Annotation of embedaddon/strongswan/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2015 Tobias Brunner
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "ike_verify_peer_cert.h"
! 17:
! 18: #include <daemon.h>
! 19: #include <sa/ikev2/tasks/ike_delete.h>
! 20:
! 21: typedef struct private_ike_verify_peer_cert_t private_ike_verify_peer_cert_t;
! 22:
! 23: /**
! 24: * Private members
! 25: */
! 26: struct private_ike_verify_peer_cert_t {
! 27:
! 28: /**
! 29: * Public methods and task_t interface.
! 30: */
! 31: ike_verify_peer_cert_t public;
! 32:
! 33: /**
! 34: * Assigned IKE_SA.
! 35: */
! 36: ike_sa_t *ike_sa;
! 37:
! 38: /**
! 39: * Child ike_delete task, if necessary
! 40: */
! 41: ike_delete_t *ike_delete;
! 42: };
! 43:
! 44: METHOD(task_t, build_i, status_t,
! 45: private_ike_verify_peer_cert_t *this, message_t *message)
! 46: {
! 47: if (!this->ike_sa->verify_peer_certificate(this->ike_sa))
! 48: {
! 49: DBG1(DBG_IKE, "peer certificate verification failed, deleting SA");
! 50: this->ike_delete = ike_delete_create(this->ike_sa, TRUE);
! 51: return this->ike_delete->task.build(&this->ike_delete->task, message);
! 52: }
! 53: DBG1(DBG_IKE, "peer certificate successfully verified");
! 54: message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
! 55: return SUCCESS;
! 56: }
! 57:
! 58: METHOD(task_t, process_i, status_t,
! 59: private_ike_verify_peer_cert_t *this, message_t *message)
! 60: {
! 61: if (this->ike_delete)
! 62: {
! 63: this->ike_delete->task.process(&this->ike_delete->task, message);
! 64: /* try to reestablish the IKE_SA and all children */
! 65: this->ike_sa->reestablish(this->ike_sa);
! 66: }
! 67: return DESTROY_ME;
! 68: }
! 69:
! 70: METHOD(task_t, get_type, task_type_t,
! 71: private_ike_verify_peer_cert_t *this)
! 72: {
! 73: return TASK_IKE_VERIFY_PEER_CERT;
! 74: }
! 75:
! 76: METHOD(task_t, migrate, void,
! 77: private_ike_verify_peer_cert_t *this, ike_sa_t *ike_sa)
! 78: {
! 79: if (this->ike_delete)
! 80: {
! 81: this->ike_delete->task.migrate(&this->ike_delete->task, ike_sa);
! 82: }
! 83: this->ike_sa = ike_sa;
! 84: }
! 85:
! 86: METHOD(task_t, destroy, void,
! 87: private_ike_verify_peer_cert_t *this)
! 88: {
! 89: if (this->ike_delete)
! 90: {
! 91: this->ike_delete->task.destroy(&this->ike_delete->task);
! 92: }
! 93: free(this);
! 94: }
! 95:
! 96: /*
! 97: * Described in header.
! 98: */
! 99: ike_verify_peer_cert_t *ike_verify_peer_cert_create(ike_sa_t *ike_sa)
! 100: {
! 101: private_ike_verify_peer_cert_t *this;
! 102:
! 103: INIT(this,
! 104: .public = {
! 105: .task = {
! 106: .get_type = _get_type,
! 107: .migrate = _migrate,
! 108: .build = _build_i,
! 109: .process = _process_i,
! 110: .destroy = _destroy,
! 111: },
! 112: },
! 113: .ike_sa = ike_sa,
! 114: );
! 115:
! 116: return &this->public;
! 117: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>