src/libcharon/plugins/certexpire/certexpire_listener.c

   1 /*
   2  * Copyright (C) 2011 Martin Willi
   3  *
   4  * Copyright (C) secunet Security Networks AG
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "certexpire_listener.h"
  18
  19 #include <daemon.h>
  20
  21 typedef struct private_certexpire_listener_t private_certexpire_listener_t;
  22
  23 /**
  24  * Private data of an certexpire_listener_t object.
  25  */
  26 struct private_certexpire_listener_t {
  27
  28         /**
  29          * Public certexpire_listener_t interface.
  30          */
  31         certexpire_listener_t public;
  32
  33         /**
  34          * Export facility
  35          */
  36         certexpire_export_t *export;
  37 };
  38
  39 METHOD(listener_t, authorize, bool,
  40         private_certexpire_listener_t *this, ike_sa_t *ike_sa,
  41         bool final, bool *success)
  42 {
  43         enumerator_t *rounds, *enumerator;
  44         certificate_t *cert, *ca = NULL;
  45         linked_list_t *trustchain;
  46         auth_cfg_t *auth;
  47         auth_rule_t rule;
  48
  49         /* Check all rounds in final hook, as local authentication data are
  50          * not completely available after round-invocation. */
  51         if (!final)
  52         {
  53                 return TRUE;
  54         }
  55
  56         /* collect local certificates */
  57         trustchain = linked_list_create();
  58         rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE);
  59         while (rounds->enumerate(rounds, &auth))
  60         {
  61                 cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
  62                 if (cert)
  63                 {
  64                         trustchain->insert_last(trustchain, cert);
  65
  66                         enumerator = auth->create_enumerator(auth);
  67                         while (enumerator->enumerate(enumerator, &rule, &cert))
  68                         {
  69                                 if (rule == AUTH_RULE_IM_CERT)
  70                                 {
  71                                         trustchain->insert_last(trustchain, cert);
  72                                 }
  73                                 if (rule == AUTH_RULE_CA_CERT)
  74                                 {
  75                                         /* the last CA cert is the one used in the trustchain.
  76                                          * Previous CA certificates have been received as cert
  77                                          * requests. */
  78                                         ca = cert;
  79                                 }
  80                         }
  81                         enumerator->destroy(enumerator);
  82                         if (ca)
  83                         {
  84                                 trustchain->insert_last(trustchain, ca);
  85                         }
  86                 }
  87         }
  88         rounds->destroy(rounds);
  89         this->export->add(this->export, trustchain, TRUE);
  90         trustchain->destroy(trustchain);
  91
  92         /* collect remote certificates */
  93         trustchain = linked_list_create();
  94         rounds = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
  95         while (rounds->enumerate(rounds, &auth))
  96         {
  97                 cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
  98                 if (cert)
  99                 {
 100                         trustchain->insert_last(trustchain, cert);
 101
 102                         enumerator = auth->create_enumerator(auth);
 103                         while (enumerator->enumerate(enumerator, &rule, &cert))
 104                         {
 105                                 if (rule == AUTH_RULE_IM_CERT)
 106                                 {
 107                                         trustchain->insert_last(trustchain, cert);
 108                                 }
 109                         }
 110                         enumerator->destroy(enumerator);
 111
 112                         cert = auth->get(auth, AUTH_RULE_CA_CERT);
 113                         if (cert)
 114                         {
 115                                 trustchain->insert_last(trustchain, cert);
 116                         }
 117                 }
 118         }
 119         rounds->destroy(rounds);
 120         this->export->add(this->export, trustchain, FALSE);
 121         trustchain->destroy(trustchain);
 122         return TRUE;
 123 }
 124
 125 METHOD(certexpire_listener_t, destroy, void,
 126         private_certexpire_listener_t *this)
 127 {
 128         free(this);
 129 }
 130
 131 /**
 132  * See header
 133  */
 134 certexpire_listener_t *certexpire_listener_create(certexpire_export_t *export)
 135 {
 136         private_certexpire_listener_t *this;
 137
 138         INIT(this,
 139                 .public = {
 140                         .listener = {
 141                                 .authorize = _authorize,
 142                         },
 143                         .destroy = _destroy,
 144                 },
 145                 .export = export,
 146         );
 147
 148         return &this->public;
 149 }