aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/x509')
-rw-r--r--src/libstrongswan/plugins/x509/ietf_attr_list.c12
-rw-r--r--src/libstrongswan/plugins/x509/ietf_attr_list.h4
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c82
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c178
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c64
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c66
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c68
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c2
8 files changed, 238 insertions, 238 deletions
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c
index 17f6949b2..97dca3123 100644
--- a/src/libstrongswan/plugins/x509/ietf_attr_list.c
+++ b/src/libstrongswan/plugins/x509/ietf_attr_list.c
@@ -1,4 +1,4 @@
-/*
+/*
* Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -52,7 +52,7 @@ struct ietfAttr_t {
/**
* Compares two ietfAttributes
- *
+ *
* return -1 if this is earlier in the alphabet than other
* return 0 if this equals other
* return +1 if this is later in the alphabet than other
@@ -64,7 +64,7 @@ struct ietfAttr_t {
/**
* Destroys the ietfAttr_t object.
- *
+ *
* @param this ietfAttr_t to destroy
*/
void (*destroy) (ietfAttr_t *this);
@@ -86,7 +86,7 @@ static int ietfAttr_compare(const ietfAttr_t *this ,const ietfAttr_t *other)
{
return 1;
}
-
+
cmp_len = this->value.len - other->value.len;
len = (cmp_len < 0)? this->value.len : other->value.len;
cmp_value = memcmp(this->value.ptr, other->value.ptr, len);
@@ -271,7 +271,7 @@ void ietfAttr_list_create_from_string(char *msg, linked_list_t *list)
if (group.len > 0)
{
ietfAttr_t *attr = ietfAttr_create(IETF_ATTRIBUTE_STRING, group);
-
+
ietfAttr_add(list, attr);
}
}
@@ -378,7 +378,7 @@ chunk_t ietfAttr_list_encode(linked_list_t *list)
ietfAttribute = asn1_simple_object(type, attr->value);
/* copy ietfAttribute into ietfAttributes chunk */
- memcpy(pos, ietfAttribute.ptr, ietfAttribute.len);
+ memcpy(pos, ietfAttribute.ptr, ietfAttribute.len);
pos += ietfAttribute.len;
free(ietfAttribute.ptr);
}
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h
index 5807a899e..124468bac 100644
--- a/src/libstrongswan/plugins/x509/ietf_attr_list.h
+++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h
@@ -31,7 +31,7 @@
*
* @param list_a first alphabetically-sorted list
* @param list_b second alphabetically-sorted list
- * @return TRUE if equal
+ * @return TRUE if equal
*/
bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b);
@@ -39,7 +39,7 @@ bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b);
* @brief Lists a linked list of ietfAttr_t objects
*
* @param list alphabetically-sorted linked list of attributes
- * @param out output file
+ * @param out output file
*/
void ietfAttr_list_list(linked_list_t *list, FILE *out);
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 1dfe1b80d..ebd6d8331 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -40,112 +40,112 @@ typedef struct private_x509_ac_t private_x509_ac_t;
* private data of x509_ac_t object
*/
struct private_x509_ac_t {
-
+
/**
* public functions
*/
x509_ac_t public;
-
+
/**
* X.509 attribute certificate encoding in ASN.1 DER format
*/
chunk_t encoding;
-
+
/**
* X.509 attribute certificate body over which signature is computed
*/
chunk_t certificateInfo;
-
+
/**
* Version of the X.509 attribute certificate
*/
u_int version;
-
+
/**
* Serial number of the X.509 attribute certificate
*/
chunk_t serialNumber;
-
+
/**
* ID representing the issuer of the holder certificate
*/
identification_t *holderIssuer;
-
+
/**
* Serial number of the holder certificate
*/
chunk_t holderSerial;
-
+
/**
* ID representing the holder
*/
identification_t *entityName;
-
+
/**
* ID representing the attribute certificate issuer
*/
identification_t *issuerName;
-
+
/**
* Start time of certificate validity
*/
time_t notBefore;
-
+
/**
* End time of certificate validity
*/
time_t notAfter;
-
+
/**
* List of charging attributes
*/
linked_list_t *charging;
-
+
/**
* List of groub attributes
*/
linked_list_t *groups;
-
+
/**
* Authority Key Identifier
*/
chunk_t authKeyIdentifier;
-
+
/**
* Authority Key Serial Number
*/
chunk_t authKeySerialNumber;
-
+
/**
* No revocation information available
*/
bool noRevAvail;
-
+
/**
* Signature algorithm
*/
int algorithm;
-
+
/**
* Signature
*/
chunk_t signature;
-
+
/**
* Holder certificate
*/
certificate_t *holderCert;
-
+
/**
* Signer certificate
*/
certificate_t *signerCert;
-
+
/**
* Signer private key;
*/
private_key_t *signerKey;
-
+
/**
* reference count
*/
@@ -573,7 +573,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
identification_t *issuer;
public_key_t *public;
x509_t *x509;
-
+
x509 = (x509_t*)this->signerCert;
issuer = this->signerCert->get_issuer(this->signerCert);
public = this->signerCert->get_public_key(this->signerCert);
@@ -733,7 +733,7 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
-
+
/* check if issuer is an X.509 AA certificate */
if (issuer->get_type(issuer) != CERT_X509)
{
@@ -743,22 +743,22 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
{
return FALSE;
}
-
+
/* get the public key of the issuer */
key = issuer->get_public_key(issuer);
-
+
/* compare keyIdentifiers if available, otherwise use DNs */
if (this->authKeyIdentifier.ptr && key)
{
chunk_t fingerprint;
-
+
if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) ||
!chunk_equals(fingerprint, this->authKeyIdentifier))
{
return FALSE;
}
}
- else
+ else
{
if (!this->issuerName->equals(this->issuerName,
issuer->get_subject(issuer)))
@@ -766,10 +766,10 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
return FALSE;
}
}
-
+
/* determine signature scheme */
scheme = signature_scheme_from_oid(this->algorithm);
-
+
if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
@@ -803,7 +803,7 @@ static bool get_validity(private_x509_ac_t *this, time_t *when,
time_t *not_before, time_t *not_after)
{
time_t t;
-
+
if (when)
{
t = *when;
@@ -841,7 +841,7 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that)
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
-
+
/**
* Implementation of certificate_t.get_encoding.
