                               DBG2(DBG_CFG, "  subject address block %R is contained in "
+                                                         "issuer address block %R", subject_ts, issuer_ts);
+                               contained = TRUE;
+                               break;
+                       }
+               }
+               issuer_enumerator->destroy(issuer_enumerator);
+               if (!contained)
+               {
+                       DBG1(DBG_CFG, "subject address block %R is not contained in any "
+                                                 "issuer address block", subject_ts);
+                       break;
+               }
+       }
+       subject_enumerator->destroy(subject_enumerator);
+       return contained;
+}
+
+METHOD(cert_validator_t, validate, bool,
+       private_addrblock_validator_t *this, certificate_t *subject,
+       certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth)
+{
+       if (subject->get_type(subject) == CERT_X509 &&
+               issuer->get_type(issuer) == CERT_X509)
+       {
+               return check_addrblock((x509_t*)subject, (x509_t*)issuer);
+       }
+       return TRUE;
+}
+
+METHOD(addrblock_validator_t, destroy, void,
+       private_addrblock_validator_t *this)
+{
+       free(this);
+}
+
+/**
+ * See header
+ */
+addrblock_validator_t *addrblock_validator_create()
+{
+       private_addrblock_validator_t *this;
+
+       INIT(this,
+               .public = {
+                       .validator.validate = _validate,
+                       .destroy = _destroy,
+               },
+       );
+
+       return &this->public;
+}
diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.h b/src/libcharon/plugins/addrblock/addrblock_validator.h
new file mode 100644 (file)
index 0000000..423f0d4
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup addrblock_validator addrblock_validator
+ * @{ @ingroup addrblock
+ */
+
+#ifndef ADDRBLOCK_VALIDATOR_H_
+#define ADDRBLOCK_VALIDATOR_H_
+
+#include <credentials/cert_validator.h>
+
+typedef struct addrblock_validator_t addrblock_validator_t;
+
+/**
+ * RFC 3779 address block X509 certificate validator.
+ */
+struct addrblock_validator_t {
+
+       /**
+        * Implements cert_validator_t interface.
+        */
+       cert_validator_t validator;
+
+       /**
+        * Destroy a addrblock_validator_t.
+        */
+       void (*destroy)(addrblock_validator_t *this);
+};
+
+/**
+ * Create a addrblock_validator instance.
+ */
+addrblock_validator_t *addrblock_validator_create();
+
+#endif /** ADDRBLOCK_VALIDATOR_H_ @}*/
index 0ef26c8..eb0ceb5 100644 (file)
@@ -314,13 +314,6 @@ if MONOLITHIC
 endif
 endif
 
-if USE_ADDRBLOCK
-  SUBDIRS += plugins/addrblock
-if MONOLITHIC
-  libstrongswan_la_LIBADD += plugins/addrblock/libstrongswan-addrblock.la
-endif
-endif
-
 if USE_TEST_VECTORS
   SUBDIRS += plugins/test_vectors
 if MONOLITHIC
diff --git a/src/libstrongswan/plugins/addrblock/Makefile.am b/src/libstrongswan/plugins/addrblock/Makefile.am
deleted file mode 100644 (file)
index 159d2e7..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
-
-AM_CFLAGS = -rdynamic
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-addrblock.la
-else
-plugin_LTLIBRARIES = libstrongswan-addrblock.la
-endif
-
-libstrongswan_addrblock_la_SOURCES = \
-       addrblock_plugin.h addrblock_plugin.c \
-       addrblock_validator.h addrblock_validator.c
-
-libstrongswan_addrblock_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/addrblock/addrblock_plugin.c b/src/libstrongswan/plugins/addrblock/addrblock_plugin.c
deleted file mode 100644 (file)
index 6c1ef73..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "addrblock_plugin.h"
-
-#include <library.h>
-#include "addrblock_validator.h"
-
-typedef struct private_addrblock_plugin_t private_addrblock_plugin_t;
-
-/**
- * private data of addrblock_plugin
- */
-struct private_addrblock_plugin_t {
-
-       /**
-        * public functions
-        */
-       addrblock_plugin_t public;
-
-       /**
-        * Validator implementation instance.
-        */
-       addrblock_validator_t *validator;
-};
-
-METHOD(plugin_t, destroy, void,
-       private_addrblock_plugin_t *this)
-{
-       lib->credmgr->remove_validator(lib->credmgr, &this->validator->validator);
-       this->validator->destroy(this->validator);
-       free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *addrblock_plugin_create()
-{
-       private_addrblock_plugin_t *this;
-
-       INIT(this,
-               .public.plugin.destroy = _destroy,
-               .validator = addrblock_validator_create(),
-       );
-       lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
-
-       return &this->public.plugin;
-}
diff --git a/src/libstrongswan/plugins/addrblock/addrblock_plugin.h b/src/libstrongswan/plugins/addrblock/addrblock_plugin.h
deleted file mode 100644 (file)
index e7c3a72..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup addrblock addrblock
- * @ingroup plugins
- *
- * @defgroup addrblock_plugin addrblock_plugin
- * @{ @ingroup addrblock
- */
-
-#ifndef ADDRBLOCK_PLUGIN_H_
-#define ADDRBLOCK_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct addrblock_plugin_t addrblock_plugin_t;
-
-/**
- * RFC 3779 address block checking.
