Slightly renamed different policyConstraints to distinguish them better
authorMartin Willi <martin@revosec.ch>
Wed, 22 Dec 2010 14:58:00 +0000 (15:58 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:05 +0000 (16:46 +0100)
src/libstrongswan/credentials/builder.c
src/libstrongswan/credentials/builder.h
src/libstrongswan/plugins/x509/x509_cert.c
src/pki/commands/issue.c
src/pki/commands/self.c

index 47e1ed5..f9a277a 100644 (file)
@@ -47,9 +47,9 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
        "BUILD_EXCLUDED_NAME_CONSTRAINTS",
        "BUILD_CERTIFICATE_POLICIES",
        "BUILD_POLICY_MAPPINGS",
-       "BUILD_POLICY_CONSTRAINT_EXPLICIT",
-       "BUILD_POLICY_CONSTRAINT_INHIBIT",
-       "BUILD_POLICY_CONSTRAINT_INHIBIT_ANY",
+       "BUILD_POLICY_REQUIRE_EXPLICIT",
+       "BUILD_POLICY_INHIBIT_MAPPING",
+       "BUILD_POLICY_INHIBIT_ANY",
        "BUILD_X509_FLAG",
        "BUILD_REVOKED_ENUMERATOR",
        "BUILD_BASE_CRL",
index 383fa90..325b668 100644 (file)
@@ -102,11 +102,11 @@ enum builder_part_t {
        /** policyMapping OIDs, linked_list_t* of x509_policy_mapping_t* */
        BUILD_POLICY_MAPPINGS,
        /** requireExplicitPolicy constraint, int */
-       BUILD_POLICY_CONSTRAINT_EXPLICIT,
+       BUILD_POLICY_REQUIRE_EXPLICIT,
        /** inhibitPolicyMapping constraint, int */
-       BUILD_POLICY_CONSTRAINT_INHIBIT,
+       BUILD_POLICY_INHIBIT_MAPPING,
        /** inhibitAnyPolicy constraint, int */
-       BUILD_POLICY_CONSTRAINT_INHIBIT_ANY,
+       BUILD_POLICY_INHIBIT_ANY,
        /** enforce an additional X509 flag, x509_flag_t */
        BUILD_X509_FLAG,
        /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */
index 4bf221f..4c9d042 100644 (file)
@@ -179,17 +179,17 @@ struct private_x509_cert_t {
        /**
         * requireExplicitPolicy Constraint
         */
-       char explicit_policy_constraint;
+       char require_explicit;
 
        /**
         * inhibitPolicyMapping Constraint
         */
-       char inhibit_policy_constraint;
+       char inhibit_mapping;
 
        /**
         * inhibitAnyPolicy Constraint
         */
-       char inhibit_any_policy;
+       char inhibit_any;
 
