Annotation of embedaddon/strongswan/src/libstrongswan/plugins/pubkey/pubkey_cert.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2008 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "pubkey_cert.h"
17:
18: #include <time.h>
19:
20: #include <utils/debug.h>
21:
22: typedef struct private_pubkey_cert_t private_pubkey_cert_t;
23:
24: /**
25: * private data of pubkey_cert
26: */
27: struct private_pubkey_cert_t {
28:
29: /**
30: * public functions
31: */
32: pubkey_cert_t public;
33:
34: /**
35: * wrapped public key
36: */
37: public_key_t *key;
38:
39: /**
40: * dummy issuer id, ID_ANY
41: */
42: identification_t *issuer;
43:
44: /**
45: * subject, ID_KEY_ID of the public key
46: */
47: identification_t *subject;
48:
49: /**
50: * key inception time
51: */
52: time_t notBefore;
53:
54: /**
55: * key expiration time
56: */
57: time_t notAfter;
58:
59: /**
60: * reference count
61: */
62: refcount_t ref;
63: };
64:
65: METHOD(certificate_t, get_type, certificate_type_t,
66: private_pubkey_cert_t *this)
67: {
68: return CERT_TRUSTED_PUBKEY;
69: }
70:
71: METHOD(certificate_t, get_subject, identification_t*,
72: private_pubkey_cert_t *this)
73: {
74: return this->subject;
75: }
76:
77: METHOD(certificate_t, get_issuer, identification_t*,
78: private_pubkey_cert_t *this)
79: {
80: return this->issuer;
81: }
82:
83: METHOD(certificate_t, has_subject, id_match_t,
84: private_pubkey_cert_t *this, identification_t *subject)
85: {
86: if (subject->get_type(subject) == ID_KEY_ID)
87: {
88: cred_encoding_type_t type;
89: chunk_t fingerprint;
90:
91: for (type = 0; type < CRED_ENCODING_MAX; type++)
92: {
93: if (this->key->get_fingerprint(this->key, type, &fingerprint) &&
94: chunk_equals(fingerprint, subject->get_encoding(subject)))
95: {
96: return ID_MATCH_PERFECT;
97: }
98: }
99: }
100:
101: return this->subject->matches(this->subject, subject);
102: }
103:
104: METHOD(certificate_t, has_issuer, id_match_t,
105: private_pubkey_cert_t *this, identification_t *issuer)
106: {
107: return ID_MATCH_NONE;
108: }
109:
110: METHOD(certificate_t, equals, bool,
111: private_pubkey_cert_t *this, certificate_t *other)
112: {
113: identification_t *other_subject;
114: public_key_t *other_key;
115:
116: if (this == (private_pubkey_cert_t*)other)
117: {
118: return TRUE;
119: }
120: if (other->get_type(other) != CERT_TRUSTED_PUBKEY)
121: {
122: return FALSE;
123: }
124: other_key = other->get_public_key(other);
125: if (other_key)
126: {
127: if (public_key_equals(this->key, other_key))
128: {
129: other_key->destroy(other_key);
130: other_subject = other->get_subject(other);
131: return other_subject->equals(other_subject, this->subject);
132: }
133: other_key->destroy(other_key);
134: }
135: return FALSE;
136: }
137:
138: METHOD(certificate_t, issued_by, bool,
139: private_pubkey_cert_t *this, certificate_t *issuer,
140: signature_params_t **scheme)
141: {
142: bool valid = equals(this, issuer);
143: if (valid && scheme)
144: {
145: INIT(*scheme,
146: .scheme = SIGN_UNKNOWN,
147: );
148: }
149: return valid;
150: }
151:
152: METHOD(certificate_t, get_public_key, public_key_t*,
153: private_pubkey_cert_t *this)
154: {
155: this->key->get_ref(this->key);
156: return this->key;
157: }
158:
159: METHOD(certificate_t, get_validity, bool,
160: private_pubkey_cert_t *this, time_t *when, time_t *not_before,
161: time_t *not_after)
162: {
163: time_t t = when ? *when : time(NULL);
164:
165: if (not_before)
166: {
167: *not_before = this->notBefore;
168: }
169: if (not_after)
170: {
