static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
certinfo_t *certinfo)
{
- /* TODO implement function */
- return CERT_UNDEFINED;
+ pthread_mutex_lock(&(this->mutex));
+
+ /* do we have a valid certinfo record for this serial number in our cache? */
+ {
+ iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
+ certinfo_t *current_certinfo;
+ bool found = FALSE;
+
+ while(iterator->iterate(iterator, (void**)¤t_certinfo))
+ {
+ if (certinfo->equals_serialNumber(certinfo, current_certinfo))
+ {
+ found = TRUE;
+ DBG2("ocsp status found");
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ if (!found)
+ {
+ DBG2("ocsp status is not in cache");
+ }
+ }
+
+ pthread_mutex_unlock(&(this->mutex));
+ return certinfo->get_status(certinfo);
}
/**
"remove from crl",
);
+/**
+ * Implements certinfo_t.equals_serialNumber
+ */
+static bool equals_serialNumber(const private_certinfo_t *this, const private_certinfo_t *that)
+{
+ return chunk_equals(this->serialNumber, that->serialNumber);
+}
+
/**
* Implements certinfo_t.get_serialNumber
*/
this->revocationReason = REASON_UNSPECIFIED;
/* public functions */
+ this->public.equals_serialNumber = (bool (*) (const certinfo_t*,const certinfo_t*))equals_serialNumber;
this->public.get_serialNumber = (chunk_t (*) (const certinfo_t*))get_serialNumber;
this->public.set_status = (void (*) (certinfo_t*,cert_status_t))set_status;
this->public.get_status = (cert_status_t (*) (const certinfo_t*))get_status;
*/
struct certinfo_t {
+ /**
+ * @brief Check if both certinfo objects have the same serialNumber.
+ *
+ * @param this calling object
+ * @param that second certinfo_t object
+ * @return TRUE if the same serialNumber
+ */
+ bool (*equals_serialNumber) (const certinfo_t *this, const certinfo_t *that);
+
+
/**
* @brief Get serial number.
*
projects / thirdparty / strongswan.git / commitdiff
