Return to certexpire_listener.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / certexpire |
1.1 misho 1: /* 2: * Copyright (C) 2011 Martin Willi 3: * Copyright (C) 2011 revosec AG 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "certexpire_listener.h" 17: 18: #include <daemon.h> 19: 20: typedef struct private_certexpire_listener_t private_certexpire_listener_t; 21: 22: /** 23: * Private data of an certexpire_listener_t object. 24: */ 25: struct private_certexpire_listener_t { 26: 27: /** 28: * Public certexpire_listener_t interface. 29: */ 30: certexpire_listener_t public; 31: 32: /** 33: * Export facility 34: */ 35: certexpire_export_t *export; 36: }; 37: 38: METHOD(listener_t, authorize, bool, 39: private_certexpire_listener_t *this, ike_sa_t *ike_sa, 40: bool final, bool *success) 41: { 42: enumerator_t *rounds, *enumerator; 43: certificate_t *cert, *ca = NULL; 44: linked_list_t *trustchain; 45: auth_cfg_t *auth; 46: auth_rule_t rule; 47: 48: /* Check all rounds in final hook, as local authentication data are 49: * not completely available after round-invocation. */ 50: if (!final) 51: { 52: return TRUE; 53: } 54: 55: /* collect local certificates */ 56: trustchain = linked_list_create(); 57: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE); 58: while (rounds->enumerate(rounds, &auth)) 59: { 60: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); 61: if (cert) 62: { 63: trustchain->insert_last(trustchain, cert); 64: 65: enumerator = auth->create_enumerator(auth); 66: while (enumerator->enumerate(enumerator, &rule, &cert)) 67: { 68: if (rule == AUTH_RULE_IM_CERT) 69: { 70: trustchain->insert_last(trustchain, cert); 71: } 72: if (rule == AUTH_RULE_CA_CERT) 73: { 74: /* the last CA cert is the one used in the trustchain. 75: * Previous CA certificates have been received as cert 76: * requests. */ 77: ca = cert; 78: } 79: } 80: enumerator->destroy(enumerator); 81: if (ca) 82: { 83: trustchain->insert_last(trustchain, ca); 84: } 85: } 86: } 87: rounds->destroy(rounds); 88: this->export->add(this->export, trustchain, TRUE); 89: trustchain->destroy(trustchain); 90: 91: /* collect remote certificates */ 92: trustchain = linked_list_create(); 93: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE); 94: while (rounds->enumerate(rounds, &auth)) 95: { 96: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); 97: if (cert) 98: { 99: trustchain->insert_last(trustchain, cert); 100: 101: enumerator = auth->create_enumerator(auth); 102: while (enumerator->enumerate(enumerator, &rule, &cert)) 103: { 104: if (rule == AUTH_RULE_IM_CERT) 105: { 106: trustchain->insert_last(trustchain, cert); 107: } 108: } 109: enumerator->destroy(enumerator); 110: 111: cert = auth->get(auth, AUTH_RULE_CA_CERT); 112: if (cert) 113: { 114: trustchain->insert_last(trustchain, cert); 115: } 116: } 117: } 118: rounds->destroy(rounds); 119: this->export->add(this->export, trustchain, FALSE); 120: trustchain->destroy(trustchain); 121: return TRUE; 122: } 123: 124: METHOD(certexpire_listener_t, destroy, void, 125: private_certexpire_listener_t *this) 126: { 127: free(this); 128: } 129: 130: /** 131: * See header 132: */ 133: certexpire_listener_t *certexpire_listener_create(certexpire_export_t *export) 134: { 135: private_certexpire_listener_t *this; 136: 137: INIT(this, 138: .public = { 139: .listener = { 140: .authorize = _authorize, 141: }, 142: .destroy = _destroy, 143: }, 144: .export = export, 145: ); 146: 147: return &this->public; 148: }