2 * Copyright (C) 2011 Martin Willi
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include "certexpire_listener.h"
21 typedef struct private_certexpire_listener_t private_certexpire_listener_t
;
24 * Private data of an certexpire_listener_t object.
26 struct private_certexpire_listener_t
{
29 * Public certexpire_listener_t interface.
31 certexpire_listener_t
public;
36 certexpire_export_t
*export
;
39 METHOD(listener_t
, authorize
, bool,
40 private_certexpire_listener_t
*this, ike_sa_t
*ike_sa
,
41 bool final
, bool *success
)
43 enumerator_t
*rounds
, *enumerator
;
44 certificate_t
*cert
, *ca
= NULL
;
45 linked_list_t
*trustchain
;
49 /* Check all rounds in final hook, as local authentication data are
50 * not completely available after round-invocation. */
56 /* collect local certificates */
57 trustchain
= linked_list_create();
58 rounds
= ike_sa
->create_auth_cfg_enumerator(ike_sa
, TRUE
);
59 while (rounds
->enumerate(rounds
, &auth
))
61 cert
= auth
->get(auth
, AUTH_RULE_SUBJECT_CERT
);
64 trustchain
->insert_last(trustchain
, cert
);
66 enumerator
= auth
->create_enumerator(auth
);
67 while (enumerator
->enumerate(enumerator
, &rule
, &cert
))
69 if (rule
== AUTH_RULE_IM_CERT
)
71 trustchain
->insert_last(trustchain
, cert
);
73 if (rule
== AUTH_RULE_CA_CERT
)
75 /* the last CA cert is the one used in the trustchain.
76 * Previous CA certificates have been received as cert
81 enumerator
->destroy(enumerator
);
84 trustchain
->insert_last(trustchain
, ca
);
88 rounds
->destroy(rounds
);
89 this->export
->add(this->export
, trustchain
, TRUE
);
90 trustchain
->destroy(trustchain
);
92 /* collect remote certificates */
93 trustchain
= linked_list_create();
94 rounds
= ike_sa
->create_auth_cfg_enumerator(ike_sa
, FALSE
);
95 while (rounds
->enumerate(rounds
, &auth
))
97 cert
= auth
->get(auth
, AUTH_RULE_SUBJECT_CERT
);
100 trustchain
->insert_last(trustchain
, cert
);
102 enumerator
= auth
->create_enumerator(auth
);
103 while (enumerator
->enumerate(enumerator
, &rule
, &cert
))
105 if (rule
== AUTH_RULE_IM_CERT
)
107 trustchain
->insert_last(trustchain
, cert
);
110 enumerator
->destroy(enumerator
);
112 cert
= auth
->get(auth
, AUTH_RULE_CA_CERT
);
115 trustchain
->insert_last(trustchain
, cert
);
119 rounds
->destroy(rounds
);
120 this->export
->add(this->export
, trustchain
, FALSE
);
121 trustchain
->destroy(trustchain
);
125 METHOD(certexpire_listener_t
, destroy
, void,
126 private_certexpire_listener_t
*this)
134 certexpire_listener_t
*certexpire_listener_create(certexpire_export_t
*export
)
136 private_certexpire_listener_t
*this;
141 .authorize
= _authorize
,
148 return &this->public;