*/
@@ -857,14 +857,14 @@ static bool equals(private_x509_ac_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
-
+
if ((certificate_t*)this == other)
{
return TRUE;
}
if (other->equals == (void*)equals)
{ /* skip allocation if we have the same implementation */
- return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding);
+ return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding);
}
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
@@ -901,7 +901,7 @@ static void destroy(private_x509_ac_t *this)
static private_x509_ac_t *create_empty(void)
{
private_x509_ac_t *this = malloc_thing(private_x509_ac_t);
-
+
/* public functions */
this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial;
this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial;
@@ -972,9 +972,9 @@ struct private_builder_t {
static private_x509_ac_t* build(private_builder_t *this)
{
private_x509_ac_t *ac = this->ac;
-
+
free(this);
-
+
/* synthesis if encoding does not exist */
if (ac && ac->encoding.ptr == NULL)
{
@@ -1062,18 +1062,18 @@ static void add(private_builder_t *this, builder_part_t part, ...)
builder_t *x509_ac_builder(certificate_type_t type)
{
private_builder_t *this;
-
+
if (type != CERT_X509_AC)
{
return NULL;
}
-
+
this = malloc_thing(private_builder_t);
-
+
this->ac = create_empty();
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 65527523a..9d6e2be87 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -64,17 +64,17 @@ struct private_x509_cert_t {
* Public interface for this certificate.
*/
x509_cert_t public;
-
+
/**
* X.509 certificate encoding in ASN.1 DER format
*/
chunk_t encoding;
-
+
/**
* SHA1 hash of the DER encoding of this X.509 certificate
*/
chunk_t encoding_hash;
-
+
/**
* X.509 certificate body over which signature is computed
*/
@@ -84,87 +84,87 @@ struct private_x509_cert_t {
* Version of the X.509 certificate
*/
u_int version;
-
+
/**
* Serial number of the X.509 certificate
*/
chunk_t serialNumber;
-
+
/**
* ID representing the certificate issuer
*/
identification_t *issuer;
-
+
/**
* Start time of certificate validity
*/
time_t notBefore;
-
+
/**
* End time of certificate validity
*/
time_t notAfter;
-
+
/**
* ID representing the certificate subject
*/
identification_t *subject;
-
+
/**
* List of subjectAltNames as identification_t
*/
linked_list_t *subjectAltNames;
-
+
/**
* List of crlDistributionPoints as allocated char*
*/
linked_list_t *crl_uris;
-
+
/**
* List ocspAccessLocations as identification_t
*/
linked_list_t *ocsp_uris;
-
+
/**
* certificates embedded public key
*/
public_key_t *public_key;
-
+
/**
* Subject Key Identifier
*/
chunk_t subjectKeyID;
-
+
/**
* Authority Key Identifier
*/
chunk_t authKeyIdentifier;
-
+
/**
* Authority Key Serial Number
*/
chunk_t authKeySerialNumber;
-
+
/**
* x509 constraints and other flags
*/
x509_flag_t flags;
-
+
/**
* Signature algorithm
*/
int algorithm;
-
+
/**
* Signature
*/
chunk_t signature;
-
+
/**
* Certificate parsed from blob/file?
