time_t *not_before, time_t *not_after);
/**
- * Is this newer than that?
- *
- * @return TRUE if newer, FALSE otherwise
- */
- bool (*is_newer)(certificate_t *this, certificate_t *that);
-
- /**
* Get the certificate in an encoded form.
*
* @return allocated chunk of encoded cert
return t <= this->nextUpdate;
}
-METHOD(certificate_t, is_newer, bool,
- private_openssl_crl_t *this, certificate_t *other)
-{
- time_t this_update, that_update;
- chunk_t other_serial;
- x509_t *x509;
- bool new;
-
- x509 = (x509_t*)other;
- other_serial = x509->get_serial(x509);
- if (this->serial.ptr != NULL && other_serial.ptr != NULL)
- { /* compare crlNumbers if available */
- new = chunk_compare(this->serial, other_serial) > 0;
- DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
- &this->serial, new ? "newer":"not newer",
- &other_serial, new ? "replaced":"retained");
- }
- else
- { /* otherwise use thisUpdate */
- get_validity(this, NULL, &this_update, NULL);
- other->get_validity(other, NULL, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
- }
- return new;
-}
-
METHOD(certificate_t, get_encoding, chunk_t,
private_openssl_crl_t *this)
{
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
- .is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,
return (t >= this->notBefore && t <= this->notAfter);
}
-METHOD(certificate_t, is_newer, bool,
- private_openssl_x509_t *this, certificate_t *other)
-{
- time_t this_update, that_update, now = time(NULL);
- bool new;
-
- get_validity(this, &now, &this_update, NULL);
- other->get_validity(other, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " certificate from %T is %s - existing certificate "
- "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
- return new;
-}
-
METHOD(certificate_t, get_encoding, chunk_t,
private_openssl_x509_t *this)
{
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
- .is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
- time_t this_update, that_update, now = time(NULL);
- bool new;
-
- this->get_validity(this, &now, &this_update, NULL);
- that->get_validity(that, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " certificate from %T is %s - existing certificate"
- " from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
- &that_update, FALSE, new ? "replaced" : "retained");
- return new;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_pgp_cert_t *this)
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
- return FALSE;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_pubkey_cert_t *this)
this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(private_x509_ac_t *this, ac_t *that)
-{
- certificate_t *this_cert = &this->public.interface.certificate;
- certificate_t *that_cert = &that->certificate;
- time_t this_update, that_update, now = time(NULL);
- bool new;
-
- this_cert->get_validity(this_cert, &now, &this_update, NULL);
- that_cert->get_validity(that_cert, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " attr cert from %T is %s - existing attr cert from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
- return new;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_x509_ac_t *this)
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
- time_t this_update, that_update, now = time(NULL);
- bool new;
-
- this->get_validity(this, &now, &this_update, NULL);
- that->get_validity(that, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " certificate from %T is %s - existing certificate "
- "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
- return new;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_x509_cert_t *this)
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
return (t <= this->nextUpdate);
}
-METHOD(certificate_t, is_newer, bool,
- private_x509_crl_t *this, certificate_t *other)
-{
- chunk_t other_crlNumber = chunk_empty;
- bool new;
-
- if (other->get_type(other) == CERT_X509_CRL)
- {
- crl_t *crl = (crl_t*)other;
- other_crlNumber = crl->get_serial(crl);
- }
-
- /* compare crlNumbers if available - otherwise use thisUpdate */
- if (this->crlNumber.ptr != NULL && other_crlNumber.ptr != NULL)
- {
- new = chunk_compare(this->crlNumber, other_crlNumber) > 0;
- DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
- &this->crlNumber, new ? "newer":"not newer",
- &other_crlNumber, new ? "replaced":"retained");
- }
- else
- {
- time_t this_update, that_update, now = time(NULL);
-
- get_validity(this, &now, &this_update, NULL);
- other->get_validity(other, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s",
- &this_update, FALSE, new ? "newer":"not newer",
- &that_update, FALSE, new ? "replaced":"retained");
- }
- return new;
-}
-
METHOD(certificate_t, get_encoding, chunk_t,
private_x509_crl_t *this)
{
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
- .is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
- time_t this_update, that_update, now = time(NULL);
- bool new;
-
- this->get_validity(this, &now, &this_update, NULL);
- that->get_validity(that, &now, &that_update, NULL);
- new = this_update > that_update;
- DBG1(DBG_LIB, " ocsp response from %T is %s - existing ocsp response "
- "from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
- &that_update, FALSE, new ? "replaced" : "retained");
- return new;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_x509_ocsp_response_t *this)
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
}
/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
- return FALSE;
-}
-
-/**
* Implementation of certificate_t.get_encoding.
*/
static chunk_t get_encoding(private_x509_pkcs10_t *this)
*/
static const asn1Object_t certificationRequestObjects[] = {
{ 0, "certificationRequest", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */\r
+ { 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
{ 2, "version", ASN1_INTEGER, ASN1_BODY }, /* 2 */
{ 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 3 */
{ 2, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_RAW }, /* 4 */
{ 4, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
{ 2, "end loop", ASN1_EOC, ASN1_END }, /* 11 */
{ 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
- { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */\r
+ { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKCS10_CERT_REQUEST_INFO 1
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;