diff options
| author | Martin Willi <martin@strongswan.org> | 2009-09-21 14:43:57 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-09-21 14:43:57 +0200 |
| commit | c331bce51dcf0fc75c181d2343b62d698630b735 (patch) | |
| tree | 10ca1e46d785843535b436b6f7cca616600e84ec /src | |
| parent | 8153be823b4b05a64ec01c523b85e8d6e519566a (diff) | |
| download | strongswan-c331bce51dcf0fc75c181d2343b62d698630b735.tar.bz2 strongswan-c331bce51dcf0fc75c181d2343b62d698630b735.tar.xz | |
Return certificates of requested kind only
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 62 |
1 files changed, 4 insertions, 58 deletions
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 5f322c5f9..d3eb1fd76 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -88,6 +88,7 @@ struct private_stroke_cred_t { typedef struct { private_stroke_cred_t *this; identification_t *id; + certificate_type_t type; } id_data_t; /** @@ -150,8 +151,7 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou certificate_t *cert = *in; chunk_t keyid; - if (cert->get_type(cert) == CERT_X509_CRL || - cert->get_type(cert) == CERT_X509_AC) + if (cert->get_type(cert) != data->type) { return FALSE; } @@ -177,46 +177,6 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou } /** - * filter function for crl enumerator - */ -static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) -{ - certificate_t *cert = *in; - - if (cert->get_type(cert) != CERT_X509_CRL) - { - return FALSE; - } - - if (data->id == NULL || cert->has_issuer(cert, data->id)) - { - *out = *in; - return TRUE; - } - return FALSE; -} - -/** - * filter function for attribute certificate enumerator - */ -static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out) -{ - certificate_t *cert = *in; - - if (cert->get_type(cert) != CERT_X509_AC) - { - return FALSE; - } - - if (data->id == NULL || cert->has_subject(cert, data->id)) - { - *out = *in; - return TRUE; - } - return FALSE; -} - -/** * Implements credential_set_t.create_cert_enumerator */ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, @@ -225,28 +185,14 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, { id_data_t *data; - if (cert == CERT_X509_CRL || cert == CERT_X509_AC) + if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC)) { - if (trusted) - { - return NULL; - } - data = malloc_thing(id_data_t); - data->this = this; - data->id = id; - - this->lock->read_lock(this->lock); - return enumerator_create_filter(this->certs->create_enumerator(this->certs), - (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter, - data, (void*)id_data_destroy); - } - if (cert != CERT_X509 && cert != CERT_GPG && cert != CERT_ANY) - { /* we have X509/PGP certificates. TODO: ACs? */ return NULL; } data = malloc_thing(id_data_t); data->this = this; data->id = id; + data->type = cert; this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), |