*/
bool parsed;
-
+
/**
* reference count
*/
@@ -177,7 +177,7 @@ static u_char ASN1_sAN_oid_buf[] = {
static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_sAN_oid_buf);
/**
- * ASN.1 definition of a basicConstraints extension
+ * ASN.1 definition of a basicConstraints extension
*/
static const asn1Object_t basicConstraintsObjects[] = {
{ 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
@@ -215,7 +215,7 @@ static bool parse_basicConstraints(chunk_t blob, int level0)
}
/**
- * ASN.1 definition of otherName
+ * ASN.1 definition of otherName
*/
static const asn1Object_t otherNameObjects[] = {
{0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
@@ -261,14 +261,14 @@ static bool parse_otherName(chunk_t blob, int level0)
}
}
success = parser->success(parser);
-
+
end:
parser->destroy(parser);
return success;
}
/**
- * ASN.1 definition of generalName
+ * ASN.1 definition of generalName
*/
static const asn1Object_t generalNameObjects[] = {
{ 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
@@ -309,16 +309,16 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
asn1_parser_t *parser;
chunk_t object;
int objectID ;
-
+
identification_t *gn = NULL;
-
+
parser = asn1_parser_create(generalNameObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
id_type_t id_type = ID_ANY;
-
+
switch (objectID)
{
case GN_OBJ_RFC822_NAME:
@@ -355,14 +355,14 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
goto end;
}
}
-
+
end:
parser->destroy(parser);
return gn;
}
/**
- * ASN.1 definition of generalNames
+ * ASN.1 definition of generalNames
*/
static const asn1Object_t generalNamesObjects[] = {
{ 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
@@ -380,18 +380,18 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis
asn1_parser_t *parser;
chunk_t object;
int objectID;
-
+
parser = asn1_parser_create(generalNamesObjects, blob);
parser->set_top_level(parser, level0);
parser->set_flags(parser, implicit, FALSE);
-
+
while (parser->iterate(parser, &objectID, &object))
{
if (objectID == GENERAL_NAMES_GN)
{
identification_t *gn = parse_generalName(object,
parser->get_level(parser)+1);
-
+
if (gn)
{
list->insert_last(list, (void *)gn);
@@ -402,7 +402,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis
}
/**
- * ASN.1 definition of a authorityKeyIdentifier extension
+ * ASN.1 definition of a authorityKeyIdentifier extension
*/
static const asn1Object_t authKeyIdentifierObjects[] = {
{ 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
@@ -428,15 +428,15 @@ chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
chunk_t object;
int objectID;
chunk_t authKeyIdentifier = chunk_empty;
-
+
*authKeySerialNumber = chunk_empty;
-
+
parser = asn1_parser_create(authKeyIdentifierObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
- switch (objectID)
+ switch (objectID)
{
case AUTH_KEY_ID_KEY_ID:
authKeyIdentifier = chunk_clone(object);
@@ -456,7 +456,7 @@ chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0,
}
/**
- * ASN.1 definition of a authorityInfoAccess extension
+ * ASN.1 definition of a authorityInfoAccess extension
*/
static const asn1Object_t authInfoAccessObjects[] = {
{ 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
@@ -479,13 +479,13 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
chunk_t object;
int objectID;
int accessMethod = OID_UNKNOWN;
-
+
parser = asn1_parser_create(authInfoAccessObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
- switch (objectID)
+ switch (objectID)
{
case AUTH_INFO_ACCESS_METHOD:
accessMethod = asn1_known_oid(object);
@@ -499,7 +499,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
{
identification_t *id;
char *uri;
-
+
id = parse_generalName(object,
parser->get_level(parser)+1);
if (id == NULL)
@@ -526,7 +526,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
break;
}
}
-
+
end:
parser->destroy(parser);
}
@@ -551,13 +551,13 @@ static bool parse_extendedKeyUsage(chunk_t blob, int level0)
chunk_t object;
int objectID;
bool ocsp_signing = FALSE;
-
+
parser = asn1_parser_create(extendedKeyUsageObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
- if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
+ if (objectID == EXT_KEY_USAGE_PURPOSE_ID &&
asn1_known_oid(object) == OID_OCSP_SIGNING)
{
ocsp_signing = TRUE;
@@ -598,24 +598,24 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0,
chunk_t object;
int objectID;
linked_list_t *list = linked_list_create();
-
+
parser = asn1_parser_create(crlDistributionPointsObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
if (objectID == CRL_DIST_POINTS_FULLNAME)
{
identification_t *id;
-
+
/* append extracted generalNames to existing chained list */
x509_parse_generalNames(object, parser->get_level(parser)+1,
TRUE, list);
-
+
while (list->remove_last(list, (void**)&id) == SUCCESS)
{
char *uri;
-
+
if (asprintf(&uri, "%Y", id) > 0)
{
this->crl_uris->insert_last(this->crl_uris, uri);
@@ -687,13 +687,13 @@ static bool parse_certificate(private_x509_cert_t *this)
int sig_alg = OID_UNKNOWN;
bool success = FALSE;
bool critical;
-
+
parser = asn1_parser_create(certObjects, this->encoding);
-
+
while (parser->iterate(parser, &objectID, &object))
{
u_int level = parser->get_level(parser)+1;
-
+
switch (objectID)
{
case X509_OBJ_TBS_CERTIFICATE:
@@ -780,7 +780,7 @@ static bool parse_certificate(private_x509_cert_t *this)
case OID_NS_CA_REVOCATION_URL:
case OID_NS_CA_POLICY_URL:
case OID_NS_COMMENT:
- if (!asn1_parse_simple_object(&object, ASN1_IA5STRING,
+ if (!asn1_parse_simple_object(&object, ASN1_IA5STRING,
level, oid_names[extn_oid].name))
{
goto end;
@@ -807,7 +807,7 @@ static bool parse_certificate(private_x509_cert_t *this)
