add is_ca() method
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 May 2007 10:16:10 +0000 (10:16 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 18 May 2007 10:16:10 +0000 (10:16 -0000)
src/libstrongswan/crypto/ca.c
src/libstrongswan/crypto/ca.h

index bb35b37..07413e8 100644 (file)
@@ -158,6 +158,14 @@ static bool is_crl_issuer(private_ca_info_t *this, const crl_t *crl)
 }
 
 /**
+ * Implements ca_info_t.is_ca
+ */
+static bool is_ca(private_ca_info_t *this)
+{
+       return this->cacert->is_ca(this->cacert);
+}
+
+/**
  * Implements ca_info_t.is_strict
  */
 static bool is_strict(private_ca_info_t *this)
@@ -778,6 +786,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
        this->public.equals_name_release_info = (bool (*) (ca_info_t*,const char*))equals_name_release_info;
        this->public.is_cert_issuer = (bool (*) (ca_info_t*,const x509_t*))is_cert_issuer;
        this->public.is_crl_issuer = (bool (*) (ca_info_t*,const crl_t*))is_crl_issuer;
+       this->public.is_ca = (bool (*) (ca_info_t*))is_ca;
        this->public.is_strict = (bool (*) (ca_info_t*))is_strict;
        this->public.add_info = (void (*) (ca_info_t*,const ca_info_t*))add_info;
        this->public.add_crl = (void (*) (ca_info_t*,crl_t*))add_crl;
index ae10e25..ff6271b 100644 (file)
 typedef struct ca_info_t ca_info_t;
 
 #include <library.h>
-#include <credential_store.h>
 
 #include "x509.h"
 #include "crl.h"
 
 #define MAX_CA_PATH_LEN                7
 
+/*forward declaration */
+struct credential_store_t;
+
 /**
  * @brief X.509 certification authority information record
  * 
@@ -81,6 +83,14 @@ struct ca_info_t {
        bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl);
 
        /**
+        * @brief Checks if the ca certificate has the isCA flag set
+        *
+        * @param this                  ca info object
+        * @return                              TRUE if the isCA flag is set
+        */
+       bool (*is_ca) (ca_info_t *this);
+
+       /**
         * @brief Checks if the ca enforces a strict crl policy
         * 
         * @param this                  ca info object
@@ -192,7 +202,7 @@ struct ca_info_t {
         * @param credentials   credential store needed for trust path verification
         * @return                              certificate status
         */
-       cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials);
+       cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, struct credential_store_t* credentials);
 
        /**
         * @brief Purge the OCSP certinfos of a ca info record