Cleaned up certreq payload for IKEv2/IKEv1 use

author: Martin Willi <martin@revosec.ch> 2011-12-06 10:56:39 +0100
committer: Martin Willi <martin@revosec.ch> 2012-03-20 17:31:13 +0100
commit: df06ef2098da33744295529872698b8d9defaa67 (patch)
tree: 340f3113d1cc716ad1bbff7a5d20bdb643b8c3ed /src
parent: 6ccabe2561af854b20de79eb66ba735e5fffe782 (diff)
download: strongswan-df06ef2098da33744295529872698b8d9defaa67.tar.bz2
strongswan-df06ef2098da33744295529872698b8d9defaa67.tar.xz
2 files changed, 52 insertions, 53 deletions
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index dea1f40bd..26d1f0a43 100755
--- a/src/libcharon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
@@ -66,16 +66,13 @@ struct private_certreq_payload_t {
 	chunk_t data;
 
 	/**
-	 * Payload type for certificate request.
+	 * Payload type CERTIFICATE_REQUEST or CERTIFICATE_REQUEST_V1
 	 */
-	payload_type_t payload_type;
+	payload_type_t type;
 };
 
 /**
- * Encoding rules to parse or generate a CERTREQ payload
- *
- * The defined offsets are the positions in a object of type
- * private_certreq_payload_t.
+ * Encoding rules for CERTREQ payload.
  */
 static encoding_rule_t encodings[] = {
 	/* 1 Byte next payload type, stored in the field next_payload */
@@ -114,7 +111,8 @@ static encoding_rule_t encodings[] = {
 METHOD(payload_t, verify, status_t,
 	private_certreq_payload_t *this)
 {
-	if (this->encoding == ENC_X509_SIGNATURE)
+	if (this->type == CERTIFICATE_REQUEST &&
+		this->encoding == ENC_X509_SIGNATURE)
 	{
 		if (this->data.len < HASH_SIZE_SHA1 ||
 			this->data.len % HASH_SIZE_SHA1)
@@ -127,13 +125,6 @@ METHOD(payload_t, verify, status_t,
 	return SUCCESS;
 }
 
-METHOD(payload_t, verify_v1, status_t,
-			 private_certreq_payload_t *this)
-{
-	/*TODO: */
-	return SUCCESS;
-}
-
 METHOD(payload_t, get_encoding_rules, int,
 	private_certreq_payload_t *this, encoding_rule_t **rules)
 {
@@ -150,7 +141,7 @@ METHOD(payload_t, get_header_length, int,
 METHOD(payload_t, get_type, payload_type_t,
 	private_certreq_payload_t *this)
 {
-	return this->payload_type;
+	return this->type;
 }
 
 METHOD(payload_t, get_next_type, payload_type_t,
@@ -171,21 +162,14 @@ METHOD(payload_t, get_length, size_t,
 	return this->payload_length;
 }
 
-METHOD(certreq_payload_t, get_dn, chunk_t,
+METHOD(certreq_payload_t, get_dn, identification_t*,
 	private_certreq_payload_t *this)
 {
-	return this->data;
-}
-
-METHOD(certreq_payload_t, set_dn, void,
-	private_certreq_payload_t *this, chunk_t dn)
-{
-	if (this->data.ptr)
+	if (this->data.len)
 	{
-		free(this->data.ptr);
+		return identification_create_from_encoding(ID_DER_ASN1_DN, this->data);
 	}
-	this->data = chunk_clone(dn);
-	this->payload_length = get_header_length(this) + this->data.len;
+	return NULL;
 }
 
 METHOD(certreq_payload_t, add_keyid, void,
@@ -235,6 +219,10 @@ METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*,
 {
 	keyid_enumerator_t *enumerator;
 
+	if (this->type == CERTIFICATE_REQUEST_V1)
+	{
+		return enumerator_create_empty();
+	}
 	INIT(enumerator,
 		.public = {
 			.enumerate = (void*)_keyid_enumerate,
@@ -267,7 +255,7 @@ METHOD2(payload_t, certreq_payload_t, destroy, void,
 /*
  * Described in header
  */
-certreq_payload_t *certreq_payload_create(payload_type_t payload_type)
+certreq_payload_t *certreq_payload_create(payload_type_t type)
 {
 	private_certreq_payload_t *this;
 