}
}
success = parser->success(parser);
-
+
end:
parser->destroy(parser);
return success;
@@ -845,7 +845,7 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
-
+
if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID)
{
if (chunk_equals(this->encoding_hash, subject->get_encoding(subject)))
@@ -853,7 +853,7 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje
return ID_MATCH_PERFECT;
}
}
-
+
best = this->subject->matches(this->subject, subject);
enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
while (enumerator->enumerate(enumerator, &current))
@@ -886,7 +886,7 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer)
signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
-
+
if (&this->public.interface.interface == issuer)
{
if (this->flags & X509_SELF_SIGNED)
@@ -959,7 +959,7 @@ static bool get_validity(private_x509_cert_t *this, time_t *when,
time_t *not_before, time_t *not_after)
{
time_t t;
-
+
if (when)
{
t = *when;
@@ -986,7 +986,7 @@ static bool is_newer(certificate_t *this, certificate_t *that)
{
time_t this_update, that_update, now = time(NULL);
bool new;
-
+
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
@@ -995,7 +995,7 @@ static bool is_newer(certificate_t *this, certificate_t *that)
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
-
+
/**
* Implementation of certificate_t.get_encoding.
*/
@@ -1011,7 +1011,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
-
+
if (this == (private_x509_cert_t*)other)
{
return TRUE;
@@ -1022,7 +1022,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other)
}
if (other->equals == (void*)equals)
{ /* skip allocation if we have the same implementation */
- return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding);
+ return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding);
}
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
@@ -1103,7 +1103,7 @@ static void destroy(private_x509_cert_t *this)
static private_x509_cert_t* create_empty(void)
{
private_x509_cert_t *this = malloc_thing(private_x509_cert_t);
-
+
this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer;
@@ -1123,12 +1123,12 @@ static private_x509_cert_t* create_empty(void)
this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator;
this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator;
this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator;
-
+
this->encoding = chunk_empty;
this->encoding_hash = chunk_empty;
this->tbsCertificate = chunk_empty;
this->version = 3;
- this->serialNumber = chunk_empty;
+ this->serialNumber = chunk_empty;
this->notBefore = 0;
this->notAfter = 0;
this->public_key = NULL;
@@ -1145,7 +1145,7 @@ static private_x509_cert_t* create_empty(void)
this->flags = 0;
this->ref = 1;
this->parsed = FALSE;
-
+
return this;
}
@@ -1156,7 +1156,7 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
{
hasher_t *hasher;
private_x509_cert_t *this = create_empty();
-
+
this->encoding = chunk;
this->parsed = TRUE;
if (!parse_certificate(this))
@@ -1164,23 +1164,23 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
destroy(this);
return NULL;
}
-
+
/* check if the certificate is self-signed */
if (issued_by(this, &this->public.interface.interface))
{
this->flags |= X509_SELF_SIGNED;
}
-
+
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1(" unable to create hash of certificate, SHA1 not supported");
+ DBG1(" unable to create hash of certificate, SHA1 not supported");
destroy(this);
- return NULL;
+ return NULL;
}
hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
hasher->destroy(hasher);
-
+
return this;
}
@@ -1213,7 +1213,7 @@ static bool generate(private_builder_t *this)
chunk_t key_info;
signature_scheme_t scheme;
hasher_t *hasher;
-
+
subject = this->cert->subject;
if (this->sign_cert)
{
@@ -1242,7 +1242,7 @@ static bool generate(private_builder_t *this)
this->cert->notAfter = this->cert->notBefore + 60 * 60 * 24 * 365;
}
this->cert->flags = this->flags;
-
+
/* select signature scheme */
switch (this->sign_key->get_type(this->sign_key))
{
@@ -1304,8 +1304,8 @@ static bool generate(private_builder_t *this)
{
/* TODO: encode subjectAltNames */
}
-
- this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm",
+
+ this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm",
asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
asn1_integer("c", this->cert->serialNumber),
asn1_algorithmIdentifier(this->cert->algorithm),
@@ -1315,8 +1315,8 @@ static bool generate(private_builder_t *this)
asn1_from_time(&this->cert->notAfter, ASN1_UTCTIME)),
subject->get_encoding(subject),
key_info, extensions);
-
- if (!this->sign_key->sign(this->sign_key, scheme,
+
+ if (!this->sign_key->sign(this->sign_key, scheme,
this->cert->tbsCertificate, &this->cert->signature))
{
return FALSE;
@@ -1325,7 +1325,7 @@ static bool generate(private_builder_t *this)
this->cert->tbsCertificate,
asn1_algorithmIdentifier(this->cert->algorithm),
asn1_bitstring("c", this->cert->signature));
-
+
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
{
@@ -1343,7 +1343,7 @@ static bool generate(private_builder_t *this)
static private_x509_cert_t *build(private_builder_t *this)
{
private_x509_cert_t *cert;
-
+
if (this->cert)
{
this->cert->flags |= this->flags;
@@ -1370,7 +1370,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
va_list args;
chunk_t chunk;
bool handled = TRUE;
-
+
va_start(args, part);
switch (part)
{
@@ -1401,7 +1401,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
va_end(args);
return;
}
-
+
switch (part)
{
case BUILD_PUBLIC_KEY:
@@ -1456,14 +1456,14 @@ static void add(private_builder_t *this, builder_part_t part, ...)
