![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to certexpire_listener.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / certexpire|
Return to certexpire_listener.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / certexpire |
1.1 misho 1: /*
2: * Copyright (C) 2011 Martin Willi
3: * Copyright (C) 2011 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "certexpire_listener.h"
17:
18: #include <daemon.h>
19:
20: typedef struct private_certexpire_listener_t private_certexpire_listener_t;
21:
22: /**
23: * Private data of an certexpire_listener_t object.
24: */
25: struct private_certexpire_listener_t {
26:
27: /**
28: * Public certexpire_listener_t interface.
29: */
30: certexpire_listener_t public;
31:
32: /**
33: * Export facility
34: */
35: certexpire_export_t *export;
36: };
37:
38: METHOD(listener_t, authorize, bool,
39: private_certexpire_listener_t *this, ike_sa_t *ike_sa,
40: bool final, bool *success)
41: {
42: enumerator_t *rounds, *enumerator;
43: certificate_t *cert, *ca = NULL;
44: linked_list_t *trustchain;
45: auth_cfg_t *auth;
46: auth_rule_t rule;
47:
48: /* Check all rounds in final hook, as local authentication data are
49: * not completely available after round-invocation. */
50: if (!final)
51: {
52: return TRUE;
53: }
54:
55: /* collect local certificates */
56: trustchain = linked_list_create();
57: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
58: while (rounds->enumerate(rounds, &auth))
59: {
60: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
61: if (cert)
62: {
63: trustchain->insert_last(trustchain, cert);
64:
65: enumerator = auth->create_enumerator(auth);
66: while (enumerator->enumerate(enumerator, &rule, &cert))
67: {
68: if (rule == AUTH_RULE_IM_CERT)
69: {
70: trustchain->insert_last(trustchain, cert);
71: }
72: if (rule == AUTH_RULE_CA_CERT)
73: {
74: /* the last CA cert is the one used in the trustchain.
75: * Previous CA certificates have been received as cert
76: * requests. */
77: ca = cert;
78: }
79: }
80: enumerator->destroy(enumerator);
81: if (ca)
82: {
83: trustchain->insert_last(trustchain, ca);
84: }
85: }
86: }
87: rounds->destroy(rounds);
88: this->export->add(this->export, trustchain, TRUE);
89: trustchain->destroy(trustchain);
90:
91: /* collect remote certificates */
92: trustchain = linked_list_create();
93: rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
94: while (rounds->enumerate(rounds, &auth))
95: {
96: cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
97: if (cert)
98: {
99: trustchain->insert_last(trustchain, cert);
100:
101: enumerator = auth->create_enumerator(auth);
102: while (enumerator->enumerate(enumerator, &rule, &cert))
103: {
104: if (rule == AUTH_RULE_IM_CERT)
105: {
106: trustchain->insert_last(trustchain, cert);
107: }
108: }
109: enumerator->destroy(enumerator);
110:
111: cert = auth->get(auth, AUTH_RULE_CA_CERT);
112: if (cert)
113: {
114: trustchain->insert_last(trustchain, cert);
115: }
116: }
117: }
118: rounds->destroy(rounds);
119: this->export->add(this->export, trustchain, FALSE);
120: trustchain->destroy(trustchain);
121: return TRUE;
122: }
123:
124: METHOD(certexpire_listener_t, destroy, void,
125: private_certexpire_listener_t *this)
126: {
127: free(this);
128: }
129:
130: /**
131: * See header
132: */
133: certexpire_listener_t *certexpire_listener_create(certexpire_export_t *export)
134: {
135: private_certexpire_listener_t *this;
136:
137: INIT(this,
138: .public = {
139: .listener = {
140: .authorize = _authorize,
141: },
142: .destroy = _destroy,
143: },
144: .export = export,
145: );
146:
147: return &this->public;
148: }