        /**
         * x509 constraints and other flags
@@ -1089,10 +1089,10 @@ static void parse_policyConstraints(chunk_t blob, int level0,
                switch (objectID)
                {
                        case POLICY_CONSTRAINT_EXPLICIT:
-                               this->explicit_policy_constraint = parse_constraint(object);
+                               this->require_explicit = parse_constraint(object);
                                break;
                        case POLICY_CONSTRAINT_INHIBIT:
-                               this->inhibit_policy_constraint = parse_constraint(object);
+                               this->inhibit_mapping = parse_constraint(object);
                                break;
                        default:
                                break;
@@ -1429,7 +1429,7 @@ static bool parse_certificate(private_x509_cert_t *this)
                                                {
                                                        goto end;
                                                }
-                                               this->inhibit_any_policy = parse_constraint(object);
+                                               this->inhibit_any = parse_constraint(object);
                                                break;
                                        case OID_NS_REVOCATION_URL:
                                        case OID_NS_CA_REVOCATION_URL:
@@ -1731,11 +1731,11 @@ METHOD(x509_t, get_constraint, int,
                case X509_PATH_LEN:
                        return this->pathLenConstraint;
                case X509_REQUIRE_EXPLICIT_POLICY:
-                       return this->explicit_policy_constraint;
+                       return this->require_explicit;
                case X509_INHIBIT_POLICY_MAPPING:
-                       return this->inhibit_policy_constraint;
+                       return this->inhibit_mapping;
                case X509_INHIBIT_ANY_POLICY:
-                       return this->inhibit_any_policy;
+                       return this->inhibit_any;
                default:
                        return X509_NO_CONSTRAINT;
        }
@@ -1870,9 +1870,9 @@ static private_x509_cert_t* create_empty(void)
                .cert_policies = linked_list_create(),
                .policy_mappings = linked_list_create(),
                .pathLenConstraint = X509_NO_CONSTRAINT,
-               .explicit_policy_constraint = X509_NO_CONSTRAINT,
-               .inhibit_policy_constraint = X509_NO_CONSTRAINT,
-               .inhibit_any_policy = X509_NO_CONSTRAINT,
+               .require_explicit = X509_NO_CONSTRAINT,
+               .inhibit_mapping = X509_NO_CONSTRAINT,
+               .inhibit_any = X509_NO_CONSTRAINT,
                .ref = 1,
        );
        return this;
@@ -2263,22 +2263,22 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
                                                                asn1_wrap(ASN1_SEQUENCE, "m", policyMappings)));
        }
 
-       if (cert->inhibit_policy_constraint != X509_NO_CONSTRAINT ||
-               cert->explicit_policy_constraint != X509_NO_CONSTRAINT)
+       if (cert->inhibit_mapping != X509_NO_CONSTRAINT ||
+               cert->require_explicit != X509_NO_CONSTRAINT)
        {
                chunk_t inhibit = chunk_empty, explicit = chunk_empty;
 
-               if (cert->explicit_policy_constraint != X509_NO_CONSTRAINT)
+               if (cert->require_explicit != X509_NO_CONSTRAINT)
                {
                        explicit = asn1_wrap(ASN1_CONTEXT_C_0, "m",
                                                asn1_integer("c",
-                                                       chunk_from_thing(cert->explicit_policy_constraint)));
+                                                       chunk_from_thing(cert->require_explicit)));
                }
-               if (cert->inhibit_policy_constraint != X509_NO_CONSTRAINT)
+               if (cert->inhibit_mapping != X509_NO_CONSTRAINT)
                {
                        inhibit = asn1_wrap(ASN1_CONTEXT_C_1, "m",
                                                asn1_integer("c",
-                                                       chunk_from_thing(cert->inhibit_policy_constraint)));
+                                                       chunk_from_thing(cert->inhibit_mapping)));
                }
                policyConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm",
                                                asn1_build_known_oid(OID_POLICY_CONSTRAINTS),
@@ -2288,14 +2288,14 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
                                                                explicit, inhibit)));
        }
 
-       if (cert->inhibit_any_policy != X509_NO_CONSTRAINT)
+       if (cert->inhibit_any != X509_NO_CONSTRAINT)
        {
                inhibitAnyPolicy = asn1_wrap(ASN1_SEQUENCE, "mmm",
                                asn1_build_known_oid(OID_INHIBIT_ANY_POLICY),
                                asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)),
                                asn1_wrap(ASN1_OCTET_STRING, "m",
                                        asn1_integer("c",
-                                               chunk_from_thing(cert->inhibit_any_policy))));
+                                               chunk_from_thing(cert->inhibit_any))));
        }
 