builder_t *x509_cert_builder(certificate_type_t type)
{
private_builder_t *this;
-
+
if (type != CERT_X509)
{
return NULL;
}
-
+
this = malloc_thing(private_builder_t);
-
+
this->cert = NULL;
this->flags = 0;
this->sign_cert = NULL;
@@ -1471,7 +1471,7 @@ builder_t *x509_cert_builder(certificate_type_t type)
this->digest_alg = HASH_SHA1;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 8df0e2f75..e826f34f9 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -36,12 +36,12 @@ struct revoked_t {
* serial of the revoked certificate
*/
chunk_t serial;
-
+
/**
* date of revocation
*/
time_t date;
-
+
/**
* reason for revocation
*/
@@ -57,7 +57,7 @@ struct private_x509_crl_t {
* public functions
*/
x509_crl_t public;
-
+
/**
* X.509 crl encoding in ASN.1 DER format
*/
@@ -72,12 +72,12 @@ struct private_x509_crl_t {
* Version of the X.509 crl
*/
u_int version;
-
+
/**
* ID representing the crl issuer
*/
identification_t *issuer;
-
+
/**
* CRL number
*/
@@ -97,7 +97,7 @@ struct private_x509_crl_t {
* list of revoked certificates as revoked_t
*/
linked_list_t *revoked;
-
+
/**
* Authority Key Identifier
*/
@@ -107,17 +107,17 @@ struct private_x509_crl_t {
* Authority Key Serial Number
*/
chunk_t authKeySerialNumber;
-
+
/**
* Signature algorithm
*/
int algorithm;
-
+
/**
* Signature
*/
chunk_t signature;
-
+
/**
* reference counter
*/
@@ -128,7 +128,7 @@ struct private_x509_crl_t {
* from x509_cert
*/
extern chunk_t x509_parse_authorityKeyIdentifier(
- chunk_t blob, int level0,
+ chunk_t blob, int level0,
chunk_t *authKeySerialNumber);
/**
@@ -140,7 +140,7 @@ static const asn1Object_t crlObjects[] = {
{ 2, "version", ASN1_INTEGER, ASN1_OPT |
ASN1_BODY }, /* 2 */
{ 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
- { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */
+ { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */
{ 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */
{ 2, "thisUpdate", ASN1_EOC, ASN1_RAW }, /* 6 */
{ 2, "nextUpdate", ASN1_EOC, ASN1_RAW }, /* 7 */
@@ -348,7 +348,7 @@ static chunk_t get_authKeyIdentifier(private_x509_crl_t *this)
static enumerator_t* create_enumerator(private_x509_crl_t *this)
{
return enumerator_create_filter(
- this->revoked->create_enumerator(this->revoked),
+ this->revoked->create_enumerator(this->revoked),
(void*)filter, NULL, NULL);
}
@@ -390,7 +390,7 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer)
signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
-
+
/* check if issuer is an X.509 CA certificate */
if (issuer->get_type(issuer) != CERT_X509)
{
@@ -408,24 +408,24 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer)
if (this->authKeyIdentifier.ptr && key)
{
chunk_t fingerprint;
-
+
if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) ||
!chunk_equals(fingerprint, this->authKeyIdentifier))
{
return FALSE;
}
}
- else
+ else
{
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
{
return FALSE;
}
}
-
+
/* determine signature scheme */
scheme = signature_scheme_from_oid(this->algorithm);
-
+
if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
@@ -459,7 +459,7 @@ static bool get_validity(private_x509_crl_t *this, time_t *when,
time_t *not_before, time_t *not_after)
{
time_t t;
-
+
if (when)
{
t = *when;
@@ -486,7 +486,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
{
chunk_t that_crlNumber = that->get_serial(that);
bool new;
-
+
/* compare crlNumbers if available - otherwise use thisUpdate */
if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL)
{
@@ -495,7 +495,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
&this->crlNumber, new ? "newer":"not newer",
&that_crlNumber, new ? "replaced":"retained");
}
- else
+ else
{
certificate_t *this_cert = &this->public.crl.certificate;
certificate_t *that_cert = &that->certificate;
@@ -511,7 +511,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
}
return new;
}
-
+
/**
* Implementation of certificate_t.get_encoding.
