diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2010-11-19 17:28:46 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2010-12-03 18:00:00 +0100 |
| commit | 5ad4fa295aeb81c0d6e8a7125a1072648fee456d (patch) | |
| tree | 685db8ce6646631b01f2c386858b110ada818342 /src | |
| parent | 982de5a5f5cff84d23ce8ca3603ddfcf5906fd58 (diff) | |
| download | strongswan-5ad4fa295aeb81c0d6e8a7125a1072648fee456d.tar.bz2 strongswan-5ad4fa295aeb81c0d6e8a7125a1072648fee456d.tar.xz | |
Function add_crl added to mem_cred_t.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.c | 60 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/sets/mem_cred.h | 10 |
2 files changed, 70 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index bd7891b13..1a1f086c0 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -187,6 +187,65 @@ METHOD(mem_cred_t, add_cert_ref, certificate_t*, return add_cert_internal(this, trusted, cert); } +METHOD(mem_cred_t, add_crl, bool, + private_mem_cred_t *this, crl_t *crl) +{ + certificate_t *current, *cert = &crl->certificate; + enumerator_t *enumerator; + bool new = TRUE; + + this->lock->write_lock(this->lock); + enumerator = this->untrusted->create_enumerator(this->untrusted); + while (enumerator->enumerate(enumerator, (void**)¤t)) + { + if (current->get_type(current) != CERT_X509_CRL) + { + bool found = FALSE; + crl_t *crl_c = (crl_t*)current; + chunk_t authkey = crl->get_authKeyIdentifier(crl); + chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); + + /* compare authorityKeyIdentifiers if available */ + if (chunk_equals(authkey, authkey_c)) + { + found = TRUE; + } + else + { + identification_t *issuer = cert->get_issuer(cert); + identification_t *issuer_c = current->get_issuer(current); + + /* otherwise compare issuer distinguished names */ + if (issuer->equals(issuer, issuer_c)) + { + found = TRUE; + } + } + if (found) + { + new = crl_is_newer(crl, crl_c); + if (new) + { + this->untrusted->remove_at(this->untrusted, enumerator); + } + else + { + cert->destroy(cert); + } + break; + } + } + } + enumerator->destroy(enumerator); + + if (new) + { + this->untrusted->insert_last(this->untrusted, cert); + } + this->lock->unlock(this->lock); + return new; +} + /** * Data for key enumerator */ @@ -461,6 +520,7 @@ mem_cred_t *mem_cred_create() }, .add_cert = _add_cert, .add_cert_ref = _add_cert_ref, + .add_crl = _add_crl, .add_key = _add_key, .add_shared = _add_shared, .add_shared_list = _add_shared_list, diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 547fe6eda..4db584a0c 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -26,6 +26,7 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> +#include <credentials/certificates/crl.h> #include <utils/linked_list.h> /** @@ -58,6 +59,15 @@ struct mem_cred_t { certificate_t *cert); /** + * Add an X.509 CRL to the credential set. + * + * @param crl CRL, gets owned by set + * @return TRUE, if the CRL is newer than an existing one (or + * new at all) + */ + bool (*add_crl)(mem_cred_t *this, crl_t *crl); + + /** * Add a private key to the credential set. * * @param key key, reference gets owned by set |