#include <unistd.h>
#include <dirent.h>
#include <sys/types.h>
+#include <time.h>
#include <freeswan.h>
{
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of X.509 Attribute Certificates:");
- whack_log(RC_COMMENT, " ");
}
while (x509ac)
time_t notBefore, notAfter;
ietf_attributes_t *groups;
-
- whack_log(RC_COMMENT, "%T", &x509ac->installed, utc);
+ whack_log(RC_COMMENT, " ");
entityName = cert_ac->get_subject(cert_ac);
if (entityName)
{
- whack_log(RC_COMMENT, " holder: '%Y'", entityName);
+ whack_log(RC_COMMENT, " holder: \"%Y\"", entityName);
}
holderIssuer = ac->get_holderIssuer(ac);
if (holderIssuer)
{
- whack_log(RC_COMMENT, " hissuer: '%Y'", holderIssuer);
+ whack_log(RC_COMMENT, " hissuer: \"%Y\"", holderIssuer);
}
holderSerial = ac->get_holderSerial(ac);
if (holderSerial.ptr)
{
- whack_log(RC_COMMENT, " hserial: %#B", &holderSerial);
+ whack_log(RC_COMMENT, " hserial: %#B", &holderSerial);
}
groups = ac->get_groups(ac);
if (groups)
{
- whack_log(RC_COMMENT, " groups: %s",
+ whack_log(RC_COMMENT, " groups: %s",
groups->get_string(groups));
groups->destroy(groups);
}
issuer = cert_ac->get_issuer(cert_ac);
- whack_log(RC_COMMENT, " issuer: '%Y'", issuer);
+ whack_log(RC_COMMENT, " issuer: \"%Y\"", issuer);
serial = ac->get_serial(ac);
- whack_log(RC_COMMENT, " serial: %#B", &serial);
+ whack_log(RC_COMMENT, " serial: %#B", &serial);
cert_ac->get_validity(cert_ac, &now, ¬Before, ¬After);
- whack_log(RC_COMMENT, " validity: not before %T %s",
+ whack_log(RC_COMMENT, " validity: not before %T %s",
¬Before, utc,
(notBefore < now)?"ok":"fatal (not valid yet)");
- whack_log(RC_COMMENT, " not after %T %s",
- ¬After, utc,
+ whack_log(RC_COMMENT, " not after %T %s", ¬After, utc,
check_expiry(notAfter, ACERT_WARNING_INTERVAL, TRUE));
authKeyID = ac->get_authKeyIdentifier(ac);
if (authKeyID.ptr)
{
- whack_log(RC_COMMENT, " authkey: %#B", &authKeyID);
+ whack_log(RC_COMMENT, " authkey: %#B", &authKeyID);
}
x509ac = x509ac->next;
#ifndef _AC_H
#define _AC_H
-#include <time.h>
-
#include <credentials/certificates/certificate.h>
#include <credentials/ietf_attributes/ietf_attributes.h>
struct x509acert {
certificate_t *ac;
x509acert_t *next;
- time_t installed;
};
extern bool verify_x509acert(x509acert_t *ac, bool strict);
*cert = cert_empty;
cert->type = CERT_X509_SIGNATURE;
cert->u.x509 = x509cert;
- time(&x509cert->installed);
return cert;
}
plog(" error in X.509 certificate");
{
ac = malloc_thing(x509acert_t);
ac->next = NULL;
- ac->installed = UNDEFINED_TIME;
ac->ac = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_AC,
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
if (blob.ptr)
{
crl = malloc_thing(x509crl_t);
- *crl = empty_x509crl;
+ crl->next = NULL;
crl->distributionPoints = linked_list_create();
-
crl->crl = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_CRL,
BUILD_BLOB_ASN1_DER, blob,
ca->next = ca_infos;
ca_infos = ca;
- ca->installed = time(NULL);
unlock_ca_info_list("add_ca_info");
{
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of X.509 CA Information Records:");
- whack_log(RC_COMMENT, " ");
}
while (ca != NULL)
