Removed is_newer() from certificate_t, obsoleting all implementations
authorMartin Willi <martin@revosec.ch>
Fri, 21 May 2010 07:53:23 +0000 (09:53 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 21 May 2010 14:25:51 +0000 (16:25 +0200)
src/libstrongswan/credentials/certificates/certificate.h
src/libstrongswan/plugins/openssl/openssl_crl.c
src/libstrongswan/plugins/openssl/openssl_x509.c
src/libstrongswan/plugins/pgp/pgp_cert.c
src/libstrongswan/plugins/pubkey/pubkey_cert.c
src/libstrongswan/plugins/x509/x509_ac.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/plugins/x509/x509_crl.c
src/libstrongswan/plugins/x509/x509_ocsp_response.c
src/libstrongswan/plugins/x509/x509_pkcs10.c

index e82fed1..dcb5f36 100644 (file)
@@ -163,13 +163,6 @@ struct certificate_t {
                                                 time_t *not_before, time_t *not_after);
 
        /**
-        * Is this newer than that?
-        *
-        * @return                      TRUE if newer, FALSE otherwise
-        */
-       bool (*is_newer)(certificate_t *this, certificate_t *that);
-
-       /**
         * Get the certificate in an encoded form.
         *
         * @return                              allocated chunk of encoded cert
index d1dddda..fa0a173 100644 (file)
@@ -296,35 +296,6 @@ METHOD(certificate_t, get_validity, bool,
        return t <= this->nextUpdate;
 }
 
-METHOD(certificate_t, is_newer, bool,
-       private_openssl_crl_t *this, certificate_t *other)
-{
-       time_t this_update, that_update;
-       chunk_t other_serial;
-       x509_t *x509;
-       bool new;
-
-       x509 = (x509_t*)other;
-       other_serial = x509->get_serial(x509);
-       if (this->serial.ptr != NULL && other_serial.ptr != NULL)
-       {       /* compare crlNumbers if available */
-               new = chunk_compare(this->serial, other_serial) > 0;
-               DBG1(DBG_LIB, "  crl #%#B is %s - existing crl #%#B %s",
-                               &this->serial, new ? "newer":"not newer",
-                               &other_serial,  new ? "replaced":"retained");
-       }
-       else
-       {       /* otherwise use thisUpdate */
-               get_validity(this, NULL, &this_update, NULL);
-               other->get_validity(other, NULL, &that_update, NULL);
-               new = this_update > that_update;
-               DBG1(DBG_LIB, "  crl from %T is %s - existing crl from %T %s",
-                               &this_update, FALSE, new ? "newer":"not newer",
-                               &that_update, FALSE, new ? "replaced":"retained");
-       }
-       return new;
-}
-
 METHOD(certificate_t, get_encoding, chunk_t,
        private_openssl_crl_t *this)
 {
@@ -395,7 +366,6 @@ static private_openssl_crl_t *create_empty()
                                        .issued_by = _issued_by,
                                        .get_public_key = _get_public_key,
                                        .get_validity = _get_validity,
-                                       .is_newer = _is_newer,
                                        .get_encoding = _get_encoding,
                                        .equals = _equals,
                                        .get_ref = _get_ref,
index 0ef29b3..4515105 100644 (file)
@@ -383,21 +383,6 @@ METHOD(certificate_t, get_validity, bool,
        return (t >= this->notBefore && t <= this->notAfter);
 }
 
