Accept NULL auth_cfg_t passed to credential_manager_t.get_private()
authorMartin Willi <martin@revosec.ch>
Mon, 23 Jan 2012 11:25:38 +0000 (12:25 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:39 +0000 (17:31 +0100)
src/conftest/hooks/rebuild_auth.c
src/libcharon/plugins/stroke/stroke_list.c
src/libstrongswan/credentials/credential_manager.c

index 8ee4e14..eb95833 100644 (file)
@@ -58,7 +58,6 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
        enumerator_t *enumerator;
        chunk_t octets, auth_data;
        private_key_t *private;
-       auth_cfg_t *auth;
        payload_t *payload;
        auth_payload_t *auth_payload;
        auth_method_t auth_method;
@@ -91,10 +90,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
        id = identification_create_from_encoding(data.ptr[4], chunk_skip(data, 8));
        generator->destroy(generator);
 
-       auth = auth_cfg_create();
        private = lib->credmgr->get_private(lib->credmgr, KEY_ANY,
-                                                                               this->id ?: id, auth);
-       auth->destroy(auth);
+                                                                               this->id ?: id, NULL);
        if (private == NULL)
        {
                DBG1(DBG_CFG, "no private key found for '%Y' to rebuild AUTH",
index c69eef6..8bb1a98 100644 (file)
@@ -685,15 +685,12 @@ static void list_public_key(public_key_t *public, FILE *out)
        private_key_t *private = NULL;
        chunk_t keyid;
        identification_t *id;
-       auth_cfg_t *auth;
 
        if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyid))
        {
                id = identification_create_from_encoding(ID_KEY_ID, keyid);
-               auth = auth_cfg_create();
                private = lib->credmgr->get_private(lib->credmgr,
-                                                                       public->get_type(public), id, auth);
-               auth->destroy(auth);
+                                                                       public->get_type(public), id, NULL);
                id->destroy(id);
        }
 
index 944c269..b8f8ae8 100644 (file)
@@ -1047,42 +1047,45 @@ METHOD(credential_manager_t, get_private, private_key_t*,
                }
        }
 
-       /* if a specific certificate is preferred, check for a matching key */
-       cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
-       if (cert)
+       if (auth)
        {
-               private = get_private_by_cert(this, cert, type);
-               if (private)
+               /* if a specific certificate is preferred, check for a matching key */
+               cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+               if (cert)
                {
-                       trustchain = build_trustchain(this, cert, auth);
-                       if (trustchain)
+                       private = get_private_by_cert(this, cert, type);
+                       if (private)
                        {
-                               auth->merge(auth, trustchain, FALSE);
-                               trustchain->destroy(trustchain);
+                               trustchain = build_trustchain(this, cert, auth);
+                               if (trustchain)
+                               {
+                                       auth->merge(auth, trustchain, FALSE);
+                                       trustchain->destroy(trustchain);
+                               }
+                               return private;
                        }
-                       return private;
                }
-       }
 
-       /* try to build a trust chain for each certificate found */
-       enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE);
-       while (enumerator->enumerate(enumerator, &cert))
-       {
-               private = get_private_by_cert(this, cert, type);
-               if (private)
+               /* try to build a trust chain for each certificate found */
+               enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE);
+               while (enumerator->enumerate(enumerator, &cert))
                {
-                       trustchain = build_trustchain(this, cert, auth);
-                       if (trustchain)
+                       private = get_private_by_cert(this, cert, type);
+                       if (private)
                        {
-                               auth->merge(auth, trustchain, FALSE);
-                               trustchain->destroy(trustchain);
-                               break;
+                               trustchain = build_trustchain(this, cert, auth);
+                               if (trustchain)
+                               {
+                                       auth->merge(auth, trustchain, FALSE);
+                                       trustchain->destroy(trustchain);
+                                       break;
+                               }
+                               private->destroy(private);
+                               private = NULL;
                        }
-                       private->destroy(private);
-                       private = NULL;
                }
+               enumerator->destroy(enumerator);
        }
-       enumerator->destroy(enumerator);
 
        /* if no valid trustchain was found, fall back to the first usable cert */
        if (!private)
@@ -1093,7 +1096,10 @@ METHOD(credential_manager_t, get_private, private_key_t*,
                        private = get_private_by_cert(this, cert, type);
                        if (private)
                        {
-                               auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert->get_ref(cert));
+                               if (auth)
+                               {
+                                       auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert->get_ref(cert));
+                               }
                                break;
                        }
                }