Annotation of embedaddon/strongswan/src/libcharon/plugins/certexpire/certexpire_listener.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011 Martin Willi
! 3: * Copyright (C) 2011 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "certexpire_listener.h"
! 17:
! 18: #include <daemon.h>
! 19:
! 20: typedef struct private_certexpire_listener_t private_certexpire_listener_t;
! 21:
! 22: /**
! 23: * Private data of an certexpire_listener_t object.
! 24: */
! 25: struct private_certexpire_listener_t {
! 26:
! 27: /**
! 28: * Public certexpire_listener_t interface.
! 29: */
! 30: certexpire_listener_t public;
! 31:
! 32: /**
! 33: * Export facility
! 34: */
! 35: certexpire_export_t *export;
! 36: };
! 37:
! 38: METHOD(listener_t, authorize, bool,
! 39: private_certexpire_listener_t *this, ike_sa_t *ike_sa,
! 40: bool final, bool *success)
! 41: {
! 42: enumerator_t *rounds, *enumerator;
! 43: certificate_t *cert, *ca = NULL;
! 44: linked_list_t *trustchain;
! 45: auth_cfg_t *auth;
! 46: auth_rule_t rule;
! 47:
! 48: /* Check all rounds in final hook, as local authentication data are
! 49: * not completely available after round-invocation. */
! 50: if (!final)
! 51: {
! 52: return TRUE;
! 53: }
! 54:
! 55: /* collect local certificates */
! 56: trustchain = linked_list_create();
! 57: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
! 58: while (rounds->enumerate(rounds, &auth))
! 59: {
! 60: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
! 61: if (cert)
! 62: {
! 63: trustchain->insert_last(trustchain, cert);
! 64:
! 65: enumerator = auth->create_enumerator(auth);
! 66: while (enumerator->enumerate(enumerator, &rule, &cert))
! 67: {
! 68: if (rule == AUTH_RULE_IM_CERT)
! 69: {
! 70: trustchain->insert_last(trustchain, cert);
! 71: }
! 72: if (rule == AUTH_RULE_CA_CERT)
! 73: {
! 74: /* the last CA cert is the one used in the trustchain.
! 75: * Previous CA certificates have been received as cert
! 76: * requests. */
! 77: ca = cert;
! 78: }
! 79: }
! 80: enumerator->destroy(enumerator);
! 81: if (ca)
! 82: {
! 83: trustchain->insert_last(trustchain, ca);
! 84: }
! 85: }
! 86: }
! 87: rounds->destroy(rounds);
! 88: this->export->add(this->export, trustchain, TRUE);
! 89: trustchain->destroy(trustchain);
! 90:
! 91: /* collect remote certificates */
! 92: trustchain = linked_list_create();
! 93: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
! 94: while (rounds->enumerate(rounds, &auth))
! 95: {
! 96: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
! 97: if (cert)
! 98: {
! 99: trustchain->insert_last(trustchain, cert);
! 100:
! 101: enumerator = auth->create_enumerator(auth);
! 102: while (enumerator->enumerate(enumerator, &rule, &cert))
! 103: {
! 104: if (rule == AUTH_RULE_IM_CERT)
! 105: {
! 106: trustchain->insert_last(trustchain, cert);
! 107: }
! 108: }
! 109: enumerator->destroy(enumerator);
! 110:
! 111: cert = auth->get(auth, AUTH_RULE_CA_CERT);
! 112: if (cert)
! 113: {
! 114: trustchain->insert_last(trustchain, cert);
! 115: }
! 116: }
! 117: }
! 118: rounds->destroy(rounds);
! 119: this->export->add(this->export, trustchain, FALSE);
! 120: trustchain->destroy(trustchain);
! 121: return TRUE;
! 122: }
! 123:
! 124: METHOD(certexpire_listener_t, destroy, void,
! 125: private_certexpire_listener_t *this)
! 126: {
! 127: free(this);
! 128: }
! 129:
! 130: /**
! 131: * See header
! 132: */
! 133: certexpire_listener_t *certexpire_listener_create(certexpire_export_t *export)
! 134: {
! 135: private_certexpire_listener_t *this;
! 136:
! 137: INIT(this,
! 138: .public = {
! 139: .listener = {
! 140: .authorize = _authorize,
! 141: },
! 142: .destroy = _destroy,
! 143: },
! 144: .export = export,
! 145: );
! 146:
! 147: return &this->public;
! 148: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to certexpire_listener.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / certexpire