generalized get_ca_certificate() to get_auth_certificate(auth_flags)
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Mar 2007 18:56:43 +0000 (18:56 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Mar 2007 18:56:43 +0000 (18:56 -0000)
src/charon/config/credentials/credential_store.h
src/charon/config/credentials/local_credential_store.c
src/charon/encoding/payloads/certreq_payload.c
src/libstrongswan/crypto/x509.c

index 6da0047..9c10f95 100755 (executable)
@@ -108,13 +108,14 @@ struct credential_store_t {
        x509_t* (*get_certificate) (credential_store_t *this, identification_t *id);
        
        /**
-        * @brief Returns the ca certificate of a specific subject distinguished name.
+        * @brief Returns the auth certificate of a specific subject distinguished name.
         * 
         * @param this                                  calling object
+        * @param auth_flags                    set of allowed authority types
         * @param id                                    identification_t object identifiying the cacert.
         * @return                                              certificate, or NULL if not found
         */
-       x509_t* (*get_ca_certificate) (credential_store_t *this, identification_t *id);
+       x509_t* (*get_auth_certificate) (credential_store_t *this, u_int auth_flags, identification_t *id);
        
        /**
         * @brief Returns the ca certificate of a specific keyID.
index df47723..97146d4 100644 (file)
@@ -356,10 +356,11 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ
 }
 
 /**
- * Implementation of credential_store_t.get_ca_certificate.
+ * Implementation of credential_store_t.get_auth_certificate.
  */
-static x509_t* get_ca_certificate(private_local_credential_store_t *this,
-                                                                 identification_t *id)
+static x509_t* get_auth_certificate(private_local_credential_store_t *this,
+                                                                       u_int auth_flags,
+                                                                       identification_t *id)
 {
        x509_t *found = NULL;
        x509_t *current_cert;
@@ -368,7 +369,7 @@ static x509_t* get_ca_certificate(private_local_credential_store_t *this,
 
        while (iterator->iterate(iterator, (void**)&current_cert))
        {
-               if (current_cert->has_authority_flag(current_cert, AUTH_CA)
+               if (current_cert->has_authority_flag(current_cert, auth_flags)
                &&  id->equals(id, current_cert->get_subject(current_cert)))
                {
                        found = current_cert;
@@ -1229,7 +1230,7 @@ local_credential_store_t * local_credential_store_create(bool strict)
        this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
        this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key;
        this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
-       this->public.credential_store.get_ca_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate;
+       this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
        this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
        this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer;
        this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
index ea465fd..55f04c5 100644 (file)
@@ -274,7 +274,7 @@ certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id)
        chunk_t keyid;
        certreq_payload_t *this;
        
-       cacert = charon->credentials->get_ca_certificate(charon->credentials, id);
+       cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id);
        if (cacert == NULL)
        {
                /* no such CA cert */
index da7c3c7..d544560 100755 (executable)
@@ -1084,9 +1084,9 @@ static u_int get_authority_flags(private_x509_t *this)
 /**
  * Implements x509_t.has_authority_flag
  */
-static bool has_authority_flag(private_x509_t *this, u_int flag)
+static bool has_authority_flag(private_x509_t *this, u_int flags)
 {
-       return (this->authority_flags & flag) != AUTH_NONE;
+       return (this->authority_flags & flags) != AUTH_NONE;
 }
 
 /**
@@ -1295,7 +1295,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
        this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
        this->public.get_status = (cert_status_t (*) (const x509_t*))get_status;
        this->public.add_authority_flags = (void (*) (x509_t*,u_int))add_authority_flags;
-       this->public.get_authority_flags = (u_int (*) (x509_t*,u_int))get_authority_flags;
+       this->public.get_authority_flags = (u_int (*) (x509_t*))get_authority_flags;
        this->public.has_authority_flag = (bool (*) (x509_t*,u_int))has_authority_flag;
        this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
        this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;