removed X509_PEER flag; flags are meant to read cert, not to store additional state...
authorMartin Willi <martin@strongswan.org>
Fri, 14 Mar 2008 15:11:29 +0000 (15:11 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 14 Mar 2008 15:11:29 +0000 (15:11 -0000)
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t

src/charon/plugins/stroke/stroke.c
src/libstrongswan/credentials/certificates/x509.h
src/libstrongswan/credentials/keys/shared_key.c
src/libstrongswan/credentials/keys/shared_key.h
src/libstrongswan/plugins/x509/x509_cert.c

index 9d11284..920533d 100755 (executable)
@@ -570,7 +570,7 @@ static chunk_t get_key(private_shared_key_t *this)
 /**
  * create a shared key
  */
-static private_shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key)
+static private_shared_key_t *private_shared_key_create(shared_key_type_t type, chunk_t key)
 {
        private_shared_key_t *this = malloc_thing(private_shared_key_t);
 
@@ -739,9 +739,6 @@ static x509_t* load_cert(char *path, x509_flag_t flag)
                cert->destroy(cert);
                return NULL;
        }
-
-       /* set cert flags to flag but keep X509_SELF_SIGNED property */
-       x509->set_flags(x509, flag | (flags & X509_SELF_SIGNED));
                
        /* check validity */
        {
@@ -777,11 +774,7 @@ static certificate_t* add_x509_cert(private_stroke_t *this, x509_t* x509)
        {
                if (current->equals(current, cert))
                {
-                       x509_flag_t flags = x509->get_flags(x509);
-                       x509_t *x509c = (x509_t*)current;
-
-                       /* cert already in queue - add flags and discard */
-                       x509c->set_flags(x509c, flags | x509c->get_flags(x509c));
+                       /* cert already in queue */
                        cert->destroy(cert);
                        cert = current;
                        new = FALSE;
@@ -912,7 +905,7 @@ static void load_peer_cert(private_stroke_t *this,
                snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
        }
        
-       x509 = load_cert(path, X509_PEER);
+       x509 = load_cert(path, 0);
 
        if (x509)
        {
@@ -1232,7 +1225,7 @@ static void load_secrets(private_stroke_t *this)
                                DBG1(DBG_CFG, "line %d: malformed secret: %s", line_nr, ugh);
                                goto error;
                        }
-                       shared_key = shared_key_create(type, secret);
+                       shared_key = private_shared_key_create(type, secret);
                        DBG1(DBG_CFG, "  loaded %N secret for %s", shared_key_type_names, type,
                                 ids.len > 0 ? (char*)ids.ptr : "%any");
                        DBG4(DBG_CFG, "  secret:", secret);
@@ -2643,7 +2636,8 @@ static void stroke_list_certs(char *label, x509_flag_t flags, bool utc, FILE *ou
                x509_t *x509 = (x509_t*)cert;
                x509_flag_t x509_flags = x509->get_flags(x509);
 
-               if (x509_flags & flags)
+               /* list only if flag is set, or flags == 0 (ignoring self-signed) */
+               if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED)))
                {
                        enumerator_t *enumerator;
                        identification_t *altName;
@@ -2721,12 +2715,9 @@ static void stroke_list_certs(char *label, x509_flag_t flags, bool utc, FILE *ou
                                id    = public->get_id(public, ID_PUBKEY_SHA1);
                                keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
 
-                               if (flags & X509_PEER)
-                               {
-                                       private = charon->credentials->get_private(
+                               private = charon->credentials->get_private(
                                                                        charon->credentials, 
-                                                                       public->get_type(public), id, NULL);
-                               }
+                                                                       public->get_type(public), keyid, NULL);
                                fprintf(out, "  pubkey:    %N %d bits%s\n",
                                                key_type_names, public->get_type(public),
                                                public->get_keysize(public) * 8,
@@ -2915,22 +2906,22 @@ static void stroke_list(private_stroke_t *this, stroke_msg_t *msg, FILE *out)
        if (msg->list.flags & LIST_CERTS)
        {
                stroke_list_certs("X.509 End Entity Certificates",
-                                                  X509_PEER, msg->list.utc, out);
+                                                 0, msg->list.utc, out);
        }
        if (msg->list.flags & LIST_CACERTS)
        {
                stroke_list_certs("X.509 CA Certificates",
-                                                  X509_CA, msg->list.utc, out);
+                                                 X509_CA, msg->list.utc, out);
        }
        if (msg->list.flags & LIST_OCSPCERTS)
        {
                stroke_list_certs("X.509 OCSP Signer Certificates",
-                                                  X509_OCSP_SIGNER, msg->list.utc, out);
+                                                 X509_OCSP_SIGNER, msg->list.utc, out);
        }
        if (msg->list.flags & LIST_AACERTS)
        {
                stroke_list_certs("X.509 AA Certificates",
-                                                  X509_AA, msg->list.utc, out);
+                                                 X509_AA, msg->list.utc, out);
        }
        if (msg->list.flags & LIST_ACERTS)
        {
index a4f9d1f..9d40547 100644 (file)
@@ -37,10 +37,8 @@ enum x509_flag_t {
        X509_AA =                       (1<<1),
        /** cert has OCSP signer constraint */
        X509_OCSP_SIGNER =      (1<<2),
-       /** cert belongs to an end entity  */
-       X509_PEER =         (1<<3),
        /** cert is self-signed */
-       X509_SELF_SIGNED =  (1<<4),
+       X509_SELF_SIGNED =  (1<<3),
 };
 