, &ca->installed, utc, ca->name
, ca->strictcrlpolicy? "yes":"no");
*/
- whack_log(RC_COMMENT, "%T, \"%s\"", &ca->installed, utc, ca->name);
+ whack_log(RC_COMMENT, " ");
dntoa(buf, BUF_LEN, ca->authName);
- whack_log(RC_COMMENT, " authname: '%s'", buf);
- if (ca->ldaphost != NULL)
- whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost);
- if (ca->ldapbase != NULL)
- whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase);
- if (ca->ocspuri != NULL)
- whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri);
+ whack_log(RC_COMMENT, " authname: \"%s\"", buf);
+ if (ca->ldaphost)
+ {
+ whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost);
+ }
+ if (ca->ldapbase)
+ {
+ whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase);
+ }
+ if (ca->ocspuri)
+ {
+ whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri);
+ }
list_distribution_points(ca->crluris);
{
datatot(ca->authKeyID.ptr, ca->authKeyID.len, ':'
, buf, BUF_LEN);
- whack_log(RC_COMMENT, " authkey: %s", buf);
+ whack_log(RC_COMMENT, " authkey: %s", buf);
}
ca = ca->next;
}
}
-
struct ca_info {
ca_info_t *next;
char *name;
- time_t installed;
chunk_t authName;
chunk_t authKeyID;
char *ldaphost;
/* chained lists of X.509 crls */
-static x509crl_t *x509crls = NULL;
-
-const x509crl_t empty_x509crl = {
- NULL , /* crl */
- NULL , /* *next */
- UNDEFINED_TIME, /* installed */
- NULL , /* distributionPoints */
-};
+static x509crl_t *x509crls = NULL;
/**
* Get the X.509 CRL with a given issuer
{
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of X.509 CRLs:");
- whack_log(RC_COMMENT, " ");
}
while (x509crl)
u_int revoked = 0;
enumerator_t *enumerator;
+ whack_log(RC_COMMENT, " ");
+ whack_log(RC_COMMENT, " issuer: \"%Y\"",
+ cert_crl->get_issuer(cert_crl));
+ serial = crl->get_serial(crl);
+ if (serial.ptr)
+ {
+ whack_log(RC_COMMENT, " serial: %#B", &serial);
+ }
+
/* count number of revoked certificates in CRL */
enumerator = crl->create_enumerator(crl);
while (enumerator->enumerate(enumerator, NULL, NULL, NULL))
revoked++;
}
enumerator->destroy(enumerator);
+ whack_log(RC_COMMENT, " revoked: %d certificates", revoked);
- whack_log(RC_COMMENT, "%T, revoked certs: %d",
- &x509crl->installed, utc, revoked);
- whack_log(RC_COMMENT, " issuer: '%Y'",
- cert_crl->get_issuer(cert_crl));
- serial = crl->get_serial(crl);
- if (serial.ptr)
- {
- whack_log(RC_COMMENT, " crlnumber: %#B", &serial);
- }
list_distribution_points(x509crl->distributionPoints);
cert_crl->get_validity(cert_crl, NULL, &thisUpdate, &nextUpdate);
- whack_log(RC_COMMENT, " updates: this %T",
- &thisUpdate, utc);
- whack_log(RC_COMMENT, " next %T %s",
- &nextUpdate, utc,
+ whack_log(RC_COMMENT, " updates: this %T", &thisUpdate, utc);
+ whack_log(RC_COMMENT, " next %T %s", &nextUpdate, utc,
check_expiry(nextUpdate, CRL_WARNING_INTERVAL, strict));
authKeyID = crl->get_authKeyIdentifier(crl);
if (authKeyID.ptr)
{
- whack_log(RC_COMMENT, " authkey: %#B", &authKeyID);
+ whack_log(RC_COMMENT, " authkey: %#B", &authKeyID);
}
x509crl = x509crl->next;
struct x509crl {
certificate_t *crl;
x509crl_t *next;
- time_t installed;