171: *not_after = this->notAfter;
172: }
173: return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) &&
174: (this->notAfter == UNDEFINED_TIME || t <= this->notAfter));
175: }
176:
177: METHOD(certificate_t, get_encoding, bool,
178: private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
179: {
180: return this->key->get_encoding(this->key, type, encoding);
181: }
182:
183: METHOD(certificate_t, get_ref, certificate_t*,
184: private_pubkey_cert_t *this)
185: {
186: ref_get(&this->ref);
187: return &this->public.interface;
188: }
189:
190: METHOD(certificate_t, destroy, void,
191: private_pubkey_cert_t *this)
192: {
193: if (ref_put(&this->ref))
194: {
195: this->subject->destroy(this->subject);
196: this->issuer->destroy(this->issuer);
197: this->key->destroy(this->key);
198: free(this);
199: }
200: }
201:
202: METHOD(pubkey_cert_t, set_subject, void,
203: private_pubkey_cert_t *this, identification_t *subject)
204: {
205: DESTROY_IF(this->subject);
206: this->subject = subject->clone(subject);
207: }
208:
209: /*
210: * see header file
211: */
212: static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
213: time_t notBefore, time_t notAfter,
214: identification_t *subject)
215: {
216: private_pubkey_cert_t *this;
217: chunk_t fingerprint;
218:
219: INIT(this,
220: .public = {
221: .interface = {
222: .get_type = _get_type,
223: .get_subject = _get_subject,
224: .get_issuer = _get_issuer,
225: .has_subject = _has_subject,
226: .has_issuer = _has_issuer,
227: .issued_by = _issued_by,
228: .get_public_key = _get_public_key,
229: .get_validity = _get_validity,
230: .get_encoding = _get_encoding,
231: .equals = _equals,
232: .get_ref = _get_ref,
233: .destroy = _destroy,
234: },
235: .set_subject = _set_subject,
236: },
237: .ref = 1,
238: .key = key,
239: .notBefore = notBefore,
240: .notAfter = notAfter,
241: .issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
242: );
243:
244: if (subject)
245: {
246: this->subject = subject->clone(subject);
247: }
248: else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
249: {
250: this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
251: }
252: else
253: {
254: this->subject = identification_create_from_encoding(ID_ANY, chunk_empty);
255: }
256:
257: return &this->public;
258: }
259:
260: /**
261: * See header.
262: */
263: pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
264: {
265: public_key_t *key = NULL;
266: chunk_t blob = chunk_empty;
267: identification_t *subject = NULL;
268: time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME;
269:
270: while (TRUE)
271: {
272: switch (va_arg(args, builder_part_t))
273: {
274: case BUILD_BLOB_ASN1_DER:
275: blob = va_arg(args, chunk_t);
276: continue;
277: case BUILD_PUBLIC_KEY:
278: key = va_arg(args, public_key_t*);
279: continue;
280: case BUILD_NOT_BEFORE_TIME:
281: notBefore = va_arg(args, time_t);
282: continue;
283: case BUILD_NOT_AFTER_TIME:
284: notAfter = va_arg(args, time_t);
285: continue;
286: case BUILD_SUBJECT:
287: subject = va_arg(args, identification_t*);
288: continue;
289: case BUILD_END:
290: break;
291: default:
292: return NULL;
293: }
294: break;
295: }
296: if (key)
297: {
298: key->get_ref(key);
299: }
300: else if (blob.ptr)
301: {
302: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
303: BUILD_BLOB_ASN1_DER, blob, BUILD_END);
304: }
305: if (key)
306: {
307: return pubkey_cert_create(key, notBefore, notAfter, subject);
308: }
309: return NULL;
310: }
311:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>