x509: Replace the comma separated string AC group builder with a list based one
authorMartin Willi <martin@revosec.ch>
Tue, 4 Feb 2014 15:24:03 +0000 (16:24 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 31 Mar 2014 09:14:58 +0000 (11:14 +0200)
src/libstrongswan/credentials/builder.c
src/libstrongswan/credentials/builder.h
src/libstrongswan/plugins/x509/x509_ac.c
src/openac/openac.c

index 4e52272..ddb64ef 100644 (file)
@@ -38,7 +38,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
        "BUILD_SERIAL",
        "BUILD_DIGEST_ALG",
        "BUILD_ENCRYPTION_ALG",
        "BUILD_SERIAL",
        "BUILD_DIGEST_ALG",
        "BUILD_ENCRYPTION_ALG",
-       "BUILD_IETF_GROUP_ATTR",
+       "BUILD_AC_GROUP_STRINGS",
        "BUILD_CA_CERT",
        "BUILD_CERT",
        "BUILD_CRL_DISTRIBUTION_POINTS",
        "BUILD_CA_CERT",
        "BUILD_CERT",
        "BUILD_CRL_DISTRIBUTION_POINTS",
@@ -72,4 +72,3 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
        "BUILD_THRESHOLD",
        "BUILD_END",
 );
        "BUILD_THRESHOLD",
        "BUILD_END",
 );
-
index 103b823..627e093 100644 (file)
@@ -87,8 +87,8 @@ enum builder_part_t {
        BUILD_DIGEST_ALG,
        /** encryption algorithm to use, encryption_algorithm_t */
        BUILD_ENCRYPTION_ALG,
        BUILD_DIGEST_ALG,
        /** encryption algorithm to use, encryption_algorithm_t */
        BUILD_ENCRYPTION_ALG,
-       /** a comma-separated list of ietf group attributes, char* */
-       BUILD_IETF_GROUP_ATTR,
+       /** list of AC group memberships, linked_list_t* with char* */
+       BUILD_AC_GROUP_STRINGS,
        /** a ca certificate, certificate_t* */
        BUILD_CA_CERT,
        /** a certificate, certificate_t* */
        /** a ca certificate, certificate_t* */
        BUILD_CA_CERT,
        /** a certificate, certificate_t* */
index 410b2e5..97e2a94 100644 (file)
@@ -1065,15 +1065,15 @@ x509_ac_t *x509_ac_load(certificate_type_t type, va_list args)
 }
 
 /**
 }
 
 /**
- * Parse a comma separated group list into AC group memberships
+ * Add groups from a list into AC group memberships
  */
  */
-static void add_groups_from_string(private_x509_ac_t *this, char *str)
+static void add_groups_from_list(private_x509_ac_t *this, linked_list_t *list)
 {
        enumerator_t *enumerator;
        group_t *group;
        char *name;
 
 {
        enumerator_t *enumerator;
        group_t *group;
        char *name;
 
-       enumerator = enumerator_create_token(str, ",", " ");
+       enumerator = list->create_enumerator(list);
        while (enumerator->enumerate(enumerator, &name))
        {
                INIT(group,
        while (enumerator->enumerate(enumerator, &name))
        {
                INIT(group,
@@ -1106,8 +1106,8 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
                        case BUILD_SERIAL:
                                ac->serialNumber = chunk_clone(va_arg(args, chunk_t));
                                continue;
                        case BUILD_SERIAL:
                                ac->serialNumber = chunk_clone(va_arg(args, chunk_t));
                                continue;
-                       case BUILD_IETF_GROUP_ATTR:
-                               add_groups_from_string(ac, va_arg(args, char*));
+                       case BUILD_AC_GROUP_STRINGS:
+                               add_groups_from_list(ac, va_arg(args, linked_list_t*));
                                continue;
                        case BUILD_CERT:
                                ac->holderCert = va_arg(args, certificate_t*);
                                continue;
                        case BUILD_CERT:
                                ac->holderCert = va_arg(args, certificate_t*);
index 8862e9a..1424a7e 100644 (file)
@@ -495,6 +495,18 @@ int main(int argc, char **argv)
        if (userCert != NULL && signerCert != NULL && signerKey != NULL &&
                outfile != NULL)
        {
        if (userCert != NULL && signerCert != NULL && signerKey != NULL &&
                outfile != NULL)
        {
+               linked_list_t *group_list;
+               enumerator_t *enumerator;
+               char *group;
+
+               group_list = linked_list_create();
+               enumerator = enumerator_create_token(groups, ",", " ");
+               while (enumerator->enumerate(enumerator, &group))
+               {
+                       group_list->insert_last(group_list, strdup(group));
+               }
+               enumerator->destroy(enumerator);
+
                /* read the serial number and increment it by one */
                serial = read_serial();
 
                /* read the serial number and increment it by one */
                serial = read_serial();
 
@@ -504,10 +516,11 @@ int main(int argc, char **argv)
                                                        BUILD_NOT_BEFORE_TIME, notBefore,
                                                        BUILD_NOT_AFTER_TIME, notAfter,
                                                        BUILD_SERIAL, serial,
                                                        BUILD_NOT_BEFORE_TIME, notBefore,
                                                        BUILD_NOT_AFTER_TIME, notAfter,
                                                        BUILD_SERIAL, serial,
-                                                       BUILD_IETF_GROUP_ATTR, groups,
+                                                       BUILD_AC_GROUP_STRINGS, group_list,
                                                        BUILD_SIGNING_CERT, signerCert,
                                                        BUILD_SIGNING_KEY, signerKey,
                                                        BUILD_END);
                                                        BUILD_SIGNING_CERT, signerCert,
                                                        BUILD_SIGNING_KEY, signerKey,
                                                        BUILD_END);
+               group_list->destroy_function(group_list, free);
                if (!attr_cert)
                {
                        goto end;
                if (!attr_cert)
                {
                        goto end;