/*
- * Copyright (C) 2008-2015 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
*/
static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data_t *data)
{
- enumerator_t *enumerator = NULL, *hash_enum;
- identification_t *current;
+ enumerator_t *enumerator = NULL;
if (!data->id || !section->certuribase)
{
return NULL;
}
- hash_enum = section->hashes->create_enumerator(section->hashes);
- while (hash_enum->enumerate(hash_enum, ¤t))
+ if (section->cert->has_subject(section->cert, data->id) != ID_MATCH_NONE)
{
- if (current->matches(current, data->id))
- {
- char *url, *hash;
-
- url = malloc(strlen(section->certuribase) + 40 + 1);
- strcpy(url, section->certuribase);
- hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr;
- strncat(url, hash, 40);
- free(hash);
-
- enumerator = enumerator_create_single(url, free);
- break;
- }
+ enumerator = enumerator_create_single(strdup(section->certuribase),
+ free);
}
- hash_enum->destroy(hash_enum);
return enumerator;
}
/*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2019 Tobias Brunner
* Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
static enumerator_t *create_inner_cdp_hashandurl(authority_t *authority,
cdp_data_t *data)
{
- enumerator_t *enumerator = NULL, *hash_enum;
- identification_t *current;
+ enumerator_t *enumerator = NULL;
if (!data->id || !authority->cert_uri_base)
{
return NULL;
}
- hash_enum = authority->hashes->create_enumerator(authority->hashes);
- while (hash_enum->enumerate(hash_enum, ¤t))
+ if (authority->cert->has_subject(authority->cert, data->id) != ID_MATCH_NONE)
{
- if (current->matches(current, data->id))
- {
- char *url, *hash;
-
- url = malloc(strlen(authority->cert_uri_base) + 40 + 1);
- strcpy(url, authority->cert_uri_base);
- hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr;
- strncat(url, hash, 40);
- free(hash);
-
- enumerator = enumerator_create_single(url, free);
- break;
- }
+ enumerator = enumerator_create_single(strdup(authority->cert_uri_base),
+ free);
}
- hash_enum->destroy(hash_enum);
return enumerator;
}
/*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
};
/**
- * Generates the cert payload, if possible with "Hash and URL"
+ * Generate the payload for a hash-and-URL encoded certificate
*/
-static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
- certificate_t *cert)
+static bool build_hash_url_payload(char *base, certificate_t *cert,
+ cert_payload_t **payload)
{
hasher_t *hasher;
- identification_t *id;
- chunk_t hash, encoded ;
- enumerator_t *enumerator;
- char *url;
- cert_payload_t *payload = NULL;
-
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL))
- {
- return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
- }
+ chunk_t hash, encoded;
+ char *url, *hex_hash;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
{
- DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
- return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
+ DBG1(DBG_IKE, "unable to use hash-and-url: SHA-1 not supported");
+ return FALSE;
}
if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
{
- DBG1(DBG_IKE, "encoding certificate for cert payload failed");
hasher->destroy(hasher);
- return NULL;
+ return FALSE;
}
if (!hasher->allocate_hash(hasher, encoded, &hash))
{
hasher->destroy(hasher);
chunk_free(&encoded);
- return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
+ return FALSE;
}
chunk_free(&encoded);
hasher->destroy(hasher);
- id = identification_create_from_encoding(ID_KEY_ID, hash);
- enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509, id);
- if (enumerator->enumerate(enumerator, &url))
+ url = malloc(strlen(base) + 40 + 1);
+ strcpy(url, base);
+ hex_hash = chunk_to_hex(hash, NULL, FALSE).ptr;
+ strncat(url, hex_hash, 40);
+ free(hex_hash);
+
+ DBG1(DBG_IKE, "sending hash-and-url \"%s\"", url);
+ *payload = cert_payload_create_from_hash_and_url(hash, url);
+ chunk_free(&hash);
+ free(url);
+ return TRUE;
+}
+
+/**
+ * Generates the cert payload, if possible with "Hash and URL"
+ */
+static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
+ certificate_t *cert)
+{
+ enumerator_t *enumerator;
+ char *base;
+ cert_payload_t *payload = NULL;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL))
{
- payload = cert_payload_create_from_hash_and_url(hash, url);
- DBG1(DBG_IKE, "sending hash-and-url \"%s\"", url);
+ return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
}
- else
+
+ enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, CERT_X509,
+ cert->get_issuer(cert));
+ if (!enumerator->enumerate(enumerator, &base) ||
+ !build_hash_url_payload(base, cert, &payload))
{
payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
}
enumerator->destroy(enumerator);
- chunk_free(&hash);
- id->destroy(id);
return payload;
}