diff options
| author | Martin Willi <martin@strongswan.org> | 2008-04-17 11:22:37 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-04-17 11:22:37 +0000 |
| commit | 233b853dfa3abce9b38cad360f486b373e8e50ae (patch) | |
| tree | 8b28444b8de1c64e4f785a59109eb739c16ca59d /src | |
| parent | 46a5604a04dd4f9cb2f81708f1628152649cc2da (diff) | |
| download | strongswan-233b853dfa3abce9b38cad360f486b373e8e50ae.tar.bz2 strongswan-233b853dfa3abce9b38cad360f486b373e8e50ae.tar.xz | |
extended credential_set_t interface by a cache_cert() method
allows persistent or in-memory caching of fetched certificates
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/control/controller.c | 8 | ||||
| -rw-r--r-- | src/charon/credentials/credential_manager.c | 19 | ||||
| -rw-r--r-- | src/charon/credentials/credential_manager.h | 10 | ||||
| -rw-r--r-- | src/charon/credentials/credential_set.h | 12 | ||||
| -rw-r--r-- | src/charon/credentials/sets/auth_info_wrapper.c | 1 | ||||
| -rw-r--r-- | src/charon/credentials/sets/cert_cache.c | 9 | ||||
| -rw-r--r-- | src/charon/credentials/sets/ocsp_response_wrapper.c | 1 | ||||
| -rw-r--r-- | src/charon/plugins/med_db/med_db_creds.c | 1 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_cred.c | 10 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 9 | ||||
| -rw-r--r-- | src/libstrongswan/utils.c | 7 | ||||
| -rw-r--r-- | src/libstrongswan/utils.h | 5 |
12 files changed, 82 insertions, 10 deletions
diff --git a/src/charon/control/controller.c b/src/charon/control/controller.c index 6a03bab15..3410384b4 100644 --- a/src/charon/control/controller.c +++ b/src/charon/control/controller.c @@ -106,14 +106,6 @@ struct interface_job_t { }; /** - * Implements the famous nop operation - */ -static void nop(job_t *job) -{ - /* NOP */ -} - -/** * Implementation of controller_t.create_ike_sa_iterator. */ static enumerator_t* create_ike_sa_enumerator(controller_t *this) diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c index 5e71af8bb..f80319226 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/charon/credentials/credential_manager.c @@ -1438,6 +1438,24 @@ static void flush_cache(private_credential_manager_t *this, } /** + * Implementation of credential_manager_t.cache_cert. + */ +static void cache_cert(private_credential_manager_t *this, certificate_t *cert) +{ + credential_set_t *set; + enumerator_t *enumerator; + + pthread_rwlock_rdlock(&this->lock); + enumerator = this->sets->create_enumerator(this->sets); + while (enumerator->enumerate(enumerator, &set)) + { + set->cache_cert(set, cert); + } + enumerator->destroy(enumerator); + pthread_rwlock_unlock(&this->lock); +} + +/** * Implementation of credential_manager_t.add_set. */ static void add_set(private_credential_manager_t *this, @@ -1486,6 +1504,7 @@ credential_manager_t *credential_manager_create() this->public.get_private = (private_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_private; this->public.create_public_enumerator = (enumerator_t*(*)(credential_manager_t*, key_type_t type, identification_t *id, auth_info_t *aut))create_public_enumerator; this->public.flush_cache = (void(*)(credential_manager_t*, certificate_type_t type))flush_cache; + this->public.cache_cert = (void(*)(credential_manager_t*, certificate_t *cert))cache_cert; this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set; this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set; this->public.destroy = (void(*)(credential_manager_t*))destroy; diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h index 7c84c43b8..0848f5fb0 100644 --- a/src/charon/credentials/credential_manager.h +++ b/src/charon/credentials/credential_manager.h @@ -163,8 +163,18 @@ struct credential_manager_t { key_type_t type, identification_t *id, auth_info_t *auth); /** + * Cache a certificate by invoking cache_cert() on all registerd sets. + * + * @param cert certificate to cache + */ + void (*cache_cert)(credential_manager_t *this, certificate_t *cert); + + /** * Flush the certificate cache. * + * Only the managers local cache is flushed, but not the sets cache filled + * by the cache_cert() method. + * * @param type type of certificate to flush, or CERT_ANY */ void (*flush_cache)(credential_manager_t *this, certificate_type_t type); diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h index a4e891a84..41c5b1674 100644 --- a/src/charon/credentials/credential_set.h +++ b/src/charon/credentials/credential_set.h @@ -87,7 +87,17 @@ struct credential_set_t { * @return an enumerator over CDPs as char* */ enumerator_t *(*create_cdp_enumerator)(credential_set_t *this, - certificate_type_t type, identification_t *id); + certificate_type_t type, identification_t *id); + + /** + * Cache a certificate in the credential set. + * + * The caching policy is implementation dependent, the sets may cache the + * certificate in-memory, persistent on disk or not at all. + * + * @param cert certificate to cache + */ + void (*cache_cert)(credential_set_t *this, certificate_t *cert); }; #endif /* CREDENTIAL_SET_H_ @} */ diff --git a/src/charon/credentials/sets/auth_info_wrapper.c b/src/charon/credentials/sets/auth_info_wrapper.c index 12349b5fe..b7576a5a7 100644 --- a/src/charon/credentials/sets/auth_info_wrapper.c +++ b/src/charon/credentials/sets/auth_info_wrapper.c @@ -145,6 +145,7 @@ auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth) this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(auth_info_wrapper_t*))destroy; this->auth = auth; diff --git a/src/charon/credentials/sets/cert_cache.c b/src/charon/credentials/sets/cert_cache.c index 6a1587f15..8af8bb619 100644 --- a/src/charon/credentials/sets/cert_cache.c +++ b/src/charon/credentials/sets/cert_cache.c @@ -266,6 +266,14 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this, } /** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_cert_cache_t *this, certificate_t *cert) +{ + /* TODO: implement caching */ +} + +/** * Implementation of cert_cache_t.flush. */ static void flush(private_cert_cache_t *this, certificate_type_t type) @@ -309,6 +317,7 @@ cert_cache_t *cert_cache_create() this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)cache_cert; this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; this->public.destroy = (void(*)(cert_cache_t*))destroy; diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/charon/credentials/sets/ocsp_response_wrapper.c index 6241a5ada..c4d3a5b0f 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.c +++ b/src/charon/credentials/sets/ocsp_response_wrapper.c @@ -139,6 +139,7 @@ ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; this->response = response; diff --git a/src/charon/plugins/med_db/med_db_creds.c b/src/charon/plugins/med_db/med_db_creds.c index 364e039ed..0f55ec11a 100644 --- a/src/charon/plugins/med_db/med_db_creds.c +++ b/src/charon/plugins/med_db/med_db_creds.c @@ -144,6 +144,7 @@ med_db_creds_t *med_db_creds_create(database_t *db) this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(med_db_creds_t*))destroy; diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c index a504b23af..9d91973c2 100644 --- a/src/charon/plugins/sql/sql_cred.c +++ b/src/charon/plugins/sql/sql_cred.c @@ -332,13 +332,20 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, } /** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_sql_cred_t *this, certificate_t *cert) +{ + /* TODO: implement CRL caching to database */ +} + +/** * Implementation of sql_cred_t.destroy. */ static void destroy(private_sql_cred_t *this) { free(this); } - /** * Described in header. */ @@ -350,6 +357,7 @@ sql_cred_t *sql_cred_create(database_t *db) this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)cache_cert; this->public.destroy = (void(*)(sql_cred_t*))destroy; this->db = db; diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 4ac46abd2..6f387bf26 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -305,6 +305,14 @@ static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, } /** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) +{ + /* TODO: implement crl writeback to ipsec.d/crls */ +} + +/** * Add a certificate to chain */ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) @@ -868,6 +876,7 @@ stroke_cred_t *stroke_cred_create() this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; + this->public.set.cache_cert = (void*)cache_cert; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread; this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca; diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 953ef505e..416c8ef44 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -72,6 +72,13 @@ void *return_null() } /** + * nop operation + */ +void nop() +{ +} + +/** * We use a single mutex for all refcount variables. This * is not optimal for performance, but the critical section * is not that long... diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index aae368af1..8b1a8aaba 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -215,6 +215,11 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n); void *return_null(); /** + * No-Operation function + */ +void nop(); + +/** * Special type to count references */ typedef volatile u_int refcount_t; |