linked_list_t *distributionPoints;
chunk_t signature;
};
* check periodically for expired crls
*/
extern long crl_check_interval;
-
-/* used for initialization */
-extern const x509crl_t empty_x509crl;
-
extern void load_crls(void);
extern void check_crls(void);
extern bool insert_crl(x509crl_t *crl, char *crl_uri, bool cache_crl);
fetch_req_t empty_fetch_req = {
NULL , /* next */
- 0 , /* installed */
0 , /* trials */
{ NULL, 0}, /* issuer */
{ NULL, 0}, /* authKeyID */
memset(req, 0, sizeof(fetch_req_t));
req->distributionPoints = linked_list_create();
- /* note current time */
- req->installed = time(NULL);
-
/* clone fields */
req->issuer = chunk_clone(issuer);
req->authKeyID = chunk_clone(authKeyID);
enumerator = distributionPoints->create_enumerator(distributionPoints);
while (enumerator->enumerate(enumerator, &point))
{
- whack_log(RC_COMMENT, " %s '%s'",
+ whack_log(RC_COMMENT, " %s '%s'",
(first_point)? "distPts: " : " ", point);
first_point = FALSE;
}
if (req != NULL)
{
whack_log(RC_COMMENT, " ");
- whack_log(RC_COMMENT, "List of CRL fetch requests:");
+ whack_log(RC_COMMENT, "List of CRL Fetch Requests:");
whack_log(RC_COMMENT, " ");
}
{
u_char buf[BUF_LEN];
- whack_log(RC_COMMENT, "%T, trials: %d"
- , &req->installed, utc, req->trials);
+ whack_log(RC_COMMENT, " trials: %d", req->trials);
dntoa(buf, BUF_LEN, req->issuer);
- whack_log(RC_COMMENT, " issuer: '%s'", buf);
+ whack_log(RC_COMMENT, " issuer: '%s'", buf);
if (req->authKeyID.ptr != NULL)
{
datatot(req->authKeyID.ptr, req->authKeyID.len, ':'
, buf, BUF_LEN);
- whack_log(RC_COMMENT, " authkey: %s", buf);
+ whack_log(RC_COMMENT, " authkey: %s", buf);
}
list_distribution_points(req->distributionPoints);
req = req->next;
struct fetch_req {
fetch_req_t *next;
- time_t installed;
int trials;
chunk_t issuer;
chunk_t authKeyID;
BUILD_END);
if (cert.cert)
{
- time(&cert.installed);
if (verify_x509cert(&cert, strict_crl_policy, &valid_until))
{
DBG(DBG_PARSING,
{
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of Public Keys:");
- whack_log(RC_COMMENT, " ");
}
while (p != NULL)
chunk_t keyid;
char buf[BUF_LEN];
+ whack_log(RC_COMMENT, " ");
idtoa(&key->id, buf, BUF_LEN);
- whack_log(RC_COMMENT,"%T, '%s'", &key->installed_time, utc, buf);
- whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s",
+ whack_log(RC_COMMENT, " owner: '%s'", buf);
+ whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s",
key_type_names, public->get_type(public),
public->get_keysize(public) * BITS_PER_BYTE,
&key->until_time, utc,
check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid))
{
- whack_log(RC_COMMENT," keyid: %#B", &keyid);
+ whack_log(RC_COMMENT," keyid: %#B", &keyid);
}
if (key->issuer.len > 0)
{
dntoa(buf, BUF_LEN, key->issuer);
- whack_log(RC_COMMENT," issuer: '%s'", buf);
+ whack_log(RC_COMMENT," issuer: \"%s\"", buf);
}
if (key->serial.len > 0)
{
datatot(key->serial.ptr, key->serial.len, ':'
, buf, BUF_LEN);
- whack_log(RC_COMMENT," serial: %s", buf);
+ whack_log(RC_COMMENT," serial: %s", buf);
}
p = p->next;
}
chunk_t serialNumber = x509->get_serial(x509);
cert_status_t status;
ocsp_location_t location;