*/
@@ -527,14 +527,14 @@ static bool equals(private_x509_crl_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
-
+
if ((certificate_t*)this == other)
{
return TRUE;
}
if (other->equals == (void*)equals)
{ /* skip allocation if we have the same implementation */
- return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding);
+ return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding);
}
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
@@ -563,7 +563,7 @@ static void destroy(private_x509_crl_t *this)
static private_x509_crl_t* create_empty(void)
{
private_x509_crl_t *this = malloc_thing(private_x509_crl_t);
-
+
this->public.crl.get_serial = (chunk_t (*)(crl_t*))get_serial;
this->public.crl.get_authKeyIdentifier = (chunk_t (*)(crl_t*))get_authKeyIdentifier;
this->public.crl.create_enumerator = (enumerator_t* (*)(crl_t*))create_enumerator;
@@ -580,7 +580,7 @@ static private_x509_crl_t* create_empty(void)
this->public.crl.certificate.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
this->public.crl.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.crl.certificate.destroy = (void (*)(certificate_t *this))destroy;
-
+
this->encoding = chunk_empty;
this->tbsCertList = chunk_empty;
this->issuer = NULL;
@@ -589,7 +589,7 @@ static private_x509_crl_t* create_empty(void)
this->authKeyIdentifier = chunk_empty;
this->authKeySerialNumber = chunk_empty;
this->ref = 1;
-
+
return this;
}
@@ -610,7 +610,7 @@ struct private_builder_t {
static private_x509_crl_t *build(private_builder_t *this)
{
private_x509_crl_t *crl = NULL;
-
+
if (this->blob.len && this->blob.ptr)
{
crl = create_empty();
@@ -631,7 +631,7 @@ static private_x509_crl_t *build(private_builder_t *this)
static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
-
+
switch (part)
{
case BUILD_BLOB_ASN1_DER:
@@ -653,18 +653,18 @@ static void add(private_builder_t *this, builder_part_t part, ...)
builder_t *x509_crl_builder(certificate_type_t type)
{
private_builder_t *this;
-
+
if (type != CERT_X509_CRL)
{
return NULL;
}
this = malloc_thing(private_builder_t);
-
+
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
-
+
this->blob = chunk_empty;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index e772b9720..76f82a4d4 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -39,12 +39,12 @@ struct private_x509_ocsp_request_t {
* public functions
*/
x509_ocsp_request_t public;
-
+
/**
* CA the candidates belong to
*/
x509_t *ca;
-
+
/**
* Requestor name, subject of cert used if not set
*/
@@ -54,27 +54,27 @@ struct private_x509_ocsp_request_t {
* Requestor certificate, included in request
*/
certificate_t *cert;
-
+
/**
* Requestor private key to sign request
*/
private_key_t *key;
-
+
/**
* list of certificates to check, x509_t
*/
linked_list_t *candidates;
-
+
/**
* nonce used in request
*/
chunk_t nonce;
-
+
/**
* encoded OCSP request
*/
chunk_t encoding;
-
+
/**
* reference count
*/
@@ -120,7 +120,7 @@ static chunk_t build_requestorName(private_x509_ocsp_request_t *this)
return asn1_wrap(ASN1_CONTEXT_C_1, "m",
asn1_simple_object(ASN1_CONTEXT_C_4,
this->requestor->get_encoding(this->requestor)));
-
+
}
return chunk_empty;
}
@@ -151,7 +151,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
certificate_t *cert;
chunk_t list = chunk_empty;
public_key_t *public;
-
+
cert = (certificate_t*)this->ca;
public = cert->get_public_key(cert);
if (public)
@@ -163,17 +163,17 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
&issuerKeyHash))
{
enumerator_t *enumerator;
-
+
issuer = cert->get_subject(cert);
hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
&issuerNameHash);
hasher->destroy(hasher);
-
+
enumerator = this->candidates->create_enumerator(this->candidates);
while (enumerator->enumerate(enumerator, &x509))
{
chunk_t request, serialNumber;
-
+
serialNumber = x509->get_serial(x509);
request = build_Request(this, issuerNameHash, issuerKeyHash,
serialNumber);
@@ -202,7 +202,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
static chunk_t build_nonce(private_x509_ocsp_request_t *this)
{
rng_t *rng;
-
+