        if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr ||
@@ -2542,14 +2542,14 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
                                enumerator->destroy(enumerator);
                                continue;
                        }
-                       case BUILD_POLICY_CONSTRAINT_EXPLICIT:
-                               cert->explicit_policy_constraint = va_arg(args, int);
+                       case BUILD_POLICY_REQUIRE_EXPLICIT:
+                               cert->require_explicit = va_arg(args, int);
                                continue;
-                       case BUILD_POLICY_CONSTRAINT_INHIBIT:
-                               cert->inhibit_policy_constraint = va_arg(args, int);
+                       case BUILD_POLICY_INHIBIT_MAPPING:
+                               cert->inhibit_mapping = va_arg(args, int);
                                continue;
-                       case BUILD_POLICY_CONSTRAINT_INHIBIT_ANY:
-                               cert->inhibit_any_policy = va_arg(args, int);
+                       case BUILD_POLICY_INHIBIT_ANY:
+                               cert->inhibit_any = va_arg(args, int);
                                continue;
                        case BUILD_NOT_BEFORE_TIME:
                                cert->notBefore = va_arg(args, time_t);
index 32eade7..ebbe360 100644 (file)
@@ -69,7 +69,7 @@ static int issue()
        linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings;
        int lifetime = 1095;
        int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
-       int inhibit_policy = X509_NO_CONSTRAINT, explicit_policy = X509_NO_CONSTRAINT;
+       int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
        chunk_t serial = chunk_empty;
        chunk_t encoding = chunk_empty;
        time_t not_before, not_after;
@@ -212,10 +212,10 @@ static int issue()
                                continue;
                        }
                        case 'E':
-                               explicit_policy = atoi(arg);
+                               require_explicit = atoi(arg);
                                continue;
                        case 'H':
-                               inhibit_policy = atoi(arg);
+                               inhibit_mapping = atoi(arg);
                                continue;
                        case 'A':
                                inhibit_any = atoi(arg);
@@ -447,9 +447,9 @@ static int issue()
                                        BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded,
                                        BUILD_CERTIFICATE_POLICIES, policies,
                                        BUILD_POLICY_MAPPINGS, mappings,
-                                       BUILD_POLICY_CONSTRAINT_INHIBIT, inhibit_policy,
-                                       BUILD_POLICY_CONSTRAINT_EXPLICIT, explicit_policy,
-                                       BUILD_POLICY_CONSTRAINT_INHIBIT_ANY, inhibit_any,
+                                       BUILD_POLICY_REQUIRE_EXPLICIT, require_explicit,
+                                       BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping,
+                                       BUILD_POLICY_INHIBIT_ANY, inhibit_any,
                                        BUILD_END);
        if (!cert)
        {
index ef0ea6b..c7788ff 100644 (file)
@@ -57,7 +57,7 @@ static int self()
        linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings;
        int lifetime = 1095;
        int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
-       int inhibit_policy = X509_NO_CONSTRAINT, explicit_policy = X509_NO_CONSTRAINT;
+       int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
        chunk_t serial = chunk_empty;
        chunk_t encoding = chunk_empty;
        time_t not_before, not_after;
@@ -195,10 +195,10 @@ static int self()
                                continue;
                        }
                        case 'E':
-                               explicit_policy = atoi(arg);
+                               require_explicit = atoi(arg);
                                continue;
                        case 'H':
-                               inhibit_policy = atoi(arg);
+                               inhibit_mapping = atoi(arg);
                                continue;
                        case 'A':
                                inhibit_any = atoi(arg);
@@ -315,9 +315,9 @@ static int self()
                                                BUILD_EXCLUDED_NAME_CONSTRAINTS, excluded,
                                                BUILD_CERTIFICATE_POLICIES, policies,
                                                BUILD_POLICY_MAPPINGS, mappings,
-                                               BUILD_POLICY_CONSTRAINT_EXPLICIT, explicit_policy,
-                                               BUILD_POLICY_CONSTRAINT_INHIBIT, inhibit_policy,
-                                               BUILD_POLICY_CONSTRAINT_INHIBIT_ANY, inhibit_any,
+                                               BUILD_POLICY_REQUIRE_EXPLICIT, require_explicit,
+                                               BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping,
+                                               BUILD_POLICY_INHIBIT_ANY, inhibit_any,
                                                BUILD_END);
        if (!cert)
        {