- time_t nextUpdate;
+ time_t nextUpdate = UNDEFINED_TIME;
*revocationDate = UNDEFINED_TIME;
*revocationReason = CRL_REASON_UNSPECIFIED;
first = FALSE;
}
whack_log(RC_COMMENT, " ");
- if (location->issuer.ptr != NULL)
+ if (location->issuer.ptr)
{
dntoa(buf, BUF_LEN, location->issuer);
- whack_log(RC_COMMENT, " issuer: '%s'", buf);
+ whack_log(RC_COMMENT, " issuer: \"%s\"", buf);
}
- whack_log(RC_COMMENT, " uri: '%s'", location->uri);
- if (location->authNameID.ptr != NULL)
+ whack_log(RC_COMMENT, " uri: '%s'", location->uri);
+ if (location->authNameID.ptr)
{
datatot(location->authNameID.ptr, location->authNameID.len, ':'
, buf, BUF_LEN);
- whack_log(RC_COMMENT, " authname: %s", buf);
+ whack_log(RC_COMMENT, " authname: %s", buf);
}
- if (location->authKeyID.ptr != NULL)
+ if (location->authKeyID.ptr)
{
datatot(location->authKeyID.ptr, location->authKeyID.len, ':'
, buf, BUF_LEN);
- whack_log(RC_COMMENT, " authkey: %s", buf);
+ whack_log(RC_COMMENT, " authkey: %s", buf);
}
- while (certinfo != NULL)
+ while (certinfo)
{
- char thisUpdate[BUF_LEN];
-
- snprintf(thisUpdate, BUF_LEN, "%T", &certinfo->thisUpdate, utc);
-
if (requests)
{
- whack_log(RC_COMMENT, "%s, trials: %d", thisUpdate
- , certinfo->trials);
+ whack_log(RC_COMMENT, " serial: %#B, %d trials",
+ &certinfo->serialNumber, certinfo->trials);
}
else if (certinfo->once)
{
- whack_log(RC_COMMENT, "%s, onetime use%s", thisUpdate
- , (certinfo->nextUpdate < time(NULL))? " (expired)": "");
+ whack_log(RC_COMMENT, " serial: %#B, %s, once%s",
+ &certinfo->serialNumber,
+ cert_status_names[certinfo->status],
+ (certinfo->nextUpdate < time(NULL))? " (expired)": "");
}
else
{
- whack_log(RC_COMMENT, "%s, until %T %s", thisUpdate
- , &certinfo->nextUpdate, utc
- , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
+ whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s",
+ &certinfo->serialNumber,
+ cert_status_names[certinfo->status],
+ &certinfo->nextUpdate, utc,
+ check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
}
- datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':'
- , buf, BUF_LEN);
- whack_log(RC_COMMENT, " serial: %s, %s", buf
- , cert_status_names[certinfo->status]);
certinfo = certinfo->next;
}
}
free_x509cert(cert);
break;
}
- time(&cert->installed);
x509 = (x509_t*)cert->cert;
if ((x509->get_flags(x509) & X509_OCSP_SIGNER) &&
const pgpcert_t pgpcert_empty = {
NULL , /* next */
0 , /* version */
- 0 , /* installed */
0 , /* count */
{ NULL, 0 }, /* certificate */
0 , /* created */
/* parse a PGP certificate file */
cert->certificate = blob;
- time(&cert->installed);
while (blob.len > 0)
{
if (cert != NULL)
{
whack_log(RC_COMMENT, " ");
- whack_log(RC_COMMENT, "List of PGP End certificates:");
- whack_log(RC_COMMENT, " ");
+ whack_log(RC_COMMENT, "List of PGP End Entity Certificates:");
}
while (cert != NULL)
c.type = CERT_PGP;
c.u.pgp = cert;
- whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc, cert->count);
- whack_log(RC_COMMENT, " digest: %Y", cert->fingerprint);
- whack_log(RC_COMMENT, " created: %T", &cert->created, utc);
- whack_log(RC_COMMENT, " until: %T %s", &cert->until, utc,
