aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xsrc/charon/config/credentials/credential_store.h20
-rw-r--r--src/charon/config/credentials/local_credential_store.c44
2 files changed, 54 insertions, 10 deletions
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h
index c9bb158d6..f9c9cd49a 100755
--- a/src/charon/config/credentials/credential_store.h
+++ b/src/charon/config/credentials/credential_store.h
@@ -101,12 +101,30 @@ struct credential_store_t {
* @brief Returns the certificate of a specific ID.
*
* @param this calling object
- * @param id identification_t object identifiying the key.
+ * @param id identification_t object identifiying the cert.
* @return certificate, or NULL if not found
*/
x509_t* (*get_certificate) (credential_store_t *this, identification_t *id);
/**
+ * @brief Returns the ca certificate of a specific subject distinguished name.
+ *
+ * @param this calling object
+ * @param id identification_t object identifiying the cacert.
+ * @return certificate, or NULL if not found
+ */
+ x509_t* (*get_ca_certificate) (credential_store_t *this, identification_t *id);
+
+ /**
+ * @brief Returns the ca certificate of a specific subject distinguished name.
+ *
+ * @param this calling object
+ * @param id certificate for which issuer cert is required
+ * @return certificate, or NULL if not found
+ */
+ x509_t* (*get_issuer_certificate) (credential_store_t *this, const x509_t* cert);
+
+ /**
* @brief Verify an X.509 certificate up to trust anchor including revocation checks
*
* @param this calling object
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index 16613a3c2..63a71944a 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -209,18 +209,19 @@ static status_t get_shared_key(private_local_credential_store_t *this,
* Implementation of credential_store_t.get_certificate.
*/
static x509_t* get_certificate(private_local_credential_store_t *this,
- identification_t * id)
+ identification_t *id)
{
- x509_t *found = NULL, *cert;
+ x509_t *found = NULL;
+ x509_t *current_cert;
iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
- while (iterator->iterate(iterator, (void**)&cert))
+ while (iterator->iterate(iterator, (void**)&current_cert))
{
- if (id->equals(id, cert->get_subject(cert)) ||
- cert->equals_subjectAltName(cert, id))
+ if (id->equals(id, current_cert->get_subject(current_cert)) ||
+ current_cert->equals_subjectAltName(current_cert, id))
{
- found = cert;
+ found = current_cert;
break;
}
}
@@ -320,25 +321,48 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ
}
/**
+ * Implementation of credential_store_t.get_ca_certificate.
+ */
+static x509_t* get_ca_certificate(private_local_credential_store_t *this,
+ identification_t *id)
+{
+ x509_t *found = NULL;
+ x509_t *current_cert;
+
+ iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
+ while (iterator->iterate(iterator, (void**)&current_cert))
+ {
+ if (id->equals(id, current_cert->get_subject(current_cert)))
+ {
+ found = current_cert;
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+
+ return found;
+}
+/**
* Implementation of credential_store_t.get_issuer_certificate.
*/
static x509_t* get_issuer_certificate(private_local_credential_store_t *this,
const x509_t *cert)
{
- x509_t *issuer_cert = NULL, *current_cert;;
+ x509_t *found = NULL;
+ x509_t *current_cert;
iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
while (iterator->iterate(iterator, (void**)&current_cert))
{
if (cert->is_issuer(cert, current_cert))
{
- issuer_cert = current_cert;
+ found = current_cert;
break;
}
}
iterator->destroy(iterator);
- return issuer_cert;
+ return found;
}
/**
@@ -1071,6 +1095,8 @@ local_credential_store_t * local_credential_store_create(bool strict)
this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key;
this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
+ this->public.credential_store.get_ca_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate;
+ this->public.credential_store.get_issuer_certificate = (x509_t* (*) (credential_store_t*,const x509_t*))get_issuer_certificate;
this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
this->public.credential_store.add_ca_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_ca_certificate;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 22:38:35 +0000