mem-cred: Add a method to atomically replace all certificates

author Tobias Brunner <tobias@strongswan.org>

Thu, 20 Aug 2015 07:39:15 +0000 (09:39 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 20 Aug 2015 17:19:12 +0000 (19:19 +0200)
author Tobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 07:39:15 +0000 (09:39 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 17:19:12 +0000 (19:19 +0200)
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c

index 7ad011b..a16767c 100644 (file)
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
   * Hochschule fuer Technik Rapperwsil
   * Copyright (C) 2010 Martin Willi
   * Copyright (C) 2010 revosec AG
@@ -643,6 +643,49 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
  
  }
  
+static void reset_certs(private_mem_cred_t *this)
+{
+       this->trusted->destroy_offset(this->trusted,
+                                                                 offsetof(certificate_t, destroy));
+       this->untrusted->destroy_offset(this->untrusted,
+                                                                       offsetof(certificate_t, destroy));
+       this->trusted = linked_list_create();
+       this->untrusted = linked_list_create();
+}
+
+static void copy_certs(linked_list_t *dst, linked_list_t *src, bool clone)
+{
+       enumerator_t *enumerator;
+       certificate_t *cert;
+
+       enumerator = src->create_enumerator(src);
+       while (enumerator->enumerate(enumerator, &cert))
+       {
+               if (clone)
+               {
+                       cert = cert->get_ref(cert);
+               }
+               else
+               {
+                       src->remove_at(src, enumerator);
+               }
+               dst->insert_last(dst, cert);
+       }
+       enumerator->destroy(enumerator);
+}
+
+METHOD(mem_cred_t, replace_certs, void,
+       private_mem_cred_t *this, mem_cred_t *other_set, bool clone)
+{
+       private_mem_cred_t *other = (private_mem_cred_t*)other_set;
+
+       this->lock->write_lock(this->lock);
+       reset_certs(this);
+       copy_certs(this->untrusted, other->untrusted, clone);
+       copy_certs(this->trusted, other->trusted, clone);
+       this->lock->unlock(this->lock);
+}
+
  static void reset_secrets(private_mem_cred_t *this)
  {
         this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy));
@@ -710,17 +753,11 @@ METHOD(mem_cred_t, clear_, void,
         private_mem_cred_t *this)
  {
         this->lock->write_lock(this->lock);
-       this->trusted->destroy_offset(this->trusted,
-                                                                 offsetof(certificate_t, destroy));
-       this->untrusted->destroy_offset(this->untrusted,
-                                                                       offsetof(certificate_t, destroy));
         this->cdps->destroy_function(this->cdps, (void*)cdp_destroy);
-       this->trusted = linked_list_create();
-       this->untrusted = linked_list_create();
         this->cdps = linked_list_create();
+       reset_certs(this);
+       reset_secrets(this);
         this->lock->unlock(this->lock);
-
-       clear_secrets(this);
  }
  
  METHOD(mem_cred_t, destroy, void,
@@ -760,6 +797,7 @@ mem_cred_t *mem_cred_create()
                         .add_shared = _add_shared,
                         .add_shared_list = _add_shared_list,
                         .add_cdp = _add_cdp,
+                       .replace_certs = _replace_certs,
                         .replace_secrets = _replace_secrets,
                         .clear = _clear_,
                         .clear_secrets = _clear_secrets,
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h

index 3ce815a..51f0b8c 100644 (file)
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
   * Hochschule fuer Technik Rapperswil
   * Copyright (C) 2010 Martin Willi
   * Copyright (C) 2010 revosec AG
@@ -102,6 +102,7 @@ struct mem_cred_t {
          */
         void (*add_shared_list)(mem_cred_t *this, shared_key_t *shared,
                                                         linked_list_t *owners);
+
         /**
          * Add a certificate distribution point to the set.
          *
@@ -113,6 +114,15 @@ struct mem_cred_t {
                                         identification_t *id, char *uri);
  
         /**
+        * Replace all certificates in this credential set with those of another.
+        *
+        * @param other                 credential set to get certificates from
+        * @param clone                 TRUE to clone certs, FALSE to adopt them (they
+        *                                              get removed from the other set)
+        */
+       void (*replace_certs)(mem_cred_t *this, mem_cred_t *other, bool clone);
+
+       /**
          * Replace all secrets (private and shared keys) in this credential set
          * with those of another.
          *
author	Tobias Brunner <tobias@strongswan.org>
	Thu, 20 Aug 2015 07:39:15 +0000 (09:39 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 20 Aug 2015 17:19:12 +0000 (19:19 +0200)
src/libstrongswan/credentials/sets/mem_cred.c		patch \| blob \| history
src/libstrongswan/credentials/sets/mem_cred.h		patch \| blob \| history