support of ca info records
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 Feb 2007 15:14:59 +0000 (15:14 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 Feb 2007 15:14:59 +0000 (15:14 -0000)
src/libstrongswan/Makefile.am
src/libstrongswan/crypto/ca.c [new file with mode: 0644]
src/libstrongswan/crypto/ca.h [new file with mode: 0644]

index 7fa20e4..bc1f796 100644 (file)
@@ -6,36 +6,38 @@ chunk.c chunk.h \
 debug.c debug.h \
 enum.c enum.h \
 printf_hook.c printf_hook.h \
-asn1/oid.c asn1/oid.h \
 asn1/asn1.c asn1/asn1.h \
+asn1/oid.c asn1/oid.h \
 asn1/pem.c asn1/pem.h \
 asn1/ttodata.c asn1/ttodata.h \
-crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
-crypto/rsa/rsa_public_key.h  crypto/rsa/rsa_public_key.c \
-crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
-crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
-crypto/prfs/prf.c crypto/prfs/prf.h \
-crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
-crypto/signers/signer.c crypto/signers/signer.h \
+crypto/ca.c crypto/ca.h \
+crypto/certinfo.c crypto/certinfo.h \
+crypto/crl.c crypto/crl.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/crypters/aes_cbc_crypter.c  crypto/crypters/aes_cbc_crypter.h\
 crypto/crypters/des_crypter.c  crypto/crypters/des_crypter.h\
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
 crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
 crypto/hashers/md5_hasher.c  crypto/hashers/md5_hasher.h \
-crypto/prf_plus.h crypto/prf_plus.c \
 crypto/hmac.c crypto/hmac.h \
-crypto/certinfo.c crypto/certinfo.h \
+crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
+crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
+crypto/prfs/prf.c crypto/prfs/prf.h \
+crypto/prf_plus.h crypto/prf_plus.c \
+crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
+crypto/rsa/rsa_public_key.h  crypto/rsa/rsa_public_key.c \
+crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
+crypto/signers/signer.c crypto/signers/signer.h \
 crypto/x509.c crypto/x509.h \
-crypto/crl.c crypto/crl.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
-utils/identification.c utils/identification.h \
-utils/linked_list.c utils/linked_list.h utils/iterator.h\
-utils/randomizer.c utils/randomizer.h \
 utils/host.c utils/host.h \
+utils/identification.c utils/identification.h \
+utils/iterator.h \
+utils/leak_detective.c utils/leak_detective.h \
 utils/lexparser.c utils/lexparser.h \
-utils/leak_detective.c utils/leak_detective.h
+utils/linked_list.c utils/linked_list.h \
+utils/randomizer.c utils/randomizer.h
 
