linked_list_t *ocsp;
/**
- * Hashes of certificates issued by this CA
- */
- linked_list_t *hashes;
-
- /**
* Base URI used for certificates from this CA
*/
char *certuribase;
ca->path = strdup(path);
ca->crl = linked_list_create();
ca->ocsp = linked_list_create();
- ca->hashes = linked_list_create();
ca->certuribase = NULL;
return ca;
}
{
this->crl->destroy_function(this->crl, free);
this->ocsp->destroy_function(this->ocsp, free);
- this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy));
this->cert->destroy(this->cert);
free(this->certuribase);
free(this->path);
enumerator->destroy(enumerator);
}
-METHOD(stroke_ca_t, check_for_hash_and_url, void,
- private_stroke_ca_t *this, certificate_t* cert)
-{
- ca_section_t *section;
- enumerator_t *enumerator;
-
- hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher == NULL)
- {
- DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
- return;
- }
-
- this->lock->write_lock(this->lock);
- enumerator = this->sections->create_enumerator(this->sections);
- while (enumerator->enumerate(enumerator, (void**)§ion))
- {
- if (section->certuribase && cert->issued_by(cert, section->cert, NULL))
- {
- chunk_t hash, encoded;
-
- if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
- {
- if (hasher->allocate_hash(hasher, encoded, &hash))
- {
- section->hashes->insert_last(section->hashes,
- identification_create_from_encoding(ID_KEY_ID, hash));
- chunk_free(&hash);
- }
- chunk_free(&encoded);
- }
- break;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- hasher->destroy(hasher);
-}
-
METHOD(stroke_ca_t, list, void,
private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out)
{
.get_cert_ref = _get_cert_ref,
.reload_certs = _reload_certs,
.replace_certs = _replace_certs,
- .check_for_hash_and_url = _check_for_hash_and_url,
.destroy = _destroy,
},
.sections = linked_list_create(),