diff options
| author | Martin Willi <martin@strongswan.org> | 2009-08-24 14:11:44 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-08-26 11:23:52 +0200 |
| commit | 6b6ece636c9160ab0f01c88df68dfa4e1e54a7ab (patch) | |
| tree | d497a71d1bc890aa91478d5ff60c822f88665df8 /src/libstrongswan/plugins/x509/x509_cert.c | |
| parent | a5e3153a36524c1689573cd04adc2125f879412f (diff) | |
| download | strongswan-6b6ece636c9160ab0f01c88df68dfa4e1e54a7ab.tar.bz2 strongswan-6b6ece636c9160ab0f01c88df68dfa4e1e54a7ab.tar.xz | |
updated x509 plugin to public key/x509 API changes
Diffstat (limited to 'src/libstrongswan/plugins/x509/x509_cert.c')
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 32627ebef..81a2b33a2 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -138,7 +138,7 @@ struct private_x509_cert_t { /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; + chunk_t authKeyIdentifier; /** * Authority Key Serial Number @@ -421,13 +421,13 @@ static const asn1Object_t authKeyIdentifierObjects[] = { /** * Extracts an authoritykeyIdentifier */ -identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, +chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber) { asn1_parser_t *parser; chunk_t object; int objectID; - identification_t *authKeyIdentifier = NULL; + chunk_t authKeyIdentifier = chunk_empty; *authKeySerialNumber = chunk_empty; @@ -439,8 +439,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, switch (objectID) { case AUTH_KEY_ID_KEY_ID: - authKeyIdentifier = identification_create_from_encoding( - ID_PUBKEY_SHA1, object); + authKeyIdentifier = chunk_clone(object); break; case AUTH_KEY_ID_CERT_ISSUER: /* TODO: x509_parse_generalNames(object, level+1, TRUE); */ @@ -847,10 +846,12 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje enumerator_t *enumerator; id_match_t match, best; - if (this->encoding_hash.ptr && subject->get_type(subject) == ID_CERT_DER_SHA1 && - chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID) { - return ID_MATCH_PERFECT; + if (chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } } best = this->subject->matches(this->subject, subject); @@ -860,11 +861,11 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje match = current->matches(current, subject); if (match > best) { - best = match; + best = match; } } enumerator->destroy(enumerator); - return best; + return best; } /** @@ -1040,7 +1041,7 @@ static chunk_t get_serial(private_x509_cert_t *this) /** * Implementation of x509_t.get_authKeyIdentifier. */ -static identification_t *get_authKeyIdentifier(private_x509_cert_t *this) +static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) { return this->authKeyIdentifier; } @@ -1083,7 +1084,7 @@ static void destroy(private_x509_cert_t *this) DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); - DESTROY_IF(this->authKeyIdentifier); + chunk_free(&this->authKeyIdentifier); chunk_free(&this->encoding); chunk_free(&this->encoding_hash); if (!this->parsed) @@ -1118,7 +1119,7 @@ static private_x509_cert_t* create_empty(void) this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; - this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; @@ -1137,7 +1138,7 @@ static private_x509_cert_t* create_empty(void) this->crl_uris = linked_list_create(); this->ocsp_uris = linked_list_create(); this->subjectKeyID = chunk_empty; - this->authKeyIdentifier = NULL; + this->authKeyIdentifier = chunk_empty; this->authKeySerialNumber = chunk_empty; this->algorithm = 0; this->signature = chunk_empty; @@ -1253,10 +1254,14 @@ static bool generate(private_builder_t *this) switch (this->cert->public_key->get_type(this->cert->public_key)) { case KEY_RSA: - key = this->cert->public_key->get_encoding(this->cert->public_key); + if (!this->cert->public_key->get_encoding(this->cert->public_key, + KEY_PUB_ASN1_DER, &key)) + { + return FALSE; + } key_info = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", key)); break; default: return FALSE; |