[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)

1 files changed, 9 insertions, 108 deletions

diff --git a/src/pluto/x509.h b/src/pluto/x509.h
index ab0fbac9e..e904618b3 100644
--- a/src/pluto/x509.h
+++ b/src/pluto/x509.h
@@ -18,122 +18,23 @@
 #ifndef _X509_H
 #define _X509_H
 
-#include <credentials/keys/public_key.h>
+#include <utils/identification.h>
+#include <utils/linked_list.h>
 #include <credentials/keys/private_key.h>
+#include <credentials/certificates/x509.h>
 
 #include "constants.h"
-#include "id.h"
+#include "certs.h"
 
-/* Definition of generalNames kinds */
-
-typedef enum {
-	GN_OTHER_NAME =             0,
-	GN_RFC822_NAME =            1,
-	GN_DNS_NAME =               2,
-	GN_X400_ADDRESS =           3,
-	GN_DIRECTORY_NAME =         4,
-	GN_EDI_PARTY_NAME =         5,
-	GN_URI =                    6,
-	GN_IP_ADDRESS =             7,
-	GN_REGISTERED_ID =          8
-} generalNames_t;
-
-/* access structure for a GeneralName */
-
-typedef struct generalName generalName_t;
-
-struct generalName {
-	generalName_t   *next;
-	generalNames_t  kind;
-	chunk_t         name;
-};
-
-/* access structure for an X.509v3 certificate */
-
-typedef struct x509cert x509cert_t;
-
-struct x509cert {
-	x509cert_t     *next;
-	time_t         installed;
-	int            count;
-	bool           smartcard;
-	u_char         authority_flags;
-	chunk_t        certificate;
-	chunk_t          tbsCertificate;
-	u_int              version;
-	chunk_t            serialNumber;
-				  /*   signature */
-	int                  sigAlg;
-  	chunk_t            issuer;
-				  /*   validity */
-	time_t               notBefore;
-	time_t               notAfter;
-	chunk_t            subject;
-	public_key_t       *public_key;  
-				  /*   issuerUniqueID */
-				  /*   subjectUniqueID */
-				  /*   v3 extensions */
-				  /*   extension */
-				  /*     extension */
-				  /*       extnID */
-				  /*       critical */
-				  /*       extnValue */
-	bool                     isCA;
-	bool                     isOcspSigner; /* ocsp */
-	chunk_t                  subjectKeyID;
-	chunk_t                  authKeyID;
-	chunk_t                  authKeySerialNumber;
-	chunk_t                  accessLocation; /* ocsp */
-	generalName_t            *subjectAltName;
-	generalName_t            *crlDistributionPoints;
-				  /* signatureAlgorithm */
-	int                algorithm;
-	chunk_t          signature;
-};
-
-/* used for initialization */
-extern const x509cert_t empty_x509cert;
-
-extern bool same_serial(chunk_t a, chunk_t b);
 extern bool same_keyid(chunk_t a, chunk_t b);
-extern bool same_dn(chunk_t a, chunk_t b);
-extern bool match_dn(chunk_t a, chunk_t b, int *wildcards);
-extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b);
-extern void hex_str(chunk_t bin, chunk_t *str);
-extern int dn_count_wildcards(chunk_t dn);
-extern int dntoa(char *dst, size_t dstlen, chunk_t dn);
-extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn,
-						 const char* null_dn);
-extern err_t atodn(char *src, chunk_t *dn);
-extern void gntoid(struct id *id, const generalName_t *gn);
-extern bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID);
-extern void select_x509cert_id(x509cert_t *cert, struct id *end_id);
-extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert);
-extern time_t parse_time(chunk_t blob, int level0);
-extern void parse_authorityKeyIdentifier(chunk_t blob, int level0
-	, chunk_t *authKeyID, chunk_t *authKeySerialNumber);
-extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit);
-extern err_t check_validity(const x509cert_t *cert, time_t *until);
-
 extern bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm,
-								 const x509cert_t *issuer_cert);
+								 certificate_t *issuer_cert);
 extern chunk_t x509_build_signature(chunk_t tbs, int algorithm,
 									private_key_t *key, bool bit_string);
-
-extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until);
-extern x509cert_t* add_x509cert(x509cert_t *cert);
-extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid,
-								x509cert_t* chain);
-extern void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
-						   private_key_t *signer_key);
-extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames);
-extern void share_x509cert(x509cert_t *cert);
-extern void release_x509cert(x509cert_t *cert);
-extern void free_x509cert(x509cert_t *cert);
-extern void store_x509certs(x509cert_t **firstcert, bool strict);
-extern void list_x509cert_chain(const char *caption, x509cert_t* cert,
-								u_char auth_flags, bool utc);
+extern bool verify_x509cert(cert_t *cert, bool strict, time_t *until);
+extern void store_x509certs(linked_list_t *certs, bool strict);
+extern void list_x509cert_chain(const char *caption, cert_t* cert,
+								x509_flag_t flags, bool utc);
 extern void list_x509_end_certs(bool utc);
-extern void free_generalNames(generalName_t* gn, bool free_name);
 
 #endif /* _X509_H */