Annotation of embedaddon/strongswan/src/libstrongswan/plugins/pubkey/pubkey_cert.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "pubkey_cert.h"
! 17:
! 18: #include <time.h>
! 19:
! 20: #include <utils/debug.h>
! 21:
! 22: typedef struct private_pubkey_cert_t private_pubkey_cert_t;
! 23:
! 24: /**
! 25: * private data of pubkey_cert
! 26: */
! 27: struct private_pubkey_cert_t {
! 28:
! 29: /**
! 30: * public functions
! 31: */
! 32: pubkey_cert_t public;
! 33:
! 34: /**
! 35: * wrapped public key
! 36: */
! 37: public_key_t *key;
! 38:
! 39: /**
! 40: * dummy issuer id, ID_ANY
! 41: */
! 42: identification_t *issuer;
! 43:
! 44: /**
! 45: * subject, ID_KEY_ID of the public key
! 46: */
! 47: identification_t *subject;
! 48:
! 49: /**
! 50: * key inception time
! 51: */
! 52: time_t notBefore;
! 53:
! 54: /**
! 55: * key expiration time
! 56: */
! 57: time_t notAfter;
! 58:
! 59: /**
! 60: * reference count
! 61: */
! 62: refcount_t ref;
! 63: };
! 64:
! 65: METHOD(certificate_t, get_type, certificate_type_t,
! 66: private_pubkey_cert_t *this)
! 67: {
! 68: return CERT_TRUSTED_PUBKEY;
! 69: }
! 70:
! 71: METHOD(certificate_t, get_subject, identification_t*,
! 72: private_pubkey_cert_t *this)
! 73: {
! 74: return this->subject;
! 75: }
! 76:
! 77: METHOD(certificate_t, get_issuer, identification_t*,
! 78: private_pubkey_cert_t *this)
! 79: {
! 80: return this->issuer;
! 81: }
! 82:
! 83: METHOD(certificate_t, has_subject, id_match_t,
! 84: private_pubkey_cert_t *this, identification_t *subject)
! 85: {
! 86: if (subject->get_type(subject) == ID_KEY_ID)
! 87: {
! 88: cred_encoding_type_t type;
! 89: chunk_t fingerprint;
! 90:
! 91: for (type = 0; type < CRED_ENCODING_MAX; type++)
! 92: {
! 93: if (this->key->get_fingerprint(this->key, type, &fingerprint) &&
! 94: chunk_equals(fingerprint, subject->get_encoding(subject)))
! 95: {
! 96: return ID_MATCH_PERFECT;
! 97: }
! 98: }
! 99: }
! 100:
! 101: return this->subject->matches(this->subject, subject);
! 102: }
! 103:
! 104: METHOD(certificate_t, has_issuer, id_match_t,
! 105: private_pubkey_cert_t *this, identification_t *issuer)
! 106: {
! 107: return ID_MATCH_NONE;
! 108: }
! 109:
! 110: METHOD(certificate_t, equals, bool,
! 111: private_pubkey_cert_t *this, certificate_t *other)
! 112: {
! 113: identification_t *other_subject;
! 114: public_key_t *other_key;
! 115:
! 116: if (this == (private_pubkey_cert_t*)other)
! 117: {
! 118: return TRUE;
! 119: }
! 120: if (other->get_type(other) != CERT_TRUSTED_PUBKEY)
! 121: {
! 122: return FALSE;
! 123: }
! 124: other_key = other->get_public_key(other);
! 125: if (other_key)
! 126: {
! 127: if (public_key_equals(this->key, other_key))
! 128: {
! 129: other_key->destroy(other_key);
! 130: other_subject = other->get_subject(other);
! 131: return other_subject->equals(other_subject, this->subject);
! 132: }
! 133: other_key->destroy(other_key);
! 134: }
! 135: return FALSE;
! 136: }
! 137:
! 138: METHOD(certificate_t, issued_by, bool,
! 139: private_pubkey_cert_t *this, certificate_t *issuer,
! 140: signature_params_t **scheme)
! 141: {
! 142: bool valid = equals(this, issuer);
! 143: if (valid && scheme)
! 144: {
! 145: INIT(*scheme,
! 146: .scheme = SIGN_UNKNOWN,
! 147: );
! 148: }
! 149: return valid;
! 150: }
! 151:
! 152: METHOD(certificate_t, get_public_key, public_key_t*,
! 153: private_pubkey_cert_t *this)
! 154: {
! 155: this->key->get_ref(this->key);
! 156: return this->key;
! 157: }
! 158:
! 159: METHOD(certificate_t, get_validity, bool,
! 160: private_pubkey_cert_t *this, time_t *when, time_t *not_before,
! 161: time_t *not_after)
! 162: {
! 163: time_t t = when ? *when : time(NULL);
! 164:
! 165: if (not_before)
! 166: {
! 167: *not_before = this->notBefore;
! 168: }
! 169: if (not_after)
! 170: {
! 171: *not_after = this->notAfter;