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (rng)
{
@@ -256,7 +256,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
int oid;
signature_scheme_t scheme;
chunk_t certs, signature;
-
+
switch (this->key->get_type(this->key))
{
/* TODO: use a generic mapping function */
@@ -273,7 +273,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
key_type_names, this->key->get_type(this->key));
return chunk_empty;
}
-
+
if (!this->key->sign(this->key, scheme, tbsRequest, &signature))
{
DBG1("creating OCSP signature failed, skipped");
@@ -286,7 +286,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
this->cert->get_encoding(this->cert)));
}
return asn1_wrap(ASN1_CONTEXT_C_0, "m",
- asn1_wrap(ASN1_SEQUENCE, "cmm",
+ asn1_wrap(ASN1_SEQUENCE, "cmm",
asn1_algorithmIdentifier(oid),
asn1_bitstring("m", signature),
certs));
@@ -299,7 +299,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
static chunk_t build_OCSPRequest(private_x509_ocsp_request_t *this)
{
chunk_t tbsRequest, optionalSignature = chunk_empty;
-
+
tbsRequest = build_tbsRequest(this);
if (this->key)
{
@@ -323,7 +323,7 @@ static certificate_type_t get_type(private_x509_ocsp_request_t *this)
static identification_t* get_subject(private_x509_ocsp_request_t *this)
{
certificate_t *ca = (certificate_t*)this->ca;
-
+
if (this->requestor)
{
return this->requestor;
@@ -341,7 +341,7 @@ static identification_t* get_subject(private_x509_ocsp_request_t *this)
static identification_t* get_issuer(private_x509_ocsp_request_t *this)
{
certificate_t *ca = (certificate_t*)this->ca;
-
+
return ca->get_subject(ca);
}
@@ -361,11 +361,11 @@ static id_match_t has_subject(private_x509_ocsp_request_t *this,
match = current->has_subject(current, subject);
if (match > best)
{
- best = match;
+ best = match;
}
}
enumerator->destroy(enumerator);
- return best;
+ return best;
}
/**
@@ -414,7 +414,7 @@ static bool get_validity(private_x509_ocsp_request_t *this, time_t *when,
}
return cert->get_validity(cert, when, not_before, not_after);
}
-
+
/**
* Implementation of certificate_t.get_encoding.
*/
@@ -430,7 +430,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
-
+
if (this == (private_x509_ocsp_request_t*)other)
{
return TRUE;
@@ -441,7 +441,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
}
if (other->equals == (void*)equals)
{ /* skip allocation if we have the same implementation */
- return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding);
+ return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding);
}
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
@@ -482,7 +482,7 @@ static void destroy(private_x509_ocsp_request_t *this)
static private_x509_ocsp_request_t *create_empty()
{
private_x509_ocsp_request_t *this = malloc_thing(private_x509_ocsp_request_t);
-
+
this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
@@ -495,7 +495,7 @@ static private_x509_ocsp_request_t *create_empty()
this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
-
+
this->ca = NULL;
this->requestor = NULL;
this->cert = NULL;
@@ -504,7 +504,7 @@ static private_x509_ocsp_request_t *create_empty()
this->encoding = chunk_empty;
this->candidates = linked_list_create();
this->ref = 1;
-
+
return this;
}
@@ -525,7 +525,7 @@ struct private_builder_t {
static x509_ocsp_request_t *build(private_builder_t *this)
{
private_x509_ocsp_request_t *req;
-
+
req = this->req;
free(this);
if (req->ca)
@@ -546,7 +546,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
certificate_t *cert;
identification_t *subject;
private_key_t *private;
-
+
va_start(args, part);
switch (part)
{
@@ -595,18 +595,18 @@ static void add(private_builder_t *this, builder_part_t part, ...)
builder_t *x509_ocsp_request_builder(certificate_type_t type)
{
private_builder_t *this;
-
+
if (type != CERT_X509_OCSP_REQUEST)
{
return NULL;
}
-
+
this = malloc_thing(private_builder_t);
-
+
this->req = create_empty();
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 1472d3d7f..4e2336a09 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -45,42 +45,42 @@ struct private_x509_ocsp_response_t {
* Public interface for this ocsp object.