 libstrongswan_la_LIBADD = -lgmp -lpthread
 
diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c
new file mode 100644 (file)
index 0000000..b40d244
--- /dev/null
@@ -0,0 +1,192 @@
+/**
+ * @file ca.c
+ * 
+ * @brief Implementation of ca_info_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <sys/stat.h>
+#include <unistd.h>
+#include <string.h>
+#include <printf.h>
+
+#include "ca.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+
+typedef struct private_ca_info_t private_ca_info_t;
+
+/**
+ * Private data of a ca_info_t object.
+ */
+struct private_ca_info_t {
+       /**
+        * Public interface for this ca info record
+        */
+       ca_info_t public;
+       
+       /**
+        * Name of the ca info record
+        */
+       char *name;
+
+       /**
+        * Time when ca info record was installed
+        */
+       time_t installed;
+
+       /**
+        * Distinguished Name of the CA
+        */
+       identification_t *authName;
+       
+       /**
+        * Authority Key Identifier
+        */
+       chunk_t authKeyID;
+
+       /**
+        * Authority Key Serial Number
+        */
+       chunk_t authKeySerialNumber;
+       
+       /**
+        * List of crlDistributionPoints
+        */
+       linked_list_t *crlDistributionPoints;
+
+       /**
+        * List of ocspAccessPoints
+        */
+       linked_list_t *ocspAccessPoints;
+};
+
+/**
+ * Implements ca_info_t.add_crluri
+ */
+static void add_crluri(private_ca_info_t *this, const char* uri)
+{
+       if (uri == NULL)
+       {
+               return;
+       }
+       if (!strncasecmp(uri, "http", 4)
+    &&  !strncasecmp(uri, "ldap", 4)
+    &&  !strncasecmp(uri, "file", 4)
+       &&  !strncasecmp(uri, "ftp",  3))
+       {
+               DBG1("  invalid CRL URI: '%s'", uri);
+               return;
+       }
+}
+
+/**
+ * Implements ca_info_t.add_ocspuri
+ */
+static void add_ocspuri(private_ca_info_t *this, const char* uri)
+{
+       if (uri == NULL)
+       {
+               return;
+       }
+       if (!strncasecmp(uri, "http", 4))
+       {
+               DBG1("  invalid OCSP URI: '%s'", uri);
+               return;
+       }
+}
+
+/**
+ * Implements ca_info_t.destroy
+ */
+static void destroy(private_ca_info_t *this)
+{
+       this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
+                                                                                               offsetof(identification_t, destroy));
+       this->ocspAccessPoints->destroy_offset(this->ocspAccessPoints,
+                                                                                               offsetof(identification_t, destroy));
+       DESTROY_IF(this->authName);
+       free(this->authKeyID.ptr);
+       free(this->authKeySerialNumber.ptr);
+       free(this->name);
+       free(this);
+}
+
+/**
+ * output handler in printf()
+ */
+static int print(FILE *stream, const struct printf_info *info,
+                                const void *const *args)
+{
+       private_ca_info_t *this = *((private_ca_info_t**)(args[0]));
+       bool utc = TRUE;
+       int written = 0;
+       time_t now;
+       
+       if (info->alt)
+       {
+               utc = *((bool*)args[1]);
+       }
+       
+       if (this == NULL)
+       {
+               return fprintf(stream, "(null)");
+       }
+       
+       now = time(NULL);
+       
+       written += fprintf(stream, "%#T, ", &this->installed, utc);
+       written += fprintf(stream, "\"%s\"\n", this->name);
+       written += fprintf(stream, "    authname:  '%D'\n", this->authName);
+
+       return written;
+}
+
+/**
+ * register printf() handlers
+ */
+static void __attribute__ ((constructor))print_register()
+{
+       register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int);
+}
+
+/*
+ * Described in header.
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert)
+{
+       private_ca_info_t *this = malloc_thing(private_ca_info_t);
+       
+       /* initialize */
+       this->name = strdup(name);
+       this->authName = NULL;
+       this->authKeyID = chunk_empty;
+       this->authKeySerialNumber = chunk_empty;
+       this->crlDistributionPoints = linked_list_create();
+       this->ocspAccessPoints = linked_list_create();
+       
+       /* public functions */
+       this->public.add_crluri = (void (*) (ca_info_t*,const char*))add_crluri;
+       this->public.add_ocspuri = (void (*) (ca_info_t*,const char*))add_ocspuri;
+       this->public.destroy = (void (*) (ca_info_t*))destroy;
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h
new file mode 100644 (file)
index 0000000..deff830
--- /dev/null
@@ -0,0 +1,77 @@
+/**
+ * @file ca.h
+ * 
+ * @brief Interface of ca_info_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CA_H_
+#define CA_H_
+
+typedef struct ca_info_t ca_info_t;
+
+#include <library.h>
+
+#include "x509.h"
+
+/**
+ * @brief X.509 certification authority information record
+ * 
+ * @b Constructors:
+ *  - ca_info_create()
+ * 
+ * @ingroup transforms
+ */
+struct ca_info_t {
+
+       /**
+        * @brief Adds a CRL URI to a list
+        * 
+        * @param this                  ca info object
+        * @param uri                   crl uri string to be added
+        */
+       void (*add_crluri) (ca_info_t *this, const char* uri);
+
+       /**
+        * @brief Adds a CRL URI to a list
+        * 
+        * @param this                  ca info object
+        * @param uri                   ocsp uri string to be added
+        */
+       void (*add_ocspuri) (ca_info_t *this, const char* uri);
+
+       /**
+        * @brief Destroys a ca info record
+        * 
+        * @param this                  ca info to destroy
+        */
+       void (*destroy) (ca_info_t *this);
+};
+
+/**
+ * @brief Create a ca info record
+ * 
+ * @param name                 name of the ca info record
+ * @param cacert       path to the ca certificate
+ * @return                     created ca_info_t, or NULL if invalid.
+ * 
+ * @ingroup transforms
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert);
+
+#endif /* CA_H_ */