diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-17 16:52:04 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:03 +0100 |
| commit | 1019cad161ecfc975c69dd0e1a753fdc78f1dcf7 (patch) | |
| tree | 2efafda2390aa82a87547762228c6ff8899ec681 /src/libstrongswan/plugins/x509 | |
| parent | a6478a0402d577a5974968e25d1018c9d9d111cd (diff) | |
| download | strongswan-1019cad161ecfc975c69dd0e1a753fdc78f1dcf7.tar.bz2 strongswan-1019cad161ecfc975c69dd0e1a753fdc78f1dcf7.tar.xz | |
Moved CRL distribution point building to an exportable function
Diffstat (limited to 'src/libstrongswan/plugins/x509')
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 72 |
1 files changed, 43 insertions, 29 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 6866a482b..1628509c5 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1930,6 +1930,47 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) } /** + * Encode CRL distribution points extension from a x509_cdp_t list + */ +chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) +{ + chunk_t crlDistributionPoints = chunk_empty; + enumerator_t *enumerator; + x509_cdp_t *cdp; + + if (list->get_count(list) == 0) + { + return chunk_empty; + } + + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &cdp)) + { + chunk_t distributionPoint, crlIssuer = chunk_empty; + + if (cdp->issuer) + { + crlIssuer = asn1_wrap(ASN1_CONTEXT_C_2, "m", + build_generalName(cdp->issuer)); + } + distributionPoint = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(cdp->uri, strlen(cdp->uri))))), + crlIssuer); + crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, + distributionPoint); + } + enumerator->destroy(enumerator); + + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(extn), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); +} + +/** * Generate and sign a new certificate */ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, @@ -1945,7 +1986,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty; identification_t *issuer, *subject; - x509_cdp_t *cdp; chunk_t key_info; signature_scheme_t scheme; hasher_t *hasher; @@ -1998,34 +2038,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, /* encode subjectAltNames */ subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); - /* encode CRL distribution points extension */ - enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); - while (enumerator->enumerate(enumerator, &cdp)) - { - chunk_t distributionPoint, crlIssuer = chunk_empty; - - if (cdp->issuer) - { - crlIssuer = asn1_wrap(ASN1_CONTEXT_C_2, "m", - build_generalName(cdp->issuer)); - } - distributionPoint = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_S_6, "c", - chunk_create(cdp->uri, strlen(cdp->uri))))), - crlIssuer); - crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, - distributionPoint); - } - enumerator->destroy(enumerator); - if (crlDistributionPoints.ptr) - { - crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), - asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); - } + crlDistributionPoints = x509_build_crlDistributionPoints(cert->crl_uris, + OID_CRL_DISTRIBUTION_POINTS); /* encode OCSP URIs in authorityInfoAccess extension */ enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); |