From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 23 Feb 2007 15:14:59 +0000 (-0000)
Subject: support of ca info records
X-Git-Tag: 4.0.7~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ef41cdad9743795e00ce365b45e3255fe52af4d;p=thirdparty%2Fstrongswan.git

support of ca info records
---

diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 7fa20e4b2e..bc1f79626f 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -6,36 +6,38 @@ chunk.c chunk.h \
 debug.c debug.h \
 enum.c enum.h \
 printf_hook.c printf_hook.h \
-asn1/oid.c asn1/oid.h \
 asn1/asn1.c asn1/asn1.h \
+asn1/oid.c asn1/oid.h \
 asn1/pem.c asn1/pem.h \
 asn1/ttodata.c asn1/ttodata.h \
-crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
-crypto/rsa/rsa_public_key.h  crypto/rsa/rsa_public_key.c \
-crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
-crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
-crypto/prfs/prf.c crypto/prfs/prf.h \
-crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
-crypto/signers/signer.c crypto/signers/signer.h \
+crypto/ca.c crypto/ca.h \
+crypto/certinfo.c crypto/certinfo.h \
+crypto/crl.c crypto/crl.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/crypters/aes_cbc_crypter.c  crypto/crypters/aes_cbc_crypter.h\
 crypto/crypters/des_crypter.c  crypto/crypters/des_crypter.h\
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
 crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
 crypto/hashers/md5_hasher.c  crypto/hashers/md5_hasher.h \
-crypto/prf_plus.h crypto/prf_plus.c \
 crypto/hmac.c crypto/hmac.h \
-crypto/certinfo.c crypto/certinfo.h \
+crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
+crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
+crypto/prfs/prf.c crypto/prfs/prf.h \
+crypto/prf_plus.h crypto/prf_plus.c \
+crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
+crypto/rsa/rsa_public_key.h  crypto/rsa/rsa_public_key.c \
+crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
+crypto/signers/signer.c crypto/signers/signer.h \
 crypto/x509.c crypto/x509.h \
-crypto/crl.c crypto/crl.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
-utils/identification.c utils/identification.h \
-utils/linked_list.c utils/linked_list.h utils/iterator.h\
-utils/randomizer.c utils/randomizer.h \
 utils/host.c utils/host.h \
+utils/identification.c utils/identification.h \
+utils/iterator.h \
+utils/leak_detective.c utils/leak_detective.h \
 utils/lexparser.c utils/lexparser.h \
-utils/leak_detective.c utils/leak_detective.h
+utils/linked_list.c utils/linked_list.h \
+utils/randomizer.c utils/randomizer.h
 
