mem-cred: Add a method to atomically replace all certificates
authorTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 07:39:15 +0000 (09:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 17:19:12 +0000 (19:19 +0200)
src/libstrongswan/credentials/sets/mem_cred.c
src/libstrongswan/credentials/sets/mem_cred.h

index 7ad011b..a16767c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
  * Hochschule fuer Technik Rapperwsil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -643,6 +643,49 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
 
 }
 
+static void reset_certs(private_mem_cred_t *this)
+{
+       this->trusted->destroy_offset(this->trusted,
+                                                                 offsetof(certificate_t, destroy));
+       this->untrusted->destroy_offset(this->untrusted,
+                                                                       offsetof(certificate_t, destroy));
+       this->trusted = linked_list_create();
+       this->untrusted = linked_list_create();
+}
+
+static void copy_certs(linked_list_t *dst, linked_list_t *src, bool clone)
+{
+       enumerator_t *enumerator;
+       certificate_t *cert;
+
+       enumerator = src->create_enumerator(src);
+       while (enumerator->enumerate(enumerator, &cert))
+       {
+               if (clone)
+               {
+                       cert = cert->get_ref(cert);
+               }
+               else
+               {
+                       src->remove_at(src, enumerator);
+               }
+               dst->insert_last(dst, cert);
+       }
+       enumerator->destroy(enumerator);
+}
+
+METHOD(mem_cred_t, replace_certs, void,
+       private_mem_cred_t *this, mem_cred_t *other_set, bool clone)
+{
+       private_mem_cred_t *other = (private_mem_cred_t*)other_set;
+
+       this->lock->write_lock(this->lock);
+       reset_certs(this);
+       copy_certs(this->untrusted, other->untrusted, clone);
+       copy_certs(this->trusted, other->trusted, clone);
+       this->lock->unlock(this->lock);
+}
+
 static void reset_secrets(private_mem_cred_t *this)
 {
        this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy));
@@ -710,17 +753,11 @@ METHOD(mem_cred_t, clear_, void,
        private_mem_cred_t *this)
 {
        this->lock->write_lock(this->lock);
-       this->trusted->destroy_offset(this->trusted,
-                                                                 offsetof(certificate_t, destroy));
-       this->untrusted->destroy_offset(this->untrusted,
-                                                                       offsetof(certificate_t, destroy));
        this->cdps->destroy_function(this->cdps, (void*)cdp_destroy);
-       this->trusted = linked_list_create();
-       this->untrusted = linked_list_create();
        this->cdps = linked_list_create();
+       reset_certs(this);
+       reset_secrets(this);
        this->lock->unlock(this->lock);
-
-       clear_secrets(this);
 }
 
 METHOD(mem_cred_t, destroy, void,
@@ -760,6 +797,7 @@ mem_cred_t *mem_cred_create()
                        .add_shared = _add_shared,
                        .add_shared_list = _add_shared_list,
                        .add_cdp = _add_cdp,
+                       .replace_certs = _replace_certs,
                        .replace_secrets = _replace_secrets,
                        .clear = _clear_,
                        .clear_secrets = _clear_secrets,
index 3ce815a..51f0b8c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2013 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -102,6 +102,7 @@ struct mem_cred_t {
         */
        void (*add_shared_list)(mem_cred_t *this, shared_key_t *shared,
                                                        linked_list_t *owners);
+
        /**
         * Add a certificate distribution point to the set.
         *
@@ -113,6 +114,15 @@ struct mem_cred_t {
                                        identification_t *id, char *uri);
 
        /**
+        * Replace all certificates in this credential set with those of another.
+        *
+        * @param other                 credential set to get certificates from
+        * @param clone                 TRUE to clone certs, FALSE to adopt them (they
+        *                                              get removed from the other set)
+        */
+       void (*replace_certs)(mem_cred_t *this, mem_cred_t *other, bool clone);
+
+       /**
         * Replace all secrets (private and shared keys) in this credential set
         * with those of another.
         *