]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/credentials/certificates/certificate.c
2 * Copyright (C) 2020 Tobias Brunner
3 * Copyright (C) 2007 Martin Willi
4 * Copyright (C) 2015 Andreas Steffen
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 #include "certificate.h"
21 #include <utils/debug.h>
22 #include <credentials/certificates/x509.h>
24 ENUM(certificate_type_names
, CERT_ANY
, CERT_GPG
,
36 ENUM(cert_validation_names
, VALIDATION_GOOD
, VALIDATION_REVOKED
,
48 bool certificate_is_newer(certificate_t
*this, certificate_t
*other
)
50 time_t this_update
, that_update
;
51 char *type
= "certificate";
54 if (this->get_type(this) == CERT_X509_CRL
)
58 this->get_validity(this, NULL
, &this_update
, NULL
);
59 other
->get_validity(other
, NULL
, &that_update
, NULL
);
60 newer
= this_update
> that_update
;
61 DBG1(DBG_LIB
, " %s from %T is %s - existing %s from %T %s",
62 type
, &this_update
, FALSE
, newer
? "newer" : "not newer",
63 type
, &that_update
, FALSE
, newer
? "replaced" : "retained");
70 bool certificate_matches(certificate_t
*cert
, certificate_type_t type
,
71 key_type_t key
, identification_t
*id
)
75 if (type
!= CERT_ANY
&& type
!= cert
->get_type(cert
))
79 public = cert
->get_public_key(cert
);
82 if (key
== KEY_ANY
|| key
== public->get_type(public))
84 if (id
&& public->has_fingerprint(public, id
->get_encoding(id
)))
86 public->destroy(public);
92 public->destroy(public);
95 public->destroy(public);
97 else if (key
!= KEY_ANY
)
101 return !id
|| cert
->has_subject(cert
, id
);