 libstrongswan_la_LIBADD = -lgmp -lpthread
 
diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c
new file mode 100644
index 0000000000..b40d244cc6
--- /dev/null
+++ b/src/libstrongswan/crypto/ca.c
@@ -0,0 +1,192 @@
+/**
+ * @file ca.c
+ * 
+ * @brief Implementation of ca_info_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <sys/stat.h>
+#include <unistd.h>
+#include <string.h>
+#include <printf.h>
+
+#include "ca.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+
+typedef struct private_ca_info_t private_ca_info_t;
+
+/**
+ * Private data of a ca_info_t object.
+ */
+struct private_ca_info_t {
+	/**
+	 * Public interface for this ca info record
+	 */
+	ca_info_t public;
+	
+	/**
+	 * Name of the ca info record
+	 */
+	char *name;
+
+	/**
+	 * Time when ca info record was installed
+	 */
+	time_t installed;
+
+	/**
+	 * Distinguished Name of the CA
+	 */
+	identification_t *authName;
+	
+	/**
+	 * Authority Key Identifier
+	 */
+	chunk_t authKeyID;
+
+	/**
+	 * Authority Key Serial Number
+	 */
+	chunk_t authKeySerialNumber;
+	
+	/**
+	 * List of crlDistributionPoints
+	 */
+	linked_list_t *crlDistributionPoints;
+
+	/**
+	 * List of ocspAccessPoints
+	 */
+	linked_list_t *ocspAccessPoints;
+};
+
+/**
+ * Implements ca_info_t.add_crluri
+ */
+static void add_crluri(private_ca_info_t *this, const char* uri)
+{
+	if (uri == NULL)
+	{
+		return;
+	}
+	if (!strncasecmp(uri, "http", 4)
+    &&  !strncasecmp(uri, "ldap", 4)
+    &&  !strncasecmp(uri, "file", 4)
+	&&  !strncasecmp(uri, "ftp",  3))
+	{
+		DBG1("  invalid CRL URI: '%s'", uri);
+		return;
+	}
+}
+
+/**
+ * Implements ca_info_t.add_ocspuri
+ */
+static void add_ocspuri(private_ca_info_t *this, const char* uri)
+{
+	if (uri == NULL)
+	{
+		return;
+	}
+	if (!strncasecmp(uri, "http", 4))
+	{
+		DBG1("  invalid OCSP URI: '%s'", uri);
+		return;
+	}
+}
+
+/**
+ * Implements ca_info_t.destroy
+ */
+static void destroy(private_ca_info_t *this)
+{
+	this->crlDistributionPoints->destroy_offset(this->crlDistributionPoints,
+												offsetof(identification_t, destroy));
+	this->ocspAccessPoints->destroy_offset(this->ocspAccessPoints,
+												offsetof(identification_t, destroy));
+	DESTROY_IF(this->authName);
+	free(this->authKeyID.ptr);
+	free(this->authKeySerialNumber.ptr);
+	free(this->name);
+	free(this);
+}
+
+/**
+ * output handler in printf()
+ */
+static int print(FILE *stream, const struct printf_info *info,
+				 const void *const *args)
+{
+	private_ca_info_t *this = *((private_ca_info_t**)(args[0]));
+	bool utc = TRUE;
+	int written = 0;
+	time_t now;
+	
+	if (info->alt)
+	{
+		utc = *((bool*)args[1]);
+	}
+	
+	if (this == NULL)
+	{
+		return fprintf(stream, "(null)");
+	}
+	
+	now = time(NULL);
+	
+	written += fprintf(stream, "%#T, ", &this->installed, utc);
+	written += fprintf(stream, "\"%s\"\n", this->name);
+	written += fprintf(stream, "    authname:  '%D'\n", this->authName);
+
+	return written;
+}
+
+/**
+ * register printf() handlers
+ */
+static void __attribute__ ((constructor))print_register()
+{
+	register_printf_function(PRINTF_CAINFO, print, arginfo_ptr_alt_ptr_int);
+}
+
+/*
+ * Described in header.
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert)
+{
+	private_ca_info_t *this = malloc_thing(private_ca_info_t);
+	
+	/* initialize */
+	this->name = strdup(name);
+	this->authName = NULL;
+	this->authKeyID = chunk_empty;
+	this->authKeySerialNumber = chunk_empty;
+	this->crlDistributionPoints = linked_list_create();
+	this->ocspAccessPoints = linked_list_create();
+	
+	/* public functions */
+	this->public.add_crluri = (void (*) (ca_info_t*,const char*))add_crluri;
+	this->public.add_ocspuri = (void (*) (ca_info_t*,const char*))add_ocspuri;
+	this->public.destroy = (void (*) (ca_info_t*))destroy;
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h
new file mode 100644
index 0000000000..deff8305c6
--- /dev/null
+++ b/src/libstrongswan/crypto/ca.h
@@ -0,0 +1,77 @@
+/**
+ * @file ca.h
+ * 
+ * @brief Interface of ca_info_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CA_H_
+#define CA_H_
+
+typedef struct ca_info_t ca_info_t;
+
+#include <library.h>
+
+#include "x509.h"
+
+/**
+ * @brief X.509 certification authority information record
+ * 
+ * @b Constructors:
+ *  - ca_info_create()
+ * 
+ * @ingroup transforms
+ */
+struct ca_info_t {
+
+	/**
+	 * @brief Adds a CRL URI to a list
+	 * 
+	 * @param this			ca info object
+	 * @param uri			crl uri string to be added
+	 */
+	void (*add_crluri) (ca_info_t *this, const char* uri);
+
+	/**
+	 * @brief Adds a CRL URI to a list
+	 * 
+	 * @param this			ca info object
+	 * @param uri			ocsp uri string to be added
+	 */
+	void (*add_ocspuri) (ca_info_t *this, const char* uri);
+
+	/**
+	 * @brief Destroys a ca info record
+	 * 
+	 * @param this			ca info to destroy
+	 */
+	void (*destroy) (ca_info_t *this);
+};
+
+/**
+ * @brief Create a ca info record
+ * 
+ * @param name 		name of the ca info record
+ * @param cacert	path to the ca certificate
+ * @return 			created ca_info_t, or NULL if invalid.
+ * 
+ * @ingroup transforms
+ */
+ca_info_t *ca_info_create(const char *name, const x509_t *cacert);
+
+#endif /* CA_H_ */