asn1_shrink_any ( &cursor );
/* Return stored certificate, if present */
- if ( ( *cert = x509_find ( &certstore, &cursor ) ) != NULL ) {
+ if ( ( *cert = x509_find ( NULL, &cursor ) ) != NULL ) {
/* Add caller's reference */
x509_get ( *cert );
/**
* Mark X.509 certificate as found
*
- * @v certs X.509 certificate list
+ * @v store Certificate store
* @v cert X.509 certificate
* @ret cert X.509 certificate
*/
-static struct x509_certificate * x509_found ( struct x509_chain *certs,
+static struct x509_certificate * x509_found ( struct x509_chain *store,
struct x509_certificate *cert ) {
+ /* Sanity check */
+ assert ( store != NULL );
+
/* Mark as found, if applicable */
- if ( certs->found )
- certs->found ( certs, cert );
+ if ( store->found )
+ store->found ( store, cert );
return cert;
}
/**
* Identify X.509 certificate by raw certificate data
*
- * @v certs X.509 certificate list
+ * @v store Certificate store, or NULL to use default
* @v raw Raw certificate data
* @ret cert X.509 certificate, or NULL if not found
*/
-struct x509_certificate * x509_find ( struct x509_chain *certs,
+struct x509_certificate * x509_find ( struct x509_chain *store,
const struct asn1_cursor *raw ) {
struct x509_link *link;
struct x509_certificate *cert;
+ /* Use default certificate store if none specified */
+ if ( ! store )
+ store = &certstore;
+
/* Search for certificate within store */
- list_for_each_entry ( link, &certs->links, list ) {
+ list_for_each_entry ( link, &store->links, list ) {
/* Check raw certificate data */
cert = link->cert;
if ( asn1_compare ( raw, &cert->raw ) == 0 )
- return x509_found ( certs, cert );
+ return x509_found ( store, cert );
}
return NULL;
/**
* Identify X.509 certificate by subject
*
- * @v certs X.509 certificate list
+ * @v store Certificate store, or NULL to use default
* @v subject Subject
* @ret cert X.509 certificate, or NULL if not found
*/
struct x509_certificate *
-x509_find_subject ( struct x509_chain *certs,
+x509_find_subject ( struct x509_chain *store,
const struct asn1_cursor *subject ) {
struct x509_link *link;
struct x509_certificate *cert;
+ /* Use default certificate store if none specified */
+ if ( ! store )
+ store = &certstore;
+
/* Scan through certificate list */
- list_for_each_entry ( link, &certs->links, list ) {
+ list_for_each_entry ( link, &store->links, list ) {
/* Check subject */
cert = link->cert;
if ( asn1_compare ( subject, &cert->subject.raw ) == 0 )
- return x509_found ( certs, cert );
+ return x509_found ( store, cert );
}
return NULL;
/**
* Identify X.509 certificate by issuer and serial number
*
- * @v certs X.509 certificate list
+ * @v store Certificate store, or NULL to use default
* @v issuer Issuer
* @v serial Serial number
* @ret cert X.509 certificate, or NULL if not found
*/
struct x509_certificate *
-x509_find_issuer_serial ( struct x509_chain *certs,
+x509_find_issuer_serial ( struct x509_chain *store,
const struct asn1_cursor *issuer,
const struct asn1_cursor *serial ) {
struct x509_link *link;
struct x509_certificate *cert;
+ /* Use default certificate store if none specified */
+ if ( ! store )
+ store = &certstore;
+
/* Scan through certificate list */
- list_for_each_entry ( link, &certs->links, list ) {
+ list_for_each_entry ( link, &store->links, list ) {
/* Check issuer and serial number */
cert = link->cert;
if ( ( asn1_compare ( issuer, &cert->issuer.raw ) == 0 ) &&
( asn1_compare ( serial, &cert->serial.raw ) == 0 ) )
- return x509_found ( certs, cert );
+ return x509_found ( store, cert );
}
return NULL;
/**
* Identify X.509 certificate by corresponding public key
*
- * @v certs X.509 certificate list
+ * @v store Certificate store, or NULL to use default
* @v key Private key
* @ret cert X.509 certificate, or NULL if not found
*/
-struct x509_certificate * x509_find_key ( struct x509_chain *certs,
+struct x509_certificate * x509_find_key ( struct x509_chain *store,
struct private_key *key ) {
struct x509_link *link;
struct x509_certificate *cert;
+ /* Use default certificate store if none specified */
+ if ( ! store )
+ store = &certstore;
+
/* Scan through certificate list */
- list_for_each_entry ( link, &certs->links, list ) {
+ list_for_each_entry ( link, &store->links, list ) {
/* Check public key */
cert = link->cert;
key->builder.data, key->builder.len,
cert->subject.public_key.raw.data,
cert->subject.public_key.raw.len ) == 0 )
- return x509_found ( certs, cert );
+ return x509_found ( store, cert );
}
return NULL;
* Append X.509 certificates to X.509 certificate chain
*
* @v chain X.509 certificate chain
- * @v certs X.509 certificate list
+ * @v store Certificate store, or NULL to use default
* @ret rc Return status code
*
* Certificates will be automatically appended to the chain based upon
* the subject and issuer names.
*/
-int x509_auto_append ( struct x509_chain *chain, struct x509_chain *certs ) {
+int x509_auto_append ( struct x509_chain *chain, struct x509_chain *store ) {
struct x509_certificate *cert;
struct x509_certificate *previous;
int rc;
/* Find issuing certificate */
previous = cert;
- cert = x509_find_subject ( certs, &cert->issuer.raw );
+ cert = x509_find_subject ( store, &cert->issuer.raw );
if ( ! cert )
break;
if ( cert == previous )
struct x509_link *link;
int rc;
- /* Use default certificate store if none specified */
- if ( ! store )
- store = &certstore;
-
/* Append any applicable certificates from the certificate store */
if ( ( rc = x509_auto_append ( chain, store ) ) != 0 )
return rc;
struct list_head links;
/** Mark certificate as found
*
- * @v certs X.509 certificate list
+ * @v store Certificate store
* @v cert X.509 certificate
*/
- void ( * found ) ( struct x509_chain *certs,
+ void ( * found ) ( struct x509_chain *store,
struct x509_certificate *cert );
};
extern int x509_append_raw ( struct x509_chain *chain, const void *data,
size_t len );
extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
-extern struct x509_certificate * x509_find ( struct x509_chain *certs,
+extern struct x509_certificate * x509_find ( struct x509_chain *store,
const struct asn1_cursor *raw );
extern struct x509_certificate *
-x509_find_subject ( struct x509_chain *certs,
+x509_find_subject ( struct x509_chain *store,
const struct asn1_cursor *subject );
extern struct x509_certificate *
-x509_find_issuer_serial ( struct x509_chain *certs,
+x509_find_issuer_serial ( struct x509_chain *store,
const struct asn1_cursor *issuer,
const struct asn1_cursor *serial );
-extern struct x509_certificate * x509_find_key ( struct x509_chain *certs,
+extern struct x509_certificate * x509_find_key ( struct x509_chain *store,
struct private_key *key );
extern int x509_auto_append ( struct x509_chain *chain,
- struct x509_chain *certs );
+ struct x509_chain *store );
extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
struct x509_chain *store,
struct x509_root *root );
projects / thirdparty / ipxe.git / commitdiff
