Function add_crl added to mem_cred_t.
authorTobias Brunner <tobias@strongswan.org>
Fri, 19 Nov 2010 16:28:46 +0000 (17:28 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 3 Dec 2010 17:00:00 +0000 (18:00 +0100)
src/libstrongswan/credentials/sets/mem_cred.c
src/libstrongswan/credentials/sets/mem_cred.h

index bd7891b..1a1f086 100644 (file)
@@ -187,6 +187,65 @@ METHOD(mem_cred_t, add_cert_ref, certificate_t*,
        return add_cert_internal(this, trusted, cert);
 }
 
+METHOD(mem_cred_t, add_crl, bool,
+       private_mem_cred_t *this, crl_t *crl)
+{
+       certificate_t *current, *cert = &crl->certificate;
+       enumerator_t *enumerator;
+       bool new = TRUE;
+
+       this->lock->write_lock(this->lock);
+       enumerator = this->untrusted->create_enumerator(this->untrusted);
+       while (enumerator->enumerate(enumerator, (void**)&current))
+       {
+               if (current->get_type(current) != CERT_X509_CRL)
+               {
+                       bool found = FALSE;
+                       crl_t *crl_c = (crl_t*)current;
+                       chunk_t authkey = crl->get_authKeyIdentifier(crl);
+                       chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c);
+
+                       /* compare authorityKeyIdentifiers if available */
+                       if (chunk_equals(authkey, authkey_c))
+                       {
+                               found = TRUE;
+                       }
+                       else
+                       {
+                               identification_t *issuer = cert->get_issuer(cert);
+                               identification_t *issuer_c = current->get_issuer(current);
+
+                               /* otherwise compare issuer distinguished names */
+                               if (issuer->equals(issuer, issuer_c))
+                               {
+                                       found = TRUE;
+                               }
+                       }
+                       if (found)
+                       {
+                               new = crl_is_newer(crl, crl_c);
+                               if (new)
+                               {
+                                       this->untrusted->remove_at(this->untrusted, enumerator);
+                               }
+                               else
+                               {
+                                       cert->destroy(cert);
+                               }
+                               break;
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       if (new)
+       {
+               this->untrusted->insert_last(this->untrusted, cert);
+       }
+       this->lock->unlock(this->lock);
+       return new;
+}
+
 /**
  * Data for key enumerator
  */
@@ -461,6 +520,7 @@ mem_cred_t *mem_cred_create()
                        },
                        .add_cert = _add_cert,
                        .add_cert_ref = _add_cert_ref,
+                       .add_crl = _add_crl,
                        .add_key = _add_key,
                        .add_shared = _add_shared,
                        .add_shared_list = _add_shared_list,
index 547fe6e..4db584a 100644 (file)
@@ -26,6 +26,7 @@
 typedef struct mem_cred_t mem_cred_t;
 
 #include <credentials/credential_set.h>
+#include <credentials/certificates/crl.h>
 #include <utils/linked_list.h>
 
 /**
@@ -58,6 +59,15 @@ struct mem_cred_t {
                                                                   certificate_t *cert);
 
        /**
+        * Add an X.509 CRL to the credential set.
+        *
+        * @param crl                   CRL, gets owned by set
+        * @return                              TRUE, if the CRL is newer than an existing one (or
+        *                                              new at all)
+        */
+       bool (*add_crl)(mem_cred_t *this, crl_t *crl);
+
+       /**
         * Add a private key to the credential set.
         *
         * @param key                   key, reference gets owned by set