iterate certinfos linked list for matching serialNumber
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 5 Mar 2007 22:08:48 +0000 (22:08 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 5 Mar 2007 22:08:48 +0000 (22:08 -0000)
src/libstrongswan/crypto/ca.c
src/libstrongswan/crypto/certinfo.c
src/libstrongswan/crypto/certinfo.h

index 1a53021..e35a204 100644 (file)
@@ -372,8 +372,32 @@ err:
 static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
                                                                        certinfo_t *certinfo)
 {
-       /* TODO implement function */
-       return CERT_UNDEFINED;
+       pthread_mutex_lock(&(this->mutex));
+
+       /* do we have a valid certinfo record for this serial number in our cache? */
+       {
+               iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
+               certinfo_t *current_certinfo;
+               bool found = FALSE;
+
+               while(iterator->iterate(iterator, (void**)&current_certinfo))
+               {
+                       if (certinfo->equals_serialNumber(certinfo, current_certinfo))
+                       {
+                               found = TRUE;
+                               DBG2("ocsp status found");
+                               break;
+                       }
+               }
+               iterator->destroy(iterator);
+               if (!found)
+               {
+                       DBG2("ocsp status is not in cache");
+               }
+       }
+       
+       pthread_mutex_unlock(&(this->mutex));
+       return certinfo->get_status(certinfo);
 }
 
 /**
index 29f2c5f..1ba5bf2 100644 (file)
@@ -94,6 +94,14 @@ ENUM(crl_reason_names, REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL,
 );
 
 /**
+ * Implements certinfo_t.equals_serialNumber
+ */
+static bool equals_serialNumber(const private_certinfo_t *this, const private_certinfo_t *that)
+{
+       return chunk_equals(this->serialNumber, that->serialNumber);
+}
+
+/**
  * Implements certinfo_t.get_serialNumber
  */
 static chunk_t get_serialNumber(const private_certinfo_t *this)
@@ -189,6 +197,7 @@ certinfo_t *certinfo_create(chunk_t serial)
        this->revocationReason = REASON_UNSPECIFIED;
 
        /* public functions */
+       this->public.equals_serialNumber = (bool (*) (const certinfo_t*,const certinfo_t*))equals_serialNumber;
        this->public.get_serialNumber = (chunk_t (*) (const certinfo_t*))get_serialNumber;
        this->public.set_status = (void (*) (certinfo_t*,cert_status_t))set_status;
        this->public.get_status = (cert_status_t (*) (const certinfo_t*))get_status;
index 8d60e39..3ecaace 100644 (file)
@@ -66,6 +66,16 @@ extern enum_name_t *crl_reason_names;
 struct certinfo_t {
 
        /**
+        * @brief Check if both certinfo objects have the same serialNumber.
+        * 
+        * @param this                          calling object
+        * @param that                          second certinfo_t object
+        * @return                                      TRUE if the same serialNumber
+        */
+       bool (*equals_serialNumber) (const certinfo_t *this, const certinfo_t *that);
+
+
+       /**
         * @brief Get serial number.
         *
         * @param this                          calling object