-METHOD(certificate_t, is_newer, bool,
-       private_openssl_x509_t *this, certificate_t *other)
-{
-       time_t this_update, that_update, now = time(NULL);
-       bool new;
-
-       get_validity(this, &now, &this_update, NULL);
-       other->get_validity(other, &now, &that_update, NULL);
-       new = this_update > that_update;
-       DBG1(DBG_LIB, "  certificate from %T is %s - existing certificate "
-                "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
-                &that_update, FALSE, new ? "replaced":"retained");
-       return new;
-}
-
 METHOD(certificate_t, get_encoding, chunk_t,
        private_openssl_x509_t *this)
 {
@@ -481,7 +466,6 @@ static private_openssl_x509_t *create_empty()
                                        .issued_by = _issued_by,
                                        .get_public_key = _get_public_key,
                                        .get_validity = _get_validity,
-                                       .is_newer = _is_newer,
                                        .get_encoding = _get_encoding,
                                        .equals = _equals,
                                        .get_ref = _get_ref,
index cd04f3d..c4bdff6 100644 (file)
@@ -188,23 +188,6 @@ static bool get_validity(private_pgp_cert_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       time_t this_update, that_update, now = time(NULL);
-       bool new;
-
-       this->get_validity(this, &now, &this_update, NULL);
-       that->get_validity(that, &now, &that_update, NULL);
-       new = this_update > that_update;
-       DBG1(DBG_LIB, "  certificate from %T is %s - existing certificate"
-                " from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
-                &that_update, FALSE, new ? "replaced" : "retained");
-       return new;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_pgp_cert_t *this)
@@ -276,7 +259,6 @@ private_pgp_cert_t *create_empty()
        this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
        this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
        this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
-       this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
        this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
        this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
        this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
index f149f63..fc2d6d3 100644 (file)
@@ -161,14 +161,6 @@ static bool get_validity(private_pubkey_cert_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       return FALSE;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_pubkey_cert_t *this)
@@ -221,7 +213,6 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
        this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
        this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
        this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
-       this->public.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
        this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
        this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
        this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
index 95e7278..4026794 100644 (file)
@@ -813,25 +813,6 @@ static bool get_validity(private_x509_ac_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(private_x509_ac_t *this, ac_t *that)
-{
-       certificate_t *this_cert = &this->public.interface.certificate;
-       certificate_t *that_cert = &that->certificate;
-       time_t this_update, that_update, now = time(NULL);
-       bool new;
-
-       this_cert->get_validity(this_cert, &now, &this_update, NULL);
-       that_cert->get_validity(that_cert, &now, &that_update, NULL);
-       new = this_update > that_update;
-       DBG1(DBG_LIB, "  attr cert from %T is %s - existing attr cert from %T %s",
-                &this_update, FALSE, new ? "newer":"not newer",
-                &that_update, FALSE, new ? "replaced":"retained");
-       return new;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_x509_ac_t *this)
@@ -904,7 +885,6 @@ static private_x509_ac_t *create_empty(void)
        this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
        this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
        this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
-       this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
        this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
        this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
        this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
index bdbaa8d..7b362b9 100644 (file)
@@ -1209,23 +1209,6 @@ static bool get_validity(private_x509_cert_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       time_t this_update, that_update, now = time(NULL);
-       bool new;
-
-       this->get_validity(this, &now, &this_update, NULL);
-       that->get_validity(that, &now, &that_update, NULL);
-       new = this_update > that_update;
-       DBG1(DBG_LIB, "  certificate from %T is %s - existing certificate "
-                "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
-                &that_update, FALSE, new ? "replaced":"retained");
-       return new;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_x509_cert_t *this)
@@ -1383,7 +1366,6 @@ static private_x509_cert_t* create_empty(void)
        this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
        this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
        this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
-       this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
        this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
        this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
        this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
index c25f816..e171e4c 100644 (file)
@@ -452,40 +452,6 @@ METHOD(certificate_t, get_validity, bool,
        return (t <= this->nextUpdate);
 }
 
