fixed refence counts before calling attribute certificate factory
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 25 Mar 2008 09:39:23 +0000 (09:39 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 25 Mar 2008 09:39:23 +0000 (09:39 -0000)
src/libstrongswan/plugins/x509/x509_ac.c
src/openac/openac.c

index 608ddca..6a2eae4 100644 (file)
@@ -664,6 +664,10 @@ static void destroy(private_x509_ac_t *this)
                DESTROY_IF(this->entityName);
                DESTROY_IF(this->issuerName);
                DESTROY_IF(this->authKeyIdentifier);
+               DESTROY_IF(this->holderCert);
+               DESTROY_IF(this->signerCert);
+               DESTROY_IF(this->signerKey);
+
                ietfAttr_list_destroy(this->charging);
                ietfAttr_list_destroy(this->groups);
                free(this->encoding.ptr);
index abfa95b..b1ac124 100755 (executable)
@@ -201,52 +201,6 @@ static private_key_t* private_key_create_from_file(char *path, chunk_t *secret)
 }
 
 /**
- * Load and parse an X.509 certificate file
- */
-static x509_t* x509_create_from_file(char *path, char *label, x509_flag_t flag)
-{
-
-       bool pgp = FALSE;
-       chunk_t chunk;
-       x509_t *x509;
-       certificate_t *cert;
-       time_t notBefore, notAfter, now;
-       
-       if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
-       {
-               DBG1("  could not load %s file '%s'", label, path);
-               return NULL;
-       }
-       x509 = (x509_t*)lib->creds->create(lib->creds,
-                                                                          CRED_CERTIFICATE, CERT_X509,
-                                                                          BUILD_BLOB_ASN1_DER, chunk,
-                                                                          BUILD_X509_FLAG, flag,
-                                                                          BUILD_END);
-       if (x509 == NULL)
-       {
-               DBG1("  could not parse loaded %s file '%s'",label, path);
-               return NULL;
-       }
-       DBG1("  loaded %s file '%s'", label, path);
-       
-       /* check validity */
-       cert = &x509->interface;
-       now = time(NULL);
-       cert->get_validity(cert, &now, &notBefore, &notAfter);
-       if (now > notAfter)
-       {
-               DBG1("  certificate expired at %T, discarded", &notAfter);
-               cert->destroy(cert);
-               return NULL;
-       }
-       if (now < notBefore)
-       {
-               DBG1("  certificate not valid before %T", &notBefore);
-       }
-       return x509;
-}
-
-/**
  * global variables accessible by both main() and build.c
  */
 
@@ -283,9 +237,9 @@ static void openac_dbg(int level, char *fmt, ...)
 int main(int argc, char **argv)
 {
        certificate_t *attr_cert   = NULL;
-       certificate_t *user_cert   = NULL;
-       certificate_t *signer_cert = NULL;
-       private_key_t *signer_key  = NULL;
+       certificate_t *userCert   = NULL;
+       certificate_t *signerCert = NULL;
+       private_key_t *signerKey  = NULL;
 
        time_t notBefore = UNDEFINED_TIME;
        time_t notAfter  = UNDEFINED_TIME;
@@ -523,9 +477,9 @@ int main(int argc, char **argv)
        /* load the signer's RSA private key */
        if (keyfile != NULL)
        {
-               signer_key = private_key_create_from_file(keyfile, &passphrase);
+               signerKey = private_key_create_from_file(keyfile, &passphrase);
 
-               if (signer_key == NULL)
+               if (signerKey == NULL)
                {
                        goto end;
                }
@@ -540,7 +494,7 @@ int main(int argc, char **argv)
                {
                        goto end;
                }
-               signer_cert = &x509->interface;
+               signerCert = &x509->interface;
        }
 
        /* load the users's X.509 certificate */
@@ -552,7 +506,7 @@ int main(int argc, char **argv)
                {
                        goto end;
                }
-               user_cert = &x509->interface;
+               userCert = &x509->interface;
        }
 
        /* compute validity interval */
@@ -561,21 +515,21 @@ int main(int argc, char **argv)
        notAfter =  (notAfter  == UNDEFINED_TIME) ? time(NULL) + validity : notAfter;
 
        /* build and parse attribute certificate */
-       if (user_cert != NULL && signer_cert != NULL && signer_key != NULL)
+       if (userCert != NULL && signerCert != NULL && signerKey != NULL)
        {
                /* read the serial number and increment it by one */
                serial = read_serial();
 
                attr_cert = lib->creds->create(lib->creds,
-                                                                          CRED_CERTIFICATE, CERT_X509_AC,
-                                                                          BUILD_CERT, user_cert,
-                                                                          BUILD_NOT_BEFORE_TIME, notBefore,
-                                                                          BUILD_NOT_AFTER_TIME, notAfter,
-                                                                          BUILD_SERIAL, serial,
-                                                                          BUILD_IETF_GROUP_ATTR, groups,
-                                                                          BUILD_SIGNING_CERT, signer_cert,
-                                                                          BUILD_SIGNING_KEY, signer_key,
-                                                                          BUILD_END);
+                                                       CRED_CERTIFICATE, CERT_X509_AC,
+                                                       BUILD_CERT, userCert->get_ref(userCert),
+                                                       BUILD_NOT_BEFORE_TIME, notBefore,
+                                                       BUILD_NOT_AFTER_TIME, notAfter,
+                                                       BUILD_SERIAL, serial,
+                                                       BUILD_IETF_GROUP_ATTR, groups,
+                                                       BUILD_SIGNING_CERT, signerCert->get_ref(signerCert),
+                                                       BUILD_SIGNING_KEY, signerKey->get_ref(signerKey),
+                                                       BUILD_END);
                if (!attr_cert)
                {
                        goto end;
@@ -597,9 +551,9 @@ int main(int argc, char **argv)
 
 end:
        /* delete all dynamically allocated objects */
-       DESTROY_IF(signer_key);
-       DESTROY_IF(signer_cert);
-       DESTROY_IF(user_cert);
+       DESTROY_IF(signerKey);
+       DESTROY_IF(signerCert);
+       DESTROY_IF(userCert);
        DESTROY_IF(attr_cert);
        free(attr_chunk.ptr);
        free(serial.ptr);