debug.c debug.h \
enum.c enum.h \
printf_hook.c printf_hook.h \
-asn1/oid.c asn1/oid.h \
asn1/asn1.c asn1/asn1.h \
+asn1/oid.c asn1/oid.h \
asn1/pem.c asn1/pem.h \
asn1/ttodata.c asn1/ttodata.h \
-crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
-crypto/rsa/rsa_public_key.h crypto/rsa/rsa_public_key.c \
-crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
-crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
-crypto/prfs/prf.c crypto/prfs/prf.h \
-crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
-crypto/signers/signer.c crypto/signers/signer.h \
+crypto/ca.c crypto/ca.h \
+crypto/certinfo.c crypto/certinfo.h \
+crypto/crl.c crypto/crl.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
crypto/crypters/aes_cbc_crypter.c crypto/crypters/aes_cbc_crypter.h\
crypto/crypters/des_crypter.c crypto/crypters/des_crypter.h\
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c \
crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
crypto/hashers/md5_hasher.c crypto/hashers/md5_hasher.h \
-crypto/prf_plus.h crypto/prf_plus.c \
crypto/hmac.c crypto/hmac.h \
-crypto/certinfo.c crypto/certinfo.h \
+crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
+crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
+crypto/prfs/prf.c crypto/prfs/prf.h \
+crypto/prf_plus.h crypto/prf_plus.c \
+crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
+crypto/rsa/rsa_public_key.h crypto/rsa/rsa_public_key.c \
+crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
+crypto/signers/signer.c crypto/signers/signer.h \
crypto/x509.c crypto/x509.h \
-crypto/crl.c crypto/crl.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
-utils/identification.c utils/identification.h \
-utils/linked_list.c utils/linked_list.h utils/iterator.h\
-utils/randomizer.c utils/randomizer.h \
utils/host.c utils/host.h \
+utils/identification.c utils/identification.h \
+utils/iterator.h \
+utils/leak_detective.c utils/leak_detective.h \
utils/lexparser.c utils/lexparser.h \
-utils/leak_detective.c utils/leak_detective.h
+utils/linked_list.c utils/linked_list.h \
+utils/randomizer.c utils/randomizer.h
libstrongswan_la_LIBADD = -lgmp -lpthread
--- /dev/null
+/**
+ * @file ca.c
+ *
+ * @brief Implementation of ca_info_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <sys/stat.h>
+#include <unistd.h>
+#include <string.h>
+#include <printf.h>
+
+#include "ca.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+
+typedef struct private_ca_info_t private_ca_info_t;
+
+/**
+ * Private data of a ca_info_t object.
+ */
+struct private_ca_info_t {
+ /**
+ * Public interface for this ca info record
+ */
+ ca_info_t public;
+
+ /**
+ * Name of the ca info record
+ */
+ char *name;
+
+ /**
+ * Time when ca info record was installed
+ */
+ time_t installed;
+
+ /**
+ * Distinguished Name of the CA
+ */
+ identification_t *authName;
+
+ /**
+ * Authority Key Identifier
+ */
+ chunk_t authKeyID;
+
+ /**
+ * Authority Key Serial Number
+ */
+ chunk_t authKeySerialNumber;
+
+ /**
+ * List of crlDistributionPoints
+ */
+ linked_list_t *crlDistributionPoints;
+
+ /**
+ * List of ocspAccessPoints
+ */
+ linked_list_t *ocspAccessPoints;
+};
+
+/**
+ * Implements ca_info_t.add_crluri
+ */
+static void add_crluri(private_ca_info_t *this, const char* uri)
+{
+ if (uri == NULL)
+ {
+ return;
+ }
+ if (!strncasecmp(uri, "http", 4)
+ && !strncasecmp(uri, "ldap", 4)
+ && !strncasecmp(uri, "file", 4)
+ && !strncasecmp(uri, "ftp", 3))
