Added name constraint enumerator to x509 interface

diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index cadb4019949b95f2f1775ae1d340e27ae05b821d..ec6a3357865b47caeb8284f53924d774675599f6 100644 (file)
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -128,6 +128,14 @@ struct x509_t {
         * @return                      enumerator over ipAddrBlocks as traffic_selector_t*
         */
        enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
+
+       /**
+        * Create an enumerator over name constraints.
+        *
+        * @param perm          TRUE for permitted, FALSE for excluded subtrees
+        * @return                      enumerator over subtrees as identification_t
+        */
+       enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
 };
 
 #endif /** X509_H_ @}*/

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 1630d8faf05e7947700f4b60fc212242101d4d29..b6a06d0151eb89b2899d327d4d7ccc52e43ebf84 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -579,6 +579,7 @@ static private_openssl_x509_t *create_empty()
                                .create_crl_uri_enumerator = _create_crl_uri_enumerator,
                                .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator,
                                .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator,
+                               .create_name_constraint_enumerator = (void*)enumerator_create_empty,
                        },
                },
                .subjectAltNames = linked_list_create(),

diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 23c0262a25cc6778e5de2210f8362d0bd1ea44c1..cf85fe9958ac8a7b2e0b4b7e0df7c7b1c975b83a 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -131,6 +131,16 @@ struct private_x509_cert_t {
         */
        linked_list_t *ipAddrBlocks;
 
+       /**
+        * List of permitted name constraints
+        */
+       linked_list_t *permitted_names;
+
+       /**
+        * List of exluced name constraints
+        */
+       linked_list_t *excluded_names;
+
        /**
         * certificate's embedded public key
         */
@@ -1465,6 +1475,16 @@ METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*,
        return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks);
 }
 
+METHOD(x509_t, create_name_constraint_enumerator, enumerator_t*,
+       private_x509_cert_t *this, bool perm)
+{
+       if (perm)
+       {
+               return this->permitted_names->create_enumerator(this->permitted_names);
+       }
+       return this->excluded_names->create_enumerator(this->excluded_names);
+}
+
 METHOD(certificate_t, destroy, void,
        private_x509_cert_t *this)
 {
@@ -1474,7 +1494,12 @@ METHOD(certificate_t, destroy, void,
                                                                        offsetof(identification_t, destroy));
                this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy);
                this->ocsp_uris->destroy_function(this->ocsp_uris, free);
-               this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy));
+               this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks,
+                                                                               offsetof(traffic_selector_t, destroy));
+               this->permitted_names->destroy_offset(this->permitted_names,
+                                                                               offsetof(identification_t, destroy));
+               this->excluded_names->destroy_offset(this->excluded_names,
+                                                                               offsetof(identification_t, destroy));
                DESTROY_IF(this->issuer);
                DESTROY_IF(this->subject);
                DESTROY_IF(this->public_key);
@@ -1524,6 +1549,7 @@ static private_x509_cert_t* create_empty(void)
                                .create_crl_uri_enumerator = _create_crl_uri_enumerator,
                                .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator,
                                .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator,
+                               .create_name_constraint_enumerator = _create_name_constraint_enumerator,
                        },
                },
                .version = 1,
@@ -1531,6 +1557,8 @@ static private_x509_cert_t* create_empty(void)
                .crl_uris = linked_list_create(),
                .ocsp_uris = linked_list_create(),
                .ipAddrBlocks = linked_list_create(),
+               .permitted_names = linked_list_create(),
+               .excluded_names = linked_list_create(),
                .pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT,
                .ref = 1,
        );