Cleanup CERT payload constructors
authorMartin Willi <martin@revosec.ch>
Tue, 6 Dec 2011 12:37:57 +0000 (13:37 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:13 +0000 (17:31 +0100)
src/conftest/hooks/ike_auth_fill.c
src/conftest/hooks/pretend_auth.c
src/libcharon/encoding/payloads/cert_payload.c
src/libcharon/encoding/payloads/cert_payload.h
src/libcharon/sa/tasks/ike_cert_post.c

index ac26d1b..7362c19 100644 (file)
@@ -108,7 +108,7 @@ METHOD(listener_t, message, bool,
                        diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH;
                        data = chunk_alloc(diff);
                        memset(data.ptr, 0x12, data.len);
-                       pld = cert_payload_create_custom(201, data, CERTIFICATE);
+                       pld = cert_payload_create_custom(CERTIFICATE, 201, data);
                        message->add_payload(message, &pld->payload_interface);
                        DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff);
                }
index b8f9614..10b13c6 100644 (file)
@@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this,
        cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
        if (cert)
        {
-               payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+               payload = cert_payload_create_from_cert(CERTIFICATE, cert);
                if (payload)
                {
                        DBG1(DBG_IKE, "pretending end entity cert \"%Y\"",
@@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this,
        {
                if (type == AUTH_RULE_IM_CERT)
                {
-                       payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+                       payload = cert_payload_create_from_cert(CERTIFICATE, cert);
                        if (payload)
                        {
                                DBG1(DBG_IKE, "pretending issuer cert \"%Y\"",
index af726ad..3a230b9 100644 (file)
@@ -304,10 +304,12 @@ cert_payload_t *cert_payload_create(payload_type_t type)
 /*
  * Described in header
  */
-cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_t type)
+cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
+                                                                                         certificate_t *cert)
 {
-       private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+       private_cert_payload_t *this;
 
+       this = (private_cert_payload_t*)cert_payload_create(type);
        switch (cert->get_type(cert))
        {
                case CERT_X509:
@@ -326,33 +328,38 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_
                return NULL;
        }
        this->payload_length = get_header_length(this) + this->data.len;
+
        return &this->public;
 }
 
 /*
  * Described in header
  */
-cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url,
-                                                                                                         payload_type_t type)
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url)
 {
-       private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+       private_cert_payload_t *this;
 
+       this = (private_cert_payload_t*)cert_payload_create(CERTIFICATE);
        this->encoding = ENC_X509_HASH_AND_URL;
        this->data = chunk_cat("cc", hash, chunk_create(url, strlen(url)));
        this->payload_length = get_header_length(this) + this->data.len;
+
        return &this->public;
 }
 
 /*
  * Described in header
  */
-cert_payload_t *cert_payload_create_custom(cert_encoding_t encoding,
-                                                                                  chunk_t data, payload_type_t type)
+cert_payload_t *cert_payload_create_custom(payload_type_t type,
+                                                                               cert_encoding_t encoding, chunk_t data)
 {
-       private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(type);
+       private_cert_payload_t *this;
 
+       this = (private_cert_payload_t*)cert_payload_create(type);
        this->encoding = encoding;
        this->data = data;
        this->payload_length = get_header_length(this) + this->data.len;
+
        return &this->public;
 }
+
index c237d7d..d85a463 100644 (file)
@@ -55,9 +55,7 @@ enum cert_encoding_t {
 extern enum_name_t *cert_encoding_names;
 
 /**
- * Class representing an IKEv2 CERT payload.
- *
- * The CERT payload format is described in RFC section 3.6.
+ * Class representing an IKEv1/IKEv2 CERT payload.
  */
 struct cert_payload_t {
 
@@ -121,17 +119,16 @@ cert_payload_t *cert_payload_create(payload_type_t type);
  * @param cert                         certificate to embed
  * @return                                     cert_payload_t object
  */
-cert_payload_t *cert_payload_create_from_cert(certificate_t *cert, payload_type_t type);
+cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
+                                                                                         certificate_t *cert);
 
 /**
- * Creates a certificate payload with hash and URL encoding of a certificate.
+ * Creates an IKEv2 certificate payload with hash and URL encoding.
  *
- * @param type                         payload type (for IKEv1 or IKEv2)
  * @param hash                         hash of the DER encoded certificate (get's cloned)
- * @param url                          the URL to locate the certificate (get's cloned)
  * @return                                     cert_payload_t object
  */
-cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url, payload_type_t type);
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
 
 /**
  * Creates a custom certificate payload using type and associated data.
@@ -141,6 +138,7 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url, p
  * @param data                         associated data (gets owned)
  * @return                                     cert_payload_t object
  */
-cert_payload_t *cert_payload_create_custom(cert_encoding_t encoding, chunk_t data, payload_type_t type);
+cert_payload_t *cert_payload_create_custom(payload_type_t type,
+                                                                               cert_encoding_t encoding, chunk_t data);
 
 #endif /** CERT_PAYLOAD_H_ @}*/
index ba5d76b..bedf323 100644 (file)
@@ -62,14 +62,14 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
 
        if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL))
        {
-               return cert_payload_create_from_cert(cert, CERTIFICATE);
+               return cert_payload_create_from_cert(CERTIFICATE, cert);
        }
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
        if (!hasher)
        {
                DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
-               return cert_payload_create_from_cert(cert, CERTIFICATE);
+               return cert_payload_create_from_cert(CERTIFICATE, cert);
        }
 
        if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
@@ -86,12 +86,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
        enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509, id);
        if (enumerator->enumerate(enumerator, &url))
        {
-               payload = cert_payload_create_from_hash_and_url(hash, url, CERTIFICATE);
+               payload = cert_payload_create_from_hash_and_url(hash, url);
                DBG1(DBG_IKE, "sending hash-and-url \"%s\"", url);
        }
        else
        {
-               payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+               payload = cert_payload_create_from_cert(CERTIFICATE, cert);
        }
        enumerator->destroy(enumerator);
        chunk_free(&hash);
@@ -154,7 +154,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
                        {
                                if (type == AUTH_RULE_IM_CERT)
                                {
-                                       payload = cert_payload_create_from_cert(cert, CERTIFICATE);
+                                       payload = cert_payload_create_from_cert(CERTIFICATE, cert);
                                        if (payload)
                                        {
                                                DBG1(DBG_IKE, "sending issuer cert \"%Y\"",