+ {
+ DBG1(" invalid CRL URI: '%s'", uri);
+ return;
+ }
+}
+
+/**
+ * Implements ca_info_t.add_ocspuri
+ */
+static void add_ocspuri(private_ca_info_t *this, const char* uri)
+{
+ if (uri == NULL)
+ {
+ return;
+ }
+ if (!strncasecmp(uri, "http", 4))
+ {
+ DBG1(" invalid OCSP URI: '%s'", uri);
+ return;
+ }
+}
+
+/**
+ * Implements ca_info_t.destroy
+ */
+static void destroy(private_ca_info_t *this)
+{
+ this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
+ offsetof(identification_t, destroy));
+ this->ocspAccessPoints->destroy_offset(this->ocspAccessPoints,
+ offsetof(identification_t, destroy));
+ DESTROY_IF(this->authName);
+ free(this->authKeyID.ptr);
+ free(this->authKeySerialNumber.ptr);
+ free(this->name);
+ free(this);
+}
+
+/**
+ * output handler in printf()
+ */
+static int print(FILE *stream, const struct printf_info *info,
+ const void *const *args)
+{
+ private_ca_info_t *this = *((private_ca_info_t**)(args[0]));
+ bool utc = TRUE;
+ int written = 0;
+ time_t now;
+
+ if (info->alt)
+ {
+ utc = *((bool*)args[1]);
+ }
+
+ if (this == NULL)
+ {
+ return fprintf(stream, "(null)");
+ }
+
+ now = time(NULL);
+
+ written += fprintf(stream, "%#T, ", &this->installed, utc);
+ written += fprintf(stream, "\"%s\"\n", this->name);
+ written += fprintf(stream, " authname: '%D'\n", this->authName);
+
+ return written;
+}
+
+/**
+ * register printf() handlers
+ */
+static void __attribute__ ((constructor))print_register()
+{
+ register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int);
+}
+
+/*
+ * Described in header.
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert)
+{
+ private_ca_info_t *this = malloc_thing(private_ca_info_t);
+
+ /* initialize */
+ this->name = strdup(name);
+ this->authName = NULL;
+ this->authKeyID = chunk_empty;
+ this->authKeySerialNumber = chunk_empty;
+ this->crlDistributionPoints = linked_list_create();
+ this->ocspAccessPoints = linked_list_create();
+
+ /* public functions */
+ this->public.add_crluri = (void (*) (ca_info_t*,const char*))add_crluri;
+ this->public.add_ocspuri = (void (*) (ca_info_t*,const char*))add_ocspuri;
+ this->public.destroy = (void (*) (ca_info_t*))destroy;
+
+ return &this->public;
+}
--- /dev/null
+/**
+ * @file ca.h
+ *
+ * @brief Interface of ca_info_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CA_H_
+#define CA_H_
+
+typedef struct ca_info_t ca_info_t;
+
+#include <library.h>
+
+#include "x509.h"
+
+/**
+ * @brief X.509 certification authority information record
+ *
+ * @b Constructors:
+ * - ca_info_create()
+ *
+ * @ingroup transforms
+ */
+struct ca_info_t {
+
+ /**
+ * @brief Adds a CRL URI to a list
+ *
+ * @param this ca info object
+ * @param uri crl uri string to be added
+ */
+ void (*add_crluri) (ca_info_t *this, const char* uri);
+
+ /**
+ * @brief Adds a CRL URI to a list
+ *
+ * @param this ca info object
+ * @param uri ocsp uri string to be added
+ */
+ void (*add_ocspuri) (ca_info_t *this, const char* uri);
+
+ /**
+ * @brief Destroys a ca info record
+ *
+ * @param this ca info to destroy
+ */
+ void (*destroy) (ca_info_t *this);
+};
+
+/**
+ * @brief Create a ca info record
+ *
+ * @param name name of the ca info record
+ * @param cacert path to the ca certificate
+ * @return created ca_info_t, or NULL if invalid.
+ *
+ * @ingroup transforms
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert);
+
+#endif /* CA_H_ */
projects / thirdparty / strongswan.git / commitdiff