+ whack_log(RC_COMMENT, " ");
+ whack_log(RC_COMMENT, " digest: %Y", cert->fingerprint);
+ whack_log(RC_COMMENT, " created: %T", &cert->created, utc);
+ whack_log(RC_COMMENT, " until: %T %s", &cert->until, utc,
check_expiry(cert->until, CA_CERT_WARNING_INTERVAL, TRUE));
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
has_private_key(c)? ", has private key" : "");
if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid))
{
- whack_log(RC_COMMENT, " keyid: %#B", &keyid);
+ whack_log(RC_COMMENT, " keyid: %#B", &keyid);
}
cert = cert->next;
}
struct pgpcert {
pgpcert_t *next;
int version;
- time_t installed;
int count;
chunk_t certificate;
time_t created;
BUILD_END);
if (newcert->cert)
{
- time(&newcert->installed);
newcert->next = *cert;
*cert = newcert;
}
const x509cert_t empty_x509cert = {
NULL , /* cert */
NULL , /* *next */
- UNDEFINED_TIME, /* installed */
0 , /* count */
FALSE /* smartcard */
};
{
whack_log(RC_COMMENT, " ");
whack_log(RC_COMMENT, "List of X.509 %s Certificates:", caption);
- whack_log(RC_COMMENT, " ");
first = FALSE;
}
-
- whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc,
- cert->count);
- whack_log(RC_COMMENT, " subject: '%Y'",
+ whack_log(RC_COMMENT, " ");
+ whack_log(RC_COMMENT, " subject: \"%Y\"",
certificate->get_subject(certificate));
- whack_log(RC_COMMENT, " issuer: '%Y'",
+ whack_log(RC_COMMENT, " issuer: \"%Y\"",
certificate->get_issuer(certificate));
serial = x509->get_serial(x509);
- whack_log(RC_COMMENT, " serial: %#B", &serial);
+ whack_log(RC_COMMENT, " serial: %#B", &serial);
/* list validity */
certificate->get_validity(certificate, &now, ¬Before, ¬After);
- whack_log(RC_COMMENT, " validity: not before %T %s",
+ whack_log(RC_COMMENT, " validity: not before %T %s",
¬Before, utc,
(notBefore < now)?"ok":"fatal (not valid yet)");
- whack_log(RC_COMMENT, " not after %T %s",
+ whack_log(RC_COMMENT, " not after %T %s",
¬After, utc,
check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
key = certificate->get_public_key(certificate);
if (key);
{
- whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
+ whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
key->get_keysize(key) * BITS_PER_BYTE,
cert->smartcard ? ", on smartcard" :
if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid))
{
- whack_log(RC_COMMENT, " keyid: %#B", &keyid);
+ whack_log(RC_COMMENT, " keyid: %#B", &keyid);
}
if (key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &subjkey))
{
- whack_log(RC_COMMENT, " subjkey: %#B", &subjkey);
+ whack_log(RC_COMMENT, " subjkey: %#B", &subjkey);
}
key->destroy(key);
}
authkey = x509->get_authKeyIdentifier(x509);
if (authkey.ptr)
{
- whack_log(RC_COMMENT, " authkey: %#B", &authkey);
+ whack_log(RC_COMMENT, " authkey: %#B", &authkey);
}
}
cert = cert->next;
*/
void list_x509_end_certs(bool utc)
{
- list_x509cert_chain("End", x509certs, X509_NONE, utc);
+ list_x509cert_chain("End Entity", x509certs, X509_NONE, utc);
}
struct x509cert {
certificate_t *cert;
x509cert_t *next;
- time_t installed;
int count;
bool smartcard;
};
projects / thirdparty / strongswan.git / commitdiff