- */
-struct addrblock_plugin_t {
-
-       /**
-        * Implements plugin_t. interface.
-        */
-       plugin_t plugin;
-};
-
-#endif /** ADDRBLOCK_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/addrblock/addrblock_validator.c b/src/libstrongswan/plugins/addrblock/addrblock_validator.c
deleted file mode 100644 (file)
index 44ef38d..0000000
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (C) 2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "addrblock_validator.h"
-
-#include <debug.h>
-#include <credentials/certificates/x509.h>
-#include <selectors/traffic_selector.h>
-
-typedef struct private_addrblock_validator_t private_addrblock_validator_t;
-
-/**
- * Private data of an addrblock_validator_t object.
- */
-struct private_addrblock_validator_t {
-
-       /**
-        * Public addrblock_validator_t interface.
-        */
-       addrblock_validator_t public;
-};
-
-/**
- * Do the addrblock check for two x509 plugins
- */
-static bool check_addrblock(x509_t *subject, x509_t *issuer)
-{
-       bool subject_const, issuer_const, contained = TRUE;
-       enumerator_t *subject_enumerator, *issuer_enumerator;
-       traffic_selector_t *subject_ts, *issuer_ts;
-
-       subject_const = subject->get_flags(subject) & X509_IP_ADDR_BLOCKS;
-       issuer_const = issuer->get_flags(issuer) & X509_IP_ADDR_BLOCKS;
-
-       if (!subject_const && !issuer_const)
-       {
-               return TRUE;
-       }
-       if (!subject_const)
-       {
-               DBG1(DBG_CFG, "subject certficate lacks ipAddrBlocks extension");
-               return FALSE;
-       }
-       if (!issuer_const)
-       {
-               DBG1(DBG_CFG, "issuer certficate lacks ipAddrBlocks extension");
-               return FALSE;
-       }
-       subject_enumerator = subject->create_ipAddrBlock_enumerator(subject);
-       while (subject_enumerator->enumerate(subject_enumerator, &subject_ts))
-       {
-               contained = FALSE;
-
-               issuer_enumerator = issuer->create_ipAddrBlock_enumerator(issuer);
-               while (issuer_enumerator->enumerate(issuer_enumerator, &issuer_ts))
-               {
-                       if (subject_ts->is_contained_in(subject_ts, issuer_ts))
-                       {
-                               DBG2(DBG_CFG, "  subject address block %R is contained in "
-                                                         "issuer address block %R", subject_ts, issuer_ts);
-                               contained = TRUE;
-                               break;
-                       }
-               }
-               issuer_enumerator->destroy(issuer_enumerator);
-               if (!contained)
-               {
-                       DBG1(DBG_CFG, "subject address block %R is not contained in any "
-                                                 "issuer address block", subject_ts);
-                       break;
-               }
-       }
-       subject_enumerator->destroy(subject_enumerator);
-       return contained;
-}
-
-METHOD(cert_validator_t, validate, bool,
-       private_addrblock_validator_t *this, certificate_t *subject,
-       certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth)
-{
-       if (subject->get_type(subject) == CERT_X509 &&
-               issuer->get_type(issuer) == CERT_X509)
-       {
-               return check_addrblock((x509_t*)subject, (x509_t*)issuer);
-       }
-       return TRUE;
-}
-
-METHOD(addrblock_validator_t, destroy, void,
-       private_addrblock_validator_t *this)
-{
-       free(this);
-}
-
-/**
- * See header
- */
-addrblock_validator_t *addrblock_validator_create()
-{
-       private_addrblock_validator_t *this;
-
-       INIT(this,
-               .public = {
-                       .validator.validate = _validate,
-                       .destroy = _destroy,
-               },
-       );
-
-       return &this->public;
-}
diff --git a/src/libstrongswan/plugins/addrblock/addrblock_validator.h b/src/libstrongswan/plugins/addrblock/addrblock_validator.h
deleted file mode 100644 (file)
index 423f0d4..0000000
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2010 Martin Willi
- * Copyright (C) 2010 revosec AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup addrblock_validator addrblock_validator
- * @{ @ingroup addrblock
- */
-
-#ifndef ADDRBLOCK_VALIDATOR_H_
-#define ADDRBLOCK_VALIDATOR_H_
-
-#include <credentials/cert_validator.h>
-
-typedef struct addrblock_validator_t addrblock_validator_t;
-
-/**
- * RFC 3779 address block X509 certificate validator.
- */
-struct addrblock_validator_t {
-
-       /**
-        * Implements cert_validator_t interface.
-        */
-       cert_validator_t validator;
-
-       /**
-        * Destroy a addrblock_validator_t.
-        */
-       void (*destroy)(addrblock_validator_t *this);
-};
-
-/**
- * Create a addrblock_validator instance.
- */
-addrblock_validator_t *addrblock_validator_create();
-
-#endif /** ADDRBLOCK_VALIDATOR_H_ @}*/