From: Andreas Steffen Date: Thu, 15 Jun 2023 13:42:42 +0000 (+0200) Subject: certificates: Added ocsp_single_response object X-Git-Tag: 5.9.12rc1~3^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa0fe149d6cb5c4e4338e2017d3982dc858ed914;p=thirdparty%2Fstrongswan.git certificates: Added ocsp_single_response object --- diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 12f26f3465..3ce05d9319 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -25,6 +25,7 @@ credentials/keys/public_key.c credentials/keys/shared_key.c \ credentials/keys/signature_params.c \ credentials/certificates/certificate.c credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c credentials/certificates/x509.c \ +credentials/certificates/ocsp_single_response.c \ credentials/certificates/certificate_printer.c \ credentials/containers/container.c credentials/containers/pkcs12.c \ credentials/credential_manager.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index d1ffd157eb..cc00d43f75 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -23,6 +23,7 @@ credentials/keys/public_key.c credentials/keys/shared_key.c \ credentials/keys/signature_params.c \ credentials/certificates/certificate.c credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c credentials/certificates/x509.c \ +credentials/certificates/ocsp_single_response.c \ credentials/certificates/certificate_printer.c \ credentials/containers/container.c credentials/containers/pkcs12.c \ credentials/credential_manager.c \ @@ -91,6 +92,7 @@ credentials/keys/signature_params.h \ credentials/certificates/certificate.h credentials/certificates/x509.h \ credentials/certificates/ac.h credentials/certificates/crl.h \ credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \ +credentials/certificates/ocsp_single_response.h \ credentials/certificates/ocsp_response.h \ credentials/certificates/ocsp_responder.h \ credentials/certificates/pgp_certificate.h \ diff --git a/src/libstrongswan/credentials/certificates/ocsp_single_response.c b/src/libstrongswan/credentials/certificates/ocsp_single_response.c new file mode 100644 index 0000000000..db639008af --- /dev/null +++ b/src/libstrongswan/credentials/certificates/ocsp_single_response.c @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2023 Andreas Steffen, strongSec GmbH + * + * Copyright (C) secunet Security Networks AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ocsp_single_response.h" + +typedef struct private_ocsp_single_response_t private_ocsp_single_response_t; + +/** + * Private data of an ocsp_single_response object. + */ +struct private_ocsp_single_response_t { + + /** + * Public interface for this ocsp_single_response object. + */ + ocsp_single_response_t public; + + /** + * reference counter + */ + refcount_t ref; +}; + +METHOD(ocsp_single_response_t, get_ref, ocsp_single_response_t*, + private_ocsp_single_response_t *this) +{ + ref_get(&this->ref); + return &this->public; +} + +METHOD(ocsp_single_response_t, destroy, void, + private_ocsp_single_response_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->public.issuerNameHash.ptr); + free(this->public.issuerKeyHash.ptr); + free(this->public.serialNumber.ptr); + free(this); + } +} + +/** + * See header. + */ +ocsp_single_response_t *ocsp_single_response_create() +{ + private_ocsp_single_response_t *this; + + INIT(this, + .public = { + .hashAlgorithm = HASH_UNKNOWN, + .status = VALIDATION_FAILED, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libstrongswan/credentials/certificates/ocsp_single_response.h b/src/libstrongswan/credentials/certificates/ocsp_single_response.h new file mode 100644 index 0000000000..5ade5f4e2d --- /dev/null +++ b/src/libstrongswan/credentials/certificates/ocsp_single_response.h @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2023 Andreas Steffen, strongSec GmbH + * + * Copyright (C) secunet Security Networks AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ocsp_single_response ocsp_single_response + * @{ @ingroup certificates + */ + +#ifndef OCSP_SINGLE_RESPONSE_H_ +#define OCSP_SINGLE_RESPONSE_H_ + +#include +#include + +typedef struct ocsp_single_response_t ocsp_single_response_t; + +/** + * Single response contained in OCSP response + */ +struct ocsp_single_response_t { + + /** + * Hash algorithm for the two hashes + */ + int hashAlgorithm; + + /** + * hash of issuer DN + */ + chunk_t issuerNameHash; + + /** + * issuerKeyID + */ + chunk_t issuerKeyHash; + + /** + * Serial number of certificate + */ + chunk_t serialNumber; + + /** + * OCSP certificate status + */ + cert_validation_t status; + + /** + * Time of revocation, if revoked + */ + time_t revocationTime; + + /** + * Revocation reason, if revoked + */ + crl_reason_t revocationReason; + + /** + * Creation of the OCSP single response + */ + time_t thisUpdate; + + /** + * Creation of next OCSP single response + */ + time_t nextUpdate; + + /** + * Get a new reference to the ocsp_single_response object. + * + * @return this, with an increased refcount + */ + ocsp_single_response_t* (*get_ref)(ocsp_single_response_t *this); + + /** + * Destroy an ocsp_single_response_t object. + */ + void (*destroy)(ocsp_single_response_t *this); +}; + +/** + * Create an ocsp_single_response_t object + * + * @return ocsp_single_response_t object + */ +ocsp_single_response_t *ocsp_single_response_create(void); + +#endif /** OCSP_SINGLE_RESPONSE_H_ @}*/