cert_data_t *data, enumerator_t *orig, va_list args)
{
ca_cert_t *cacert;
- public_key_t *public;
certificate_t **out;
VA_ARGS_VGET(args, out);
while (orig->enumerate(orig, &cacert))
{
- certificate_t *cert = cacert->cert;
-
- if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
- {
- continue;
- }
- public = cert->get_public_key(cert);
- if (public)
- {
- if (data->key == KEY_ANY || data->key == public->get_type(public))
- {
- if (data->id && public->has_fingerprint(public,
- data->id->get_encoding(data->id)))
- {
- public->destroy(public);
- *out = cert;
- return TRUE;
- }
- }
- else
- {
- public->destroy(public);
- continue;
- }
- public->destroy(public);
- }
- else if (data->key != KEY_ANY)
- {
- continue;
- }
- if (!data->id || cert->has_subject(cert, data->id))
+ if (certificate_matches(cacert->cert, data->cert, data->key, data->id))
{
- *out = cert;
+ *out = cacert->cert;
return TRUE;
}
}
/*
+ * Copyright (C) 2020 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Copyright (C) 2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
type, &that_update, FALSE, newer ? "replaced" : "retained");
return newer;
}
+
+/*
+ * Described in header
+ */
+bool certificate_matches(certificate_t *cert, certificate_type_t type,
+ key_type_t key, identification_t *id)
+{
+ public_key_t *public;
+
+ if (type != CERT_ANY && type != cert->get_type(cert))
+ {
+ return FALSE;
+ }
+ public = cert->get_public_key(cert);
+ if (public)
+ {
+ if (key == KEY_ANY || key == public->get_type(public))
+ {
+ if (id && public->has_fingerprint(public, id->get_encoding(id)))
+ {
+ public->destroy(public);
+ return TRUE;
+ }
+ }
+ else
+ {
+ public->destroy(public);
+ return FALSE;
+ }
+ public->destroy(public);
+ }
+ else if (key != KEY_ANY)
+ {
+ return FALSE;
+ }
+ return !id || cert->has_subject(cert, id);
+}
/*
+ * Copyright (C) 2020 Tobias Brunner
* Copyright (C) 2007-2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
*/
bool certificate_is_newer(certificate_t *cert, certificate_t *other);
+/**
+ * Check if the given certificate matches the given type, key type and identity,
+ * all of which are optional.
+ *
+ * Note that the identity may also be a public key fingerprint.
+ *
+ * @param cert certificate
+ * @param type certificate type to match, or CERT_ANY
+ * @param key key type to match, or KEY_ANY
+ * @param id identity to match, or NULL
+ */
+bool certificate_matches(certificate_t *cert, certificate_type_t type,
+ key_type_t key, identification_t *id);
+
#endif /** CERTIFICATE_H_ @}*/
CALLBACK(certs_filter, bool,
cert_data_t *data, enumerator_t *orig, va_list args)
{
- public_key_t *public;
certificate_t *cert, **out;
VA_ARGS_VGET(args, out);
while (orig->enumerate(orig, &cert))
{
- if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
- {
- continue;
- }
- public = cert->get_public_key(cert);
- if (public)
- {
- if (data->key == KEY_ANY || data->key == public->get_type(public))
- {
- if (data->id && public->has_fingerprint(public,
- data->id->get_encoding(data->id)))
- {
- public->destroy(public);
- *out = cert;
- return TRUE;
- }
- }
- else
- {
- public->destroy(public);
- continue;
- }
- public->destroy(public);
- }
- else if (data->key != KEY_ANY)
- {
- continue;
- }
- if (!data->id || cert->has_subject(cert, data->id))
+ if (certificate_matches(cert, data->cert, data->key, data->id))
{
*out = cert;
return TRUE;
projects / thirdparty / strongswan.git / commitdiff
