Return to certificate.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates |
1.1 misho 1: /* 1.1.1.2 ! misho 2: * Copyright (C) 2020 Tobias Brunner 1.1 misho 3: * Copyright (C) 2007 Martin Willi 4: * Copyright (C) 2015 Andreas Steffen 5: * HSR Hochschule fuer Technik Rapperswil 6: * 7: * This program is free software; you can redistribute it and/or modify it 8: * under the terms of the GNU General Public License as published by the 9: * Free Software Foundation; either version 2 of the License, or (at your 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 11: * 12: * This program is distributed in the hope that it will be useful, but 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15: * for more details. 16: */ 17: 18: #include "certificate.h" 19: 20: #include <utils/debug.h> 21: #include <credentials/certificates/x509.h> 22: 23: ENUM(certificate_type_names, CERT_ANY, CERT_GPG, 24: "ANY", 25: "X509", 26: "X509_CRL", 27: "OCSP_REQUEST", 28: "OCSP_RESPONSE", 29: "X509_AC", 30: "PUBKEY", 31: "PKCS10_REQUEST", 32: "PGP", 33: ); 34: 35: ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED, 36: "GOOD", 37: "SKIPPED", 38: "STALE", 39: "FAILED", 40: "ON_HOLD", 41: "REVOKED", 42: ); 43: 44: /** 45: * See header 46: */ 47: bool certificate_is_newer(certificate_t *this, certificate_t *other) 48: { 49: time_t this_update, that_update; 50: char *type = "certificate"; 51: bool newer; 52: 53: if (this->get_type(this) == CERT_X509_CRL) 54: { 55: type = "crl"; 56: } 57: this->get_validity(this, NULL, &this_update, NULL); 58: other->get_validity(other, NULL, &that_update, NULL); 59: newer = this_update > that_update; 60: DBG1(DBG_LIB, " %s from %T is %s - existing %s from %T %s", 61: type, &this_update, FALSE, newer ? "newer" : "not newer", 62: type, &that_update, FALSE, newer ? "replaced" : "retained"); 63: return newer; 64: } 1.1.1.2 ! misho 65: ! 66: /* ! 67: * Described in header ! 68: */ ! 69: bool certificate_matches(certificate_t *cert, certificate_type_t type, ! 70: key_type_t key, identification_t *id) ! 71: { ! 72: public_key_t *public; ! 73: ! 74: if (type != CERT_ANY && type != cert->get_type(cert)) ! 75: { ! 76: return FALSE; ! 77: } ! 78: public = cert->get_public_key(cert); ! 79: if (public) ! 80: { ! 81: if (key == KEY_ANY || key == public->get_type(public)) ! 82: { ! 83: if (id && public->has_fingerprint(public, id->get_encoding(id))) ! 84: { ! 85: public->destroy(public); ! 86: return TRUE; ! 87: } ! 88: } ! 89: else ! 90: { ! 91: public->destroy(public); ! 92: return FALSE; ! 93: } ! 94: public->destroy(public); ! 95: } ! 96: else if (key != KEY_ANY) ! 97: { ! 98: return FALSE; ! 99: } ! 100: return !id || cert->has_subject(cert, id); ! 101: }