-METHOD(certificate_t, is_newer, bool,
-       private_x509_crl_t *this, certificate_t *other)
-{
-       chunk_t other_crlNumber = chunk_empty;
-       bool new;
-
-       if (other->get_type(other) == CERT_X509_CRL)
-       {
-               crl_t *crl = (crl_t*)other;
-               other_crlNumber = crl->get_serial(crl);
-       }
-
-       /* compare crlNumbers if available - otherwise use thisUpdate */
-       if (this->crlNumber.ptr != NULL && other_crlNumber.ptr != NULL)
-       {
-               new = chunk_compare(this->crlNumber, other_crlNumber) > 0;
-               DBG1(DBG_LIB, "  crl #%#B is %s - existing crl #%#B %s",
-                               &this->crlNumber, new ? "newer":"not newer",
-                               &other_crlNumber, new ? "replaced":"retained");
-       }
-       else
-       {
-               time_t this_update, that_update, now = time(NULL);
-
-               get_validity(this, &now, &this_update, NULL);
-               other->get_validity(other, &now, &that_update, NULL);
-               new = this_update > that_update;
-               DBG1(DBG_LIB, "  crl from %T is %s - existing crl from %T %s",
-                               &this_update, FALSE, new ? "newer":"not newer",
-                               &that_update, FALSE, new ? "replaced":"retained");
-       }
-       return new;
-}
-
 METHOD(certificate_t, get_encoding, chunk_t,
        private_x509_crl_t *this)
 {
@@ -544,7 +510,6 @@ static private_x509_crl_t* create_empty(void)
                                        .issued_by = _issued_by,
                                        .get_public_key = _get_public_key,
                                        .get_validity = _get_validity,
-                                       .is_newer = _is_newer,
                                        .get_encoding = _get_encoding,
                                        .equals = _equals,
                                        .get_ref = _get_ref,
index c70d461..6f8d17a 100644 (file)
@@ -764,23 +764,6 @@ static bool get_validity(private_x509_ocsp_response_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       time_t this_update, that_update, now = time(NULL);
-       bool new;
-
-       this->get_validity(this, &now, &this_update, NULL);
-       that->get_validity(that, &now, &that_update, NULL);
-       new = this_update > that_update;
-       DBG1(DBG_LIB, "  ocsp response from %T is %s - existing ocsp response "
-                "from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
-                &that_update, FALSE, new ? "replaced" : "retained");
-       return new;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_x509_ocsp_response_t *this)
@@ -855,7 +838,6 @@ static x509_ocsp_response_t *load(chunk_t blob)
        this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
        this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
        this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
-       this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
        this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
        this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
        this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
index 1009ec9..73352fd 100644 (file)
@@ -189,14 +189,6 @@ static bool get_validity(private_x509_pkcs10_t *this, time_t *when,
 }
 
 /**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       return FALSE;
-}
-
-/**
  * Implementation of certificate_t.get_encoding.
  */
 static chunk_t get_encoding(private_x509_pkcs10_t *this)
@@ -357,7 +349,7 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
  */
 static const asn1Object_t certificationRequestObjects[] = {
        { 0, "certificationRequest",       ASN1_SEQUENCE,    ASN1_OBJ  }, /*  0 */
-       { 1,   "certificationRequestInfo", ASN1_SEQUENCE,    ASN1_OBJ  }, /*  1 */\r
+       { 1,   "certificationRequestInfo", ASN1_SEQUENCE,    ASN1_OBJ  }, /*  1 */
        { 2,     "version",                ASN1_INTEGER,     ASN1_BODY }, /*  2 */
        { 2,     "subject",                ASN1_SEQUENCE,    ASN1_OBJ  }, /*  3 */
        { 2,     "subjectPublicKeyInfo",   ASN1_SEQUENCE,    ASN1_RAW  }, /*  4 */
@@ -369,7 +361,7 @@ static const asn1Object_t certificationRequestObjects[] = {
        { 4,         "end loop",           ASN1_EOC,         ASN1_END  }, /* 10 */
        { 2,     "end loop",               ASN1_EOC,         ASN1_END  }, /* 11 */
        { 1,   "signatureAlgorithm",       ASN1_EOC,         ASN1_RAW  }, /* 12 */
-       { 1,    "signature",               ASN1_BIT_STRING,  ASN1_BODY }, /* 13 */\r
+       { 1,    "signature",               ASN1_BIT_STRING,  ASN1_BODY }, /* 13 */
        { 0, "exit",                       ASN1_EOC,         ASN1_EXIT }
 };
 #define PKCS10_CERT_REQUEST_INFO                1
@@ -512,7 +504,6 @@ static private_x509_pkcs10_t* create_empty(void)
        this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
        this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
        this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
-       this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
        this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
        this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
        this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;