@@ -288,28 +276,23 @@ certreq_payload_t *certreq_payload_create(payload_type_t payload_type)
 			.add_keyid = _add_keyid,
 			.destroy = _destroy,
 			.get_dn = _get_dn,
-			.set_dn = _set_dn,
 		},
 		.next_payload = NO_PAYLOAD,
 		.payload_length = get_header_length(this),
-		.payload_type = payload_type,
+		.type = type,
 	);
-
-	if (payload_type == CERTIFICATE_REQUEST_V1)
-	{
-		this->public.payload_interface.verify = _verify_v1;
-	}
-
 	return &this->public;
 }
 
 /*
  * Described in header
  */
-certreq_payload_t *certreq_payload_create_type(payload_type_t payload_type, certificate_type_t type)
+certreq_payload_t *certreq_payload_create_type(certificate_type_t type)
 {
-	private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create(payload_type);
+	private_certreq_payload_t *this;
 
+	this = (private_certreq_payload_t*)
+					certreq_payload_create(CERTIFICATE_REQUEST);
 	switch (type)
 	{
 		case CERT_X509:
@@ -324,3 +307,19 @@ certreq_payload_t *certreq_payload_create_type(payload_type_t payload_type, cert
 	return &this->public;
 }
 
+/*
+ * Described in header
+ */
+certreq_payload_t *certreq_payload_create_dn(identification_t *id)
+{
+	private_certreq_payload_t *this;
+
+	this = (private_certreq_payload_t*)
+					certreq_payload_create(CERTIFICATE_REQUEST_V1);
+
+	this->encoding = ENC_X509_SIGNATURE;
+	this->data = chunk_clone(id->get_encoding(id));
+	this->payload_length = get_header_length(this) + this->data.len;
+
+	return &this->public;
+}
diff --git a/src/libcharon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h
index d426da711..e234df5be 100755
--- a/src/libcharon/encoding/payloads/certreq_payload.h
+++ b/src/libcharon/encoding/payloads/certreq_payload.h
@@ -27,13 +27,13 @@ typedef struct certreq_payload_t certreq_payload_t;
 #include <library.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/cert_payload.h>
+#include <utils/identification.h>
 
 /**
- * Class representing an IKEv2 CERTREQ payload.
- *
- * The CERTREQ payload format is described in RFC section 3.7.
+ * Class representing an IKEv1/IKEv2 CERTREQ payload.
  */
 struct certreq_payload_t {
+
 	/**
 	 * The payload_t interface.
 	 */
@@ -62,19 +62,11 @@ struct certreq_payload_t {
 	void (*add_keyid)(certreq_payload_t *this, chunk_t keyid);
 
 	/**
-	 * Get certificate request data (IKEv1 only).
-	 *
-	  * @return certifcate request data
-	 */
-	chunk_t (*get_dn)(certreq_payload_t *this);
-
-	/**
-	 * Set certificate request data (IKEv1 only).
+	 * Get the distinguished name of the payload (IKEv1 only).
 	 *
-	 * @param dn		certifcate request data to set
-	 * @return
+	 * @return			DN as identity, must be destroyed
 	 */
-	void (*set_dn)(certreq_payload_t *this, chunk_t dn);
+	identification_t* (*get_dn)(certreq_payload_t *this);
 
 	/**
 	 * Destroys an certreq_payload_t object.
@@ -90,11 +82,19 @@ struct certreq_payload_t {
 certreq_payload_t *certreq_payload_create(payload_type_t payload_type);
 
 /**
- * Creates an empty certreq_payload_t for a kind of certificates.
+ * Creates an empty IKEv2 certreq_payload_t for a kind of certificates.
  *
  * @param type			type of the added keyids
  * @return 				certreq payload
  */
-certreq_payload_t *certreq_payload_create_type(payload_type_t payload_type, certificate_type_t type);
+certreq_payload_t *certreq_payload_create_type(certificate_type_t type);
+
+/**
+ * Creates a IKEv1 certreq_payload_t for a given distinguished name.
+ *
+ * @param dn			distinguished name, does not get owned
+ * @return 				certreq payload
+ */
+certreq_payload_t *certreq_payload_create_dn(identification_t *id);
 
 #endif /** CERTREQ_PAYLOAD_H_ @}*/
author	Martin Willi <martin@revosec.ch>	2011-12-06 10:56:39 +0100
committer	Martin Willi <martin@revosec.ch>	2012-03-20 17:31:13 +0100
commit	df06ef2098da33744295529872698b8d9defaa67 (patch)
tree	340f3113d1cc716ad1bbff7a5d20bdb643b8c3ed /src
parent	6ccabe2561af854b20de79eb66ba735e5fffe782 (diff)
download	strongswan-df06ef2098da33744295529872698b8d9defaa67.tar.bz2 strongswan-df06ef2098da33744295529872698b8d9defaa67.tar.xz