From ef2c61bc9279a3f7880df67d6af12b785c94694a Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 6 Feb 2015 12:34:30 +0100
Subject: [PATCH] mem-cred: Add a method to unify certificate references,
 without adding it

In contrast to add_cert_ref(), get_cert_ref() does not add the certificate to
the set, but only finds a reference to the same certificate, if found.
---
 src/libstrongswan/credentials/sets/mem_cred.c | 19 +++++++++++++++++++
 src/libstrongswan/credentials/sets/mem_cred.h | 12 ++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index d8f568d36d..7ad011b5e6 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -192,6 +192,24 @@ METHOD(mem_cred_t, add_cert_ref, certificate_t*,
 	return add_cert_internal(this, trusted, cert);
 }
 
+METHOD(mem_cred_t, get_cert_ref, certificate_t*,
+	private_mem_cred_t *this, certificate_t *cert)
+{
+	certificate_t *cached;
+
+	this->lock->write_lock(this->lock);
+	if (this->untrusted->find_first(this->untrusted,
+									(linked_list_match_t)certificate_equals,
+									(void**)&cached, cert) == SUCCESS)
+	{
+		cert->destroy(cert);
+		cert = cached->get_ref(cached);
+	}
+	this->lock->unlock(this->lock);
+
+	return cert;
+}
+
 METHOD(mem_cred_t, add_crl, bool,
 	private_mem_cred_t *this, crl_t *crl)
 {
@@ -736,6 +754,7 @@ mem_cred_t *mem_cred_create()
 			},
 			.add_cert = _add_cert,
 			.add_cert_ref = _add_cert_ref,
+			.get_cert_ref = _get_cert_ref,
 			.add_crl = _add_crl,
 			.add_key = _add_key,
 			.add_shared = _add_shared,
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
index d0dd51da12..3ce815abce 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -58,6 +58,18 @@ struct mem_cred_t {
 	certificate_t *(*add_cert_ref)(mem_cred_t *this, bool trusted,
 								   certificate_t *cert);
 
+	/**
+	 * Get an existing reference to the same certificate.
+	 *
+	 * Searches for the same certficate in the set, and returns a reference
+	 * to it, destroying the passed certificate. If the passed certificate
+	 * is not found, it is just returned.
+	 *
+	 * @param cert			certificate to look up
+	 * @return				the same certificate, potentially different instance
+	 */
+	certificate_t* (*get_cert_ref)(mem_cred_t *this, certificate_t *cert);
+
 	/**
 	 * Add an X.509 CRL to the credential set.
 	 *
-- 
2.47.2