mem-cred: Add a method to unify certificate references, without adding it
authorMartin Willi <martin@revosec.ch>
Fri, 6 Feb 2015 11:34:30 +0000 (12:34 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 3 Mar 2015 12:50:26 +0000 (13:50 +0100)
In contrast to add_cert_ref(), get_cert_ref() does not add the certificate to
the set, but only finds a reference to the same certificate, if found.

src/libstrongswan/credentials/sets/mem_cred.c
src/libstrongswan/credentials/sets/mem_cred.h

index d8f568d..7ad011b 100644 (file)
@@ -192,6 +192,24 @@ METHOD(mem_cred_t, add_cert_ref, certificate_t*,
        return add_cert_internal(this, trusted, cert);
 }
 
+METHOD(mem_cred_t, get_cert_ref, certificate_t*,
+       private_mem_cred_t *this, certificate_t *cert)
+{
+       certificate_t *cached;
+
+       this->lock->write_lock(this->lock);
+       if (this->untrusted->find_first(this->untrusted,
+                                                                       (linked_list_match_t)certificate_equals,
+                                                                       (void**)&cached, cert) == SUCCESS)
+       {
+               cert->destroy(cert);
+               cert = cached->get_ref(cached);
+       }
+       this->lock->unlock(this->lock);
+
+       return cert;
+}
+
 METHOD(mem_cred_t, add_crl, bool,
        private_mem_cred_t *this, crl_t *crl)
 {
@@ -736,6 +754,7 @@ mem_cred_t *mem_cred_create()
                        },
                        .add_cert = _add_cert,
                        .add_cert_ref = _add_cert_ref,
+                       .get_cert_ref = _get_cert_ref,
                        .add_crl = _add_crl,
                        .add_key = _add_key,
                        .add_shared = _add_shared,
index d0dd51d..3ce815a 100644 (file)
@@ -59,6 +59,18 @@ struct mem_cred_t {
                                                                   certificate_t *cert);
 
        /**
+        * Get an existing reference to the same certificate.
+        *
+        * Searches for the same certficate in the set, and returns a reference
+        * to it, destroying the passed certificate. If the passed certificate
+        * is not found, it is just returned.
+        *
+        * @param cert                  certificate to look up
+        * @return                              the same certificate, potentially different instance
+        */
+       certificate_t* (*get_cert_ref)(mem_cred_t *this, certificate_t *cert);
+
+       /**
         * Add an X.509 CRL to the credential set.
         *
         * @param crl                   CRL, gets owned by set