support of setting and getting authority flags
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Mar 2007 16:48:16 +0000 (16:48 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Mar 2007 16:48:16 +0000 (16:48 -0000)
src/libstrongswan/crypto/x509.c
src/libstrongswan/crypto/x509.h

index fe95f04..da7c3c7 100755 (executable)
@@ -84,7 +84,7 @@ struct private_x509_t {
        /**
         * Authority flags
         */
-        u_char authority_flags;
+        u_int authority_flags;
 
        /**
         * X.509 Certificate in DER format
@@ -1066,6 +1066,30 @@ static cert_status_t get_status(const private_x509_t *this)
 }
 
 /**
+ * Implements x509_t.add_authority_flags
+ */
+static void add_authority_flags(private_x509_t *this, u_int flags)
+{
+       this->authority_flags |= flags;
+}
+
+/**
+ * Implements x509_t.add_authority_flags
+ */
+static u_int get_authority_flags(private_x509_t *this)
+{
+       return this->authority_flags;
+}
+
+/**
+ * Implements x509_t.has_authority_flag
+ */
+static bool has_authority_flag(private_x509_t *this, u_int flag)
+{
+       return (this->authority_flags & flag) != AUTH_NONE;
+}
+
+/**
  * Implements x509_t.create_crluri_iterator
  */
 static iterator_t *create_crluri_iterator(const private_x509_t *this)
@@ -1249,6 +1273,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
        this->subjectKeyID = chunk_empty;
        this->authKeyID = chunk_empty;
        this->authKeySerialNumber = chunk_empty;
+       this->authority_flags = AUTH_NONE;
        
        /* public functions */
        this->public.equals = (bool (*) (const x509_t*,const x509_t*))equals;
@@ -1269,6 +1294,9 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
        this->public.get_until = (time_t (*) (const x509_t*))get_until;
        this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status;
        this->public.get_status = (cert_status_t (*) (const x509_t*))get_status;
+       this->public.add_authority_flags = (void (*) (x509_t*,u_int))add_authority_flags;
+       this->public.get_authority_flags = (u_int (*) (x509_t*,u_int))get_authority_flags;
+       this->public.has_authority_flag = (bool (*) (x509_t*,u_int))has_authority_flag;
        this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
        this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;
        this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
@@ -1301,8 +1329,11 @@ x509_t *x509_create_from_file(const char *filename, const char *label)
        bool pgp = FALSE;
        chunk_t chunk = chunk_empty;
        x509_t *cert = NULL;
+       char cert_label[BUF_LEN];
+
+       snprintf(cert_label, BUF_LEN, "%s certificate", label);
 
-       if (!pem_asn1_load_file(filename, NULL, label, &chunk, &pgp))
+       if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
                return NULL;
 
        cert = x509_create_from_chunk(chunk, 0);
index 9066fd9..a949d99 100755 (executable)
@@ -86,6 +86,31 @@ struct x509_t {
        cert_status_t (*get_status) (const x509_t *this);
 
        /**
+        * @brief Add authority flags
+        * 
+        * @param this                          calling object
+        * @param flag                          flags to be added
+        */
+       void (*add_authority_flags) (x509_t *this, u_int flags);
+
+       /**
+        * @brief Get authority flags
+        * 
+        * @param this                          calling object
+        * @return                                      authority flags
+        */
+       u_int (*get_authority_flags) (x509_t *this);
+
+       /**
+        * @brief Check a specific authority flag
+        * 
+        * @param this                          calling object
+        * @param flag                          flag to be checked
+        * @return                                      TRUE if flag is present
+        */
+       bool (*has_authority_flag) (x509_t *this, u_int flag);
+
+       /**
         * @brief Get the DER-encoded X.509 certificate body
         * 
         * @param this                          calling object