ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris)
{
private_ocsp_t *this = malloc_thing(private_ocsp_t);
-
+
/* initialize */
this->cacert = cacert;
this->uris = uris;
this->certinfos = linked_list_create();
this->nonce = chunk_empty;
this->authKeyID = cacert->get_subjectKeyID(cacert);
- /* TODO compute authKeyID in case subjectKeyID does not exist */
{
hasher_t *hasher = hasher_create(HASH_SHA1);
identification_t *issuer = cacert->get_subject(cacert);
#include <stdio.h>
#include "x509.h"
-
+#include "hashers/hasher.h"
#include <library.h>
#include <debug.h>
#include <asn1/oid.h>
/**
* Parses an X.509v3 certificate
*/
-bool parse_x509cert(chunk_t blob, u_int level0, private_x509_t *cert)
+static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *cert)
{
asn1_ctx_t ctx;
bool critical;
{
switch (extn_oid) {
case OID_SUBJECT_KEY_ID:
- cert->subjectKeyID = parse_keyIdentifier(object, level, FALSE);
+ cert->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
break;
case OID_SUBJECT_ALT_NAME:
parse_generalNames(object, level, FALSE, cert->subjectAltNames);
}
objectID++;
}
+
+ if (cert->subjectKeyID.ptr == NULL)
+ {
+ hasher_t *hasher = hasher_create(HASH_SHA1);
+
+ hasher->allocate_hash(hasher, cert->subjectPublicKey, &cert->subjectKeyID);
+ hasher->destroy(hasher);
+ }
+
time(&cert->installed);
return TRUE;
}
DESTROY_IF(this->issuer);
DESTROY_IF(this->subject);
DESTROY_IF(this->public_key);
+ free(this->subjectKeyID.ptr);
free(this->certificate.ptr);
free(this);
}
this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
this->public.destroy = (void (*) (x509_t*))destroy;
- if (!parse_x509cert(chunk, level, this))
+ if (!parse_certificate(chunk, level, this))
{
destroy(this);
return NULL;
projects / strongswan.git / commitdiff