Return to dnscert.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / dnscert |
1.1 misho 1: /* 2: * Copyright (C) 2013 Ruslan Marchenko 3: * 4: * Permission is hereby granted, free of charge, to any person obtaining a copy 5: * of this software and associated documentation files (the "Software"), to deal 6: * in the Software without restriction, including without limitation the rights 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8: * copies of the Software, and to permit persons to whom the Software is 9: * furnished to do so, subject to the following conditions: 10: * 11: * The above copyright notice and this permission notice shall be included in 12: * all copies or substantial portions of the Software. 13: * 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20: * THE SOFTWARE. 21: */ 22: 23: #include "dnscert.h" 24: 25: #include <library.h> 26: #include <utils/debug.h> 27: #include <bio/bio_reader.h> 28: 29: typedef struct private_dnscert_t private_dnscert_t; 30: 31: /** 32: * private data of the dnscert 33: */ 34: struct private_dnscert_t { 35: 36: /** 37: * public functions 38: */ 39: dnscert_t public; 40: 41: /** 42: * Certificate type 43: */ 44: uint16_t cert_type; 45: 46: /** 47: * Key tag 48: */ 49: uint16_t key_tag; 50: 51: /** 52: * Algorithm 53: */ 54: uint8_t algorithm; 55: 56: /** 57: * Certificate 58: */ 59: chunk_t certificate; 60: }; 61: 62: METHOD(dnscert_t, get_cert_type, dnscert_type_t, 63: private_dnscert_t *this) 64: { 65: return this->cert_type; 66: } 67: 68: METHOD(dnscert_t, get_key_tag, uint16_t, 69: private_dnscert_t *this) 70: { 71: return this->key_tag; 72: } 73: 74: METHOD(dnscert_t, get_algorithm, dnscert_algorithm_t, 75: private_dnscert_t *this) 76: { 77: return this->algorithm; 78: } 79: 80: METHOD(dnscert_t, get_certificate, chunk_t, 81: private_dnscert_t *this) 82: { 83: return this->certificate; 84: } 85: 86: METHOD(dnscert_t, destroy, void, 87: private_dnscert_t *this) 88: { 89: chunk_free(&this->certificate); 90: free(this); 91: } 92: 93: dnscert_t *dnscert_create_frm_rr(rr_t *rr) 94: { 95: private_dnscert_t *this; 96: bio_reader_t *reader = NULL; 97: 98: INIT(this, 99: .public = { 100: .get_cert_type = _get_cert_type, 101: .get_key_tag = _get_key_tag, 102: .get_algorithm = _get_algorithm, 103: .get_certificate = _get_certificate, 104: .destroy = _destroy, 105: }, 106: ); 107: 108: if (rr->get_type(rr) != RR_TYPE_CERT) 109: { 110: DBG1(DBG_CFG, "unable to create a dnscert out of an RR " 111: "whose type is not CERT"); 112: free(this); 113: return NULL; 114: } 115: 116: /** 117: * Parse the content (RDATA field) of the RR 118: * First - type/tag/algo fields and then cert body 119: */ 120: reader = bio_reader_create(rr->get_rdata(rr)); 121: if (!reader->read_uint16(reader, &this->cert_type) || 122: !reader->read_uint16(reader, &this->key_tag) || 123: !reader->read_uint8(reader, &this->algorithm) ) 124: { 125: DBG1(DBG_CFG, "CERT RR has a wrong format"); 126: reader->destroy(reader); 127: free(this); 128: return NULL; 129: } 130: 131: if (!reader->read_data(reader, reader->remaining(reader), 132: &this->certificate)) 133: { 134: DBG1(DBG_CFG, "failed to read DNS certificate field"); 135: reader->destroy(reader); 136: free(this); 137: return NULL; 138: } 139: this->certificate = chunk_clone(this->certificate); 140: reader->destroy(reader); 141: return &this->public; 142: }