*/
x509_ocsp_response_t public;
-
+
/**
* complete encoded OCSP response
*/
chunk_t encoding;
-
+
/**
* data for signature verficiation
*/
chunk_t tbsResponseData;
-
+
/**
* signature algorithm (OID)
*/
int signatureAlgorithm;
-
+
/**
* signature
*/
chunk_t signature;
-
+
/**
* name or keyid of the responder
*/
identification_t *responderId;
-
+
/**
* time of response production
*/
time_t producedAt;
-
+
/**
* latest nextUpdate in this OCSP response
*/
time_t usableUntil;
-
+
/**
* list of included certificates
*/
@@ -95,7 +95,7 @@ struct private_x509_ocsp_response_t {
* Nonce required for ocsp request and response
*/
chunk_t nonce;
-
+
/**
* reference counter
*/
@@ -167,7 +167,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
single_response_t *response;
cert_validation_t status = VALIDATION_FAILED;
certificate_t *issuercert = &issuer->interface;
-
+
enumerator = this->responses->create_enumerator(this->responses);
while (enumerator->enumerate(enumerator, &response))
{
@@ -175,7 +175,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
identification_t *id;
key_encoding_type_t type;
chunk_t hash, fingerprint;
-
+
/* check serial first, is cheaper */
if (!chunk_equals(subject->get_serial(subject), response->serialNumber))
{
@@ -185,7 +185,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
if (response->issuerKeyHash.ptr)
{
public_key_t *public;
-
+
public = issuercert->get_public_key(issuercert);
if (!public)
{
@@ -211,7 +211,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
/* check issuerNameHash, if available */
else if (response->issuerNameHash.ptr)
{
- hasher = lib->crypto->create_hasher(lib->crypto,
+ hasher = lib->crypto->create_hasher(lib->crypto,
hasher_algorithm_from_oid(response->hashAlgorithm));
if (!hasher)
{
@@ -235,7 +235,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
*revocation_reason = response->revocationReason;
*this_update = response->thisUpdate;
*next_update = response->nextUpdate;
-
+
break;
}
enumerator->destroy(enumerator);
@@ -312,7 +312,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this,
bool success = FALSE;
single_response_t *response;
-
+
response = malloc_thing(single_response_t);
response->hashAlgorithm = OID_UNKNOWN;
response->issuerNameHash = chunk_empty;
@@ -402,14 +402,14 @@ static const asn1Object_t responsesObjects[] = {
/**
* Parse all responses
*/
-static bool parse_responses(private_x509_ocsp_response_t *this,
+static bool parse_responses(private_x509_ocsp_response_t *this,
chunk_t blob, int level0)
{
asn1_parser_t *parser;
chunk_t object;
int objectID;
bool success = FALSE;
-
+
parser = asn1_parser_create(responsesObjects, blob);
parser->set_top_level(parser, level0);
@@ -486,7 +486,7 @@ static const asn1Object_t basicResponseObjects[] = {
/**
* Parse a basicOCSPResponse
*/
-static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
+static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
chunk_t blob, int level0)
{
asn1_parser_t *parser;
@@ -498,7 +498,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
certificate_t *cert;
bool success = FALSE;
bool critical;
-
+
parser = asn1_parser_create(basicResponseObjects, blob);
parser->set_top_level(parser, level0);
@@ -691,7 +691,7 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
signature_scheme_t scheme;
bool valid;
x509_t *x509 = (x509_t*)issuer;
-
+
if (issuer->get_type(issuer) != CERT_X509)
{
return FALSE;
@@ -699,7 +699,7 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
if (this->responderId->get_type(this->responderId) == ID_KEY_ID)
{
chunk_t fingerprint;
-
+
key = issuer->get_public_key(issuer);
if (!key ||
!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) ||
@@ -711,7 +711,7 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
}
key->destroy(key);
}
- else
+ else
{
if (!this->responderId->equals(this->responderId,
issuer->get_subject(issuer)))
@@ -791,7 +791,7 @@ static bool is_newer(certificate_t *this, certificate_t *that)
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
-
+
/**
* Implementation of certificate_t.get_encoding.
*/
@@ -807,7 +807,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
-
+
if (this == (private_x509_ocsp_response_t*)other)
{
return TRUE;
@@ -818,7 +818,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
}
if (other->equals == (void*)equals)
{ /* skip allocation if we have the same implementation */
- return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding);
+ return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding);
}
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
@@ -856,9 +856,9 @@ static void destroy(private_x509_ocsp_response_t *this)
static x509_ocsp_response_t *load(chunk_t data)
{
private_x509_ocsp_response_t *this;
-
+
this = malloc_thing(private_x509_ocsp_response_t);
-
+
this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer;
this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
@@ -874,7 +874,7 @@ static x509_ocsp_response_t *load(chunk_t data)
this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy;
this->public.interface.get_status = (cert_validation_t(*)(ocsp_response_t*, x509_t *subject, x509_t *issuer, time_t *revocation_time,crl_reason_t *revocation_reason,time_t *this_update, time_t *next_update))get_status;
this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator;
-
+
this->ref = 1;
this->encoding = data;
this->tbsResponseData = chunk_empty;
@@ -913,7 +913,7 @@ struct private_builder_t {
static x509_ocsp_response_t *build(private_builder_t *this)
{
x509_ocsp_response_t *res = this->res;
-
+
free(this);
return res;
}
@@ -927,7 +927,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
chunk_t chunk;
-
+
switch (part)
{
case BUILD_BLOB_ASN1_DER:
@@ -955,18 +955,18 @@ static void add(private_builder_t *this, builder_part_t part, ...)
builder_t *x509_ocsp_response_builder(certificate_type_t type)
{
private_builder_t *this;
-
+
if (type != CERT_X509_OCSP_RESPONSE)
{
return NULL;
}
-
+
this = malloc_thing(private_builder_t);
-
+
this->res = NULL;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 9ed7f95bd..b7e8b5bd3 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -59,7 +59,7 @@ static void destroy(private_x509_plugin_t *this)
plugin_t *plugin_create()
{
private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t);
-
+
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,