summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/x509
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
commit41787e147279ff0695e9d759487266a60b80867b (patch)
tree8f28566c8fd7106c80d2536d2df540dbb4499cc5 /src/libstrongswan/plugins/x509
parentc3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff)
downloadvyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz
vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'src/libstrongswan/plugins/x509')
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/x509/ietf_attr_list.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c33
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c122
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c34
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c3
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c38
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c2
10 files changed, 80 insertions, 175 deletions
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 028bbd41a..0c62ad3b3 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -230,8 +239,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -331,7 +340,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h
index 983c67d14..5807a899e 100644
--- a/src/libstrongswan/plugins/x509/ietf_attr_list.h
+++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 2168f9bc7..638f96b44 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "x509_ac.h"
@@ -32,6 +30,7 @@
#include <utils/identification.h>
#include <utils/linked_list.h>
#include <credentials/certificates/x509.h>
+#include <credentials/keys/private_key.h>
extern identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob,
int level0, chunk_t *authKeySerialNumber);
@@ -780,31 +779,11 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
return FALSE;
}
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h
index 5df9c5f8a..958d5c57a 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.h
+++ b/src/libstrongswan/plugins/x509/x509_ac.h
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 4c6b45394..6fe1809c2 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -16,8 +16,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_cert.c 4936 2009-03-12 18:07:32Z tobias $
*/
#define _GNU_SOURCE
@@ -37,6 +35,7 @@
#include <asn1/asn1_parser.h>
#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
+#include <credentials/keys/private_key.h>
#include <utils/linked_list.h>
#include <utils/identification.h>
@@ -353,7 +352,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
if (id_type != ID_ANY)
{
gn = identification_create_from_encoding(id_type, object);
- DBG2(" '%D'", gn);
+ DBG2(" '%Y'", gn);
goto end;
}
}
@@ -510,9 +509,9 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
/* parsing went wrong - abort */
goto end;
}
- DBG2(" '%D'", id);
+ DBG2(" '%Y'", id);
if (accessMethod == OID_OCSP &&
- asprintf(&uri, "%D", id) > 0)
+ asprintf(&uri, "%Y", id) > 0)
{
this->ocsp_uris->insert_last(this->ocsp_uris, uri);
}
@@ -619,7 +618,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0,
{
char *uri;
- if (asprintf(&uri, "%D", id) > 0)
+ if (asprintf(&uri, "%Y", id) > 0)
{
this->crl_uris->insert_last(this->crl_uris, uri);
}
@@ -714,7 +713,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->issuer);
+ DBG2(" '%Y'", this->issuer);
break;
case X509_OBJ_NOT_BEFORE:
this->notBefore = asn1_parse_time(object, level);
@@ -724,14 +723,13 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->subject);
+ DBG2(" '%Y'", this->subject);
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
if (this->public_key == NULL)
{
- DBG1("could not create public key");
goto end;
}
break;
@@ -911,32 +909,14 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer)
{
return FALSE;
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
+
+ /* get the public key of the issuer */
key = issuer->get_public_key(issuer);
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
@@ -1124,19 +1104,19 @@ static private_x509_cert_t* create_empty(void)
{
private_x509_cert_t *this = malloc_thing(private_x509_cert_t);
- this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
- this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
- this->public.interface.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
- this->public.interface.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
- this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
+ this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
+ this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
+ this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer;
+ this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
+ this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer;
+ this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
+ this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
+ this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
+ this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
+ this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
+ this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
+ this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
+ this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags;
this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial;
this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier;
@@ -1178,6 +1158,7 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
private_x509_cert_t *this = create_empty();
this->encoding = chunk;
+ this->parsed = TRUE;
if (!parse_certificate(this))
{
destroy(this);
@@ -1191,17 +1172,15 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher != NULL)
- {
- hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
- hasher->destroy(hasher);
- }
- else
+ if (hasher == NULL)
{
- DBG1(" unable to create hash of certificate, SHA1 not supported");
+ DBG1(" unable to create hash of certificate, SHA1 not supported");
+ destroy(this);
+ return NULL;
}
+ hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
+ hasher->destroy(hasher);
- this->parsed = TRUE;
return this;
}
@@ -1316,7 +1295,7 @@ static bool generate(private_builder_t *this)
this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm",
asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
- asn1_simple_object(ASN1_INTEGER, this->cert->serialNumber),
+ asn1_integer("c", this->cert->serialNumber),
asn1_algorithmIdentifier(this->cert->algorithm),
issuer->get_encoding(issuer),
asn1_wrap(ASN1_SEQUENCE, "mm",
@@ -1352,33 +1331,22 @@ static bool generate(private_builder_t *this)
static private_x509_cert_t *build(private_builder_t *this)
{
private_x509_cert_t *cert;
- x509_flag_t flags;
- if (this->cert && !this->cert->encoding.ptr)
+ if (this->cert)
{
- if (!this->sign_key || !this->cert ||
- !generate(this))
- {
- destroy(this->cert);
- free(this);
- return NULL;
+ this->cert->flags |= this->flags;
+ if (!this->cert->encoding.ptr)
+ { /* generate a new certificate */
+ if (!this->sign_key || !generate(this))
+ {
+ destroy(this->cert);
+ free(this);
+ return NULL;
+ }
}
}
cert = this->cert;
- flags = this->flags;
free(this);
- if (cert == NULL)
- {
- return NULL;
- }
-
- if ((flags & X509_CA) && !(cert->flags & X509_CA))
- {
- DBG1(" ca certificate must have ca basic constraint set, discarded");
- destroy(cert);
- return NULL;
- }
- cert->flags |= flags;
return cert;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h
index 8dbd8050a..5ebe1567d 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.h
+++ b/src/libstrongswan/plugins/x509/x509_cert.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_cert.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index fd14dfebd..f502668cb 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_crl.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "x509_crl.h"
@@ -226,7 +224,7 @@ static bool parse(private_x509_crl_t *this)
break;
case CRL_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->issuer);
+ DBG2(" '%Y'", this->issuer);
break;
case CRL_OBJ_THIS_UPDATE:
this->thisUpdate = asn1_parse_time(object, level);
@@ -436,31 +434,11 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer)
return FALSE;
}
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index 7b97b990d..4020d8d95 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_ocsp_request.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "x509_ocsp_request.h"
@@ -26,6 +24,7 @@
#include <utils/linked_list.h>
#include <debug.h>
#include <credentials/certificates/x509.h>
+#include <credentials/keys/private_key.h>
#define NONCE_LEN 16
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 6bb59d8e6..1b3187258 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_ocsp_response.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "x509_ocsp_response.h"
@@ -523,12 +521,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
case BASIC_RESPONSE_ID_BY_NAME:
this->responderId = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->responderId);
+ DBG2(" '%Y'", this->responderId);
break;
case BASIC_RESPONSE_ID_BY_KEY:
this->responderId = identification_create_from_encoding(
ID_PUBKEY_INFO_SHA1, object);
- DBG2(" '%D'", this->responderId);
+ DBG2(" '%Y'", this->responderId);
break;
case BASIC_RESPONSE_PRODUCED_AT:
this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -726,32 +724,14 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
{
return FALSE;
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->signatureAlgorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
+
+ /* get the public key of the issuer */
key = issuer->get_public_key(issuer);
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->signatureAlgorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 42768487d..9ed7f95bd 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_plugin.c 3640 2008-03-21 10:52:11Z andreas $
*/
#include "x509_plugin.h"