 /**
@@ -69,13 +67,6 @@ struct x509_t {
        x509_flag_t (*get_flags)(x509_t *this);
        
        /**
-        * Set the flags for this certificate.
-        *
-        * @param flags         set of flags
-        */
-       void (*set_flags)(x509_t *this, x509_flag_t flags);
-       
-       /**
         * Get the certificate serial number.
         *
         * @return                      chunk pointing to internal serial number
index 66b45a0..1ca848b 100644 (file)
@@ -25,3 +25,87 @@ ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN,
        "PIN",
 );
 
+typedef struct private_shared_key_t private_shared_key_t;
+
+/**
+ * private data of shared_key
+ */
+struct private_shared_key_t {
+
+       /**
+        * public functions
+        */
+       shared_key_t public;
+       
+       /**
+        * type of this shared key
+        */
+       shared_key_type_t type;
+       
+       /**
+        * associated shared key data
+        */
+       chunk_t key;
+       
+       /**
+        * reference counter
+        */
+       refcount_t ref;
+};
+
+/**
+ * Implements shared_key_t.get_type
+ */
+static shared_key_type_t get_type(private_shared_key_t *this)
+{
+       return this->type;
+}
+
+/**
+ * Implements shared_key_t.get_key
+ */
+static chunk_t get_key(private_shared_key_t *this)
+{
+       return this->key;
+}
+
+/**
+ * Implements shared_key_t.get_ref
+ */
+static shared_key_t* get_ref(private_shared_key_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public;
+}
+
+/**
+ * Implementation of shared_key_t.destroy
+ */
+static void destroy(private_shared_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this->key.ptr);
+               free(this);
+       }
+}
+
+/*
+ * see header file
+ */
+shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key)
+{
+       private_shared_key_t *this = malloc_thing(private_shared_key_t);
+       
+       this->public.get_type = (shared_key_type_t (*)(shared_key_t *this))get_type;
+       this->public.get_key = (chunk_t (*)(shared_key_t *this))get_key;
+       this->public.get_ref = (shared_key_t* (*)(shared_key_t *this))get_ref;
+       this->public.destroy = (void(*)(shared_key_t*))destroy;
+       
+       this->type = type;
+       this->key = key;
+       this->ref = 1;
+       
+       return &this->public;
+}
+
index 86586a7..ceb1309 100644 (file)
@@ -83,4 +83,13 @@ struct shared_key_t {
     void (*destroy)(shared_key_t *this);
 };
 
+/**
+ * A simple private key implementation
+ *
+ * @param type         type of the shared key
+ * @param key          key data, gets owned by instance
+ * @return                     simple shared key instance
+ */
+shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key);
+
 #endif /** SHARED_KEY_H_ @} */
index 47a841c..a044c60 100644 (file)
@@ -1012,14 +1012,6 @@ static private_x509_cert_t* get_ref(private_x509_cert_t *this)
 }
 
 /**
- * Implementation of x509_cert_t.set_flags.
- */
-static void set_flags(private_x509_cert_t *this, x509_flag_t flags)
-{
-       this->flags = flags;
-}
-
-/**
  * Implementation of x509_cert_t.get_flags.
  */
 static x509_flag_t get_flags(private_x509_cert_t *this)
@@ -1167,7 +1159,6 @@ static x509_cert_t *load(chunk_t chunk)
        this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
        this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
        this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
-       this->public.interface.set_flags = (void (*)(x509_t*, x509_flag_t flags))set_flags;
        this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags;
        this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial;
        this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier;