BUILD_BLOB_ASN1_DER, this->data, BUILD_END);
}
+METHOD(cert_payload_t, get_container, container_t*,
+ private_cert_payload_t *this)
+{
+ int type;
+
+ switch (this->encoding)
+ {
+ case ENC_PKCS7_WRAPPED_X509:
+ type = CONTAINER_PKCS7;
+ break;
+ default:
+ return NULL;
+ }
+ return lib->creds->create(lib->creds, CRED_CONTAINER, type,
+ BUILD_BLOB_ASN1_DER, this->data, BUILD_END);
+}
+
METHOD(cert_payload_t, get_hash, chunk_t,
private_cert_payload_t *this)
{
.destroy = _destroy,
},
.get_cert = _get_cert,
+ .get_container = _get_container,
.get_cert_encoding = _get_cert_encoding,
.get_hash = _get_hash,
.get_url = _get_url,
* for more details.
*/
+/*
+ * Copyright (C) 2013 Volker Rümelin
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
#include "isakmp_cert_pre.h"
#include <daemon.h>
#include <encoding/payloads/sa_payload.h>
#include <encoding/payloads/certreq_payload.h>
#include <credentials/certificates/x509.h>
+#include <credentials/containers/pkcs7.h>
typedef struct private_isakmp_cert_pre_t private_isakmp_cert_pre_t;
}
break;
case ENC_PKCS7_WRAPPED_X509:
+ {
+ container_t *container;
+
+ container = cert_payload->get_container(cert_payload);
+ if (container)
+ {
+ pkcs7_t *pkcs7;
+ enumerator_t *enumerator;
+
+ pkcs7 = (pkcs7_t *)container;
+ enumerator = pkcs7->create_cert_enumerator(pkcs7);
+ while (enumerator->enumerate(enumerator, &cert))
+ {
+ if (cert->get_type(cert) == CERT_X509)
+ {
+ auth_rule_t rule;
+ x509_t *x509 = (x509_t*)cert;
+
+ if (x509->get_flags(x509) & X509_CA)
+ {
+ DBG1(DBG_IKE,
+ "received intermediate ca cert \"%Y\"",
+ cert->get_subject(cert));
+ rule = AUTH_HELPER_IM_CERT;
+ }
+ else
+ {
+ DBG1(DBG_IKE,
+ "received end entity cert \"%Y\"",
+ cert->get_subject(cert));
+ rule = AUTH_HELPER_SUBJECT_CERT;
+ }
+ auth->add(auth, rule, cert->get_ref(cert));
+ }
+ else
+ {
+ DBG1(DBG_IKE,
+ "received unsupported cert type %N",
+ certificate_type_names,
+ cert->get_type(cert));
+ }
+ }
+ enumerator->destroy(enumerator);
+ container->destroy(container);
+ }
+ break;
+ }
case ENC_PGP:
case ENC_DNS_SIGNED_KEY:
case ENC_KERBEROS_TOKEN:
projects / strongswan.git / commitdiff