! 172: }
! 173: return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) &&
! 174: (this->notAfter == UNDEFINED_TIME || t <= this->notAfter));
! 175: }
! 176:
! 177: METHOD(certificate_t, get_encoding, bool,
! 178: private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
! 179: {
! 180: return this->key->get_encoding(this->key, type, encoding);
! 181: }
! 182:
! 183: METHOD(certificate_t, get_ref, certificate_t*,
! 184: private_pubkey_cert_t *this)
! 185: {
! 186: ref_get(&this->ref);
! 187: return &this->public.interface;
! 188: }
! 189:
! 190: METHOD(certificate_t, destroy, void,
! 191: private_pubkey_cert_t *this)
! 192: {
! 193: if (ref_put(&this->ref))
! 194: {
! 195: this->subject->destroy(this->subject);
! 196: this->issuer->destroy(this->issuer);
! 197: this->key->destroy(this->key);
! 198: free(this);
! 199: }
! 200: }
! 201:
! 202: METHOD(pubkey_cert_t, set_subject, void,
! 203: private_pubkey_cert_t *this, identification_t *subject)
! 204: {
! 205: DESTROY_IF(this->subject);
! 206: this->subject = subject->clone(subject);
! 207: }
! 208:
! 209: /*
! 210: * see header file
! 211: */
! 212: static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
! 213: time_t notBefore, time_t notAfter,
! 214: identification_t *subject)
! 215: {
! 216: private_pubkey_cert_t *this;
! 217: chunk_t fingerprint;
! 218:
! 219: INIT(this,
! 220: .public = {
! 221: .interface = {
! 222: .get_type = _get_type,
! 223: .get_subject = _get_subject,
! 224: .get_issuer = _get_issuer,
! 225: .has_subject = _has_subject,
! 226: .has_issuer = _has_issuer,
! 227: .issued_by = _issued_by,
! 228: .get_public_key = _get_public_key,
! 229: .get_validity = _get_validity,
! 230: .get_encoding = _get_encoding,
! 231: .equals = _equals,
! 232: .get_ref = _get_ref,
! 233: .destroy = _destroy,
! 234: },
! 235: .set_subject = _set_subject,
! 236: },
! 237: .ref = 1,
! 238: .key = key,
! 239: .notBefore = notBefore,
! 240: .notAfter = notAfter,
! 241: .issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
! 242: );
! 243:
! 244: if (subject)
! 245: {
! 246: this->subject = subject->clone(subject);
! 247: }
! 248: else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
! 249: {
! 250: this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
! 251: }
! 252: else
! 253: {
! 254: this->subject = identification_create_from_encoding(ID_ANY, chunk_empty);
! 255: }
! 256:
! 257: return &this->public;
! 258: }
! 259:
! 260: /**
! 261: * See header.
! 262: */
! 263: pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
! 264: {
! 265: public_key_t *key = NULL;
! 266: chunk_t blob = chunk_empty;
! 267: identification_t *subject = NULL;
! 268: time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME;
! 269:
! 270: while (TRUE)
! 271: {
! 272: switch (va_arg(args, builder_part_t))
! 273: {
! 274: case BUILD_BLOB_ASN1_DER:
! 275: blob = va_arg(args, chunk_t);
! 276: continue;
! 277: case BUILD_PUBLIC_KEY:
! 278: key = va_arg(args, public_key_t*);
! 279: continue;
! 280: case BUILD_NOT_BEFORE_TIME:
! 281: notBefore = va_arg(args, time_t);
! 282: continue;
! 283: case BUILD_NOT_AFTER_TIME:
! 284: notAfter = va_arg(args, time_t);
! 285: continue;
! 286: case BUILD_SUBJECT:
! 287: subject = va_arg(args, identification_t*);
! 288: continue;
! 289: case BUILD_END:
! 290: break;
! 291: default:
! 292: return NULL;
! 293: }
! 294: break;
! 295: }
! 296: if (key)
! 297: {
! 298: key->get_ref(key);
! 299: }
! 300: else if (blob.ptr)
! 301: {
! 302: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
! 303: BUILD_BLOB_ASN1_DER, blob, BUILD_END);
! 304: }
! 305: if (key)
! 306: {
! 307: return pubkey_cert_create(key, notBefore, notAfter, subject);
! 308: }
! 309: return NULL;
! 310: }
! 311:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>