diff options
| author | Martin Willi <martin@revosec.ch> | 2012-11-29 14:30:08 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-12-19 10:32:08 +0100 |
| commit | 04884be3b5f7fb9b8790396db40d400ba2b1cc05 (patch) | |
| tree | 6640179aff84d78980de87accafed99c9b791744 /src/libstrongswan/plugins/openssl/openssl_pkcs7.c | |
| parent | e96d945dcd3ed60f6fcadb672b41035bad472b4d (diff) | |
| download | strongswan-04884be3b5f7fb9b8790396db40d400ba2b1cc05.tar.bz2 strongswan-04884be3b5f7fb9b8790396db40d400ba2b1cc05.tar.xz | |
Implement openssl PKCS#7 certficiate enumeration
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_pkcs7.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_pkcs7.c | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 73748051c..3c9e8cefe 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -65,6 +65,78 @@ chunk_t asn1_wrap(int, const char *mode, ...); int asn1_unwrap(chunk_t*, chunk_t*); /** + * Enumerator over certificates + */ +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** Stack of X509 certificates */ + STACK_OF(X509) *certs; + /** current enumerator position in certificates */ + int i; + /** currently enumerating certificate_t */ + certificate_t *cert; +} cert_enumerator_t; + +METHOD(enumerator_t, cert_destroy, void, + cert_enumerator_t *this) +{ + DESTROY_IF(this->cert); + free(this); +} + +METHOD(enumerator_t, cert_enumerate, bool, + cert_enumerator_t *this, certificate_t **out) +{ + if (!this->certs) + { + return FALSE; + } + while (this->i < sk_X509_num(this->certs)) + { + chunk_t encoding; + X509 *x509; + + /* clean up previous round */ + DESTROY_IF(this->cert); + this->cert = NULL; + + x509 = sk_X509_value(this->certs, this->i++); + encoding = openssl_i2chunk(X509, x509); + this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, encoding, + BUILD_END); + free(encoding.ptr); + if (!this->cert) + { + continue; + } + *out = this->cert; + return TRUE; + } + return FALSE; +} + +METHOD(pkcs7_t, create_cert_enumerator, enumerator_t*, + private_openssl_pkcs7_t *this) +{ + cert_enumerator_t *enumerator; + + if (this->type == CONTAINER_PKCS7_SIGNED_DATA) + { + INIT(enumerator, + .public = { + .enumerate = (void*)_cert_enumerate, + .destroy = _cert_destroy, + }, + .certs = CMS_get1_certs(this->cms), + ); + return &enumerator->public; + } + return enumerator_create_empty(); +} + +/** * Enumerator for signatures */ typedef struct { |