Return to pubkey_cert.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / pubkey |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "pubkey_cert.h" 17: 18: #include <time.h> 19: 20: #include <utils/debug.h> 21: 22: typedef struct private_pubkey_cert_t private_pubkey_cert_t; 23: 24: /** 25: * private data of pubkey_cert 26: */ 27: struct private_pubkey_cert_t { 28: 29: /** 30: * public functions 31: */ 32: pubkey_cert_t public; 33: 34: /** 35: * wrapped public key 36: */ 37: public_key_t *key; 38: 39: /** 40: * dummy issuer id, ID_ANY 41: */ 42: identification_t *issuer; 43: 44: /** 45: * subject, ID_KEY_ID of the public key 46: */ 47: identification_t *subject; 48: 49: /** 50: * key inception time 51: */ 52: time_t notBefore; 53: 54: /** 55: * key expiration time 56: */ 57: time_t notAfter; 58: 59: /** 60: * reference count 61: */ 62: refcount_t ref; 63: }; 64: 65: METHOD(certificate_t, get_type, certificate_type_t, 66: private_pubkey_cert_t *this) 67: { 68: return CERT_TRUSTED_PUBKEY; 69: } 70: 71: METHOD(certificate_t, get_subject, identification_t*, 72: private_pubkey_cert_t *this) 73: { 74: return this->subject; 75: } 76: 77: METHOD(certificate_t, get_issuer, identification_t*, 78: private_pubkey_cert_t *this) 79: { 80: return this->issuer; 81: } 82: 83: METHOD(certificate_t, has_subject, id_match_t, 84: private_pubkey_cert_t *this, identification_t *subject) 85: { 86: if (subject->get_type(subject) == ID_KEY_ID) 87: { 88: cred_encoding_type_t type; 89: chunk_t fingerprint; 90: 91: for (type = 0; type < CRED_ENCODING_MAX; type++) 92: { 93: if (this->key->get_fingerprint(this->key, type, &fingerprint) && 94: chunk_equals(fingerprint, subject->get_encoding(subject))) 95: { 96: return ID_MATCH_PERFECT; 97: } 98: } 99: } 100: 101: return this->subject->matches(this->subject, subject); 102: } 103: 104: METHOD(certificate_t, has_issuer, id_match_t, 105: private_pubkey_cert_t *this, identification_t *issuer) 106: { 107: return ID_MATCH_NONE; 108: } 109: 110: METHOD(certificate_t, equals, bool, 111: private_pubkey_cert_t *this, certificate_t *other) 112: { 113: identification_t *other_subject; 114: public_key_t *other_key; 115: 116: if (this == (private_pubkey_cert_t*)other) 117: { 118: return TRUE; 119: } 120: if (other->get_type(other) != CERT_TRUSTED_PUBKEY) 121: { 122: return FALSE; 123: } 124: other_key = other->get_public_key(other); 125: if (other_key) 126: { 127: if (public_key_equals(this->key, other_key)) 128: { 129: other_key->destroy(other_key); 130: other_subject = other->get_subject(other); 131: return other_subject->equals(other_subject, this->subject); 132: } 133: other_key->destroy(other_key); 134: } 135: return FALSE; 136: } 137: 138: METHOD(certificate_t, issued_by, bool, 139: private_pubkey_cert_t *this, certificate_t *issuer, 140: signature_params_t **scheme) 141: { 142: bool valid = equals(this, issuer); 143: if (valid && scheme) 144: { 145: INIT(*scheme, 146: .scheme = SIGN_UNKNOWN, 147: ); 148: } 149: return valid; 150: } 151: 152: METHOD(certificate_t, get_public_key, public_key_t*, 153: private_pubkey_cert_t *this) 154: { 155: this->key->get_ref(this->key); 156: return this->key; 157: } 158: 159: METHOD(certificate_t, get_validity, bool, 160: private_pubkey_cert_t *this, time_t *when, time_t *not_before, 161: time_t *not_after) 162: { 163: time_t t = when ? *when : time(NULL); 164: 165: if (not_before) 166: { 167: *not_before = this->notBefore; 168: } 169: if (not_after) 170: { 171: *not_after = this->notAfter; 172: } 173: return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) && 174: (this->notAfter == UNDEFINED_TIME || t <= this->notAfter)); 175: } 176: 177: METHOD(certificate_t, get_encoding, bool, 178: private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) 179: { 180: return this->key->get_encoding(this->key, type, encoding); 181: } 182: 183: METHOD(certificate_t, get_ref, certificate_t*, 184: private_pubkey_cert_t *this) 185: { 186: ref_get(&this->ref); 187: return &this->public.interface; 188: } 189: 190: METHOD(certificate_t, destroy, void, 191: private_pubkey_cert_t *this) 192: { 193: if (ref_put(&this->ref)) 194: { 195: this->subject->destroy(this->subject); 196: this->issuer->destroy(this->issuer); 197: this->key->destroy(this->key); 198: free(this); 199: } 200: } 201: 202: METHOD(pubkey_cert_t, set_subject, void, 203: private_pubkey_cert_t *this, identification_t *subject) 204: { 205: DESTROY_IF(this->subject); 206: this->subject = subject->clone(subject); 207: } 208: 209: /* 210: * see header file 211: */ 212: static pubkey_cert_t *pubkey_cert_create(public_key_t *key, 213: time_t notBefore, time_t notAfter, 214: identification_t *subject) 215: { 216: private_pubkey_cert_t *this; 217: chunk_t fingerprint; 218: 219: INIT(this, 220: .public = { 221: .interface = { 222: .get_type = _get_type, 223: .get_subject = _get_subject, 224: .get_issuer = _get_issuer, 225: .has_subject = _has_subject, 226: .has_issuer = _has_issuer, 227: .issued_by = _issued_by, 228: .get_public_key = _get_public_key, 229: .get_validity = _get_validity, 230: .get_encoding = _get_encoding, 231: .equals = _equals, 232: .get_ref = _get_ref, 233: .destroy = _destroy, 234: }, 235: .set_subject = _set_subject, 236: }, 237: .ref = 1, 238: .key = key, 239: .notBefore = notBefore, 240: .notAfter = notAfter, 241: .issuer = identification_create_from_encoding(ID_ANY, chunk_empty), 242: ); 243: 244: if (subject) 245: { 246: this->subject = subject->clone(subject); 247: } 248: else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint)) 249: { 250: this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint); 251: } 252: else 253: { 254: this->subject = identification_create_from_encoding(ID_ANY, chunk_empty); 255: } 256: 257: return &this->public; 258: } 259: 260: /** 261: * See header. 262: */ 263: pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) 264: { 265: public_key_t *key = NULL; 266: chunk_t blob = chunk_empty; 267: identification_t *subject = NULL; 268: time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME; 269: 270: while (TRUE) 271: { 272: switch (va_arg(args, builder_part_t)) 273: { 274: case BUILD_BLOB_ASN1_DER: 275: blob = va_arg(args, chunk_t); 276: continue; 277: case BUILD_PUBLIC_KEY: 278: key = va_arg(args, public_key_t*); 279: continue; 280: case BUILD_NOT_BEFORE_TIME: 281: notBefore = va_arg(args, time_t); 282: continue; 283: case BUILD_NOT_AFTER_TIME: 284: notAfter = va_arg(args, time_t); 285: continue; 286: case BUILD_SUBJECT: 287: subject = va_arg(args, identification_t*); 288: continue; 289: case BUILD_END: 290: break; 291: default: 292: return NULL; 293: } 294: break; 295: } 296: if (key) 297: { 298: key->get_ref(key); 299: } 300: else if (blob.ptr) 301: { 302: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, 303: BUILD_BLOB_ASN1_DER, blob, BUILD_END); 304: } 305: if (key) 306: { 307: return pubkey_cert_create(key, notBefore, notAfter, subject); 308: } 309: return NULL; 310: } 311: