diff options
Diffstat (limited to 'src/charon/credentials/sets')
| -rw-r--r-- | src/charon/credentials/sets/auth_info_wrapper.c | 215 | ||||
| -rw-r--r-- | src/charon/credentials/sets/auth_info_wrapper.h | 55 | ||||
| -rw-r--r-- | src/charon/credentials/sets/cert_cache.c | 332 | ||||
| -rw-r--r-- | src/charon/credentials/sets/cert_cache.h | 73 | ||||
| -rw-r--r-- | src/charon/credentials/sets/ocsp_response_wrapper.c | 149 | ||||
| -rw-r--r-- | src/charon/credentials/sets/ocsp_response_wrapper.h | 55 |
6 files changed, 879 insertions, 0 deletions
diff --git a/src/charon/credentials/sets/auth_info_wrapper.c b/src/charon/credentials/sets/auth_info_wrapper.c new file mode 100644 index 000000000..32783ff93 --- /dev/null +++ b/src/charon/credentials/sets/auth_info_wrapper.c @@ -0,0 +1,215 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include <daemon.h> + +#include "auth_info_wrapper.h" + +typedef struct private_auth_info_wrapper_t private_auth_info_wrapper_t; + +/** + * private data of auth_info_wrapper + */ +struct private_auth_info_wrapper_t { + + /** + * public functions + */ + auth_info_wrapper_t public; + + /** + * wrapped auth info + */ + auth_info_t *auth; +}; + +/** + * enumerator for auth_info_wrapper_t.create_cert_enumerator() + */ +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** inner enumerator from auth_info */ + enumerator_t *inner; + /** wrapped auth info */ + auth_info_t *auth; + /** enumerated cert type */ + certificate_type_t cert; + /** enumerated key type */ + key_type_t key; + /** enumerated id */ + identification_t *id; +} wrapper_enumerator_t; + +/** + * Tries to fetch a certificate that was supplied as "Hash and URL" (replaces the + * item's type and value in place). + */ +static bool fetch_cert(wrapper_enumerator_t *enumerator, auth_item_t *type, void **value) +{ + char *url = (char*)*value; + if (!url) + { + /* fetching the certificate previously failed */ + return FALSE; + } + + chunk_t data; + certificate_t *cert; + + DBG1(DBG_CFG, " fetching certificate from '%s' ...", url); + if (lib->fetcher->fetch(lib->fetcher, url, &data) != SUCCESS) + { + DBG1(DBG_CFG, " fetching certificate failed"); + /* we set the item to NULL, so we can skip it */ + enumerator->auth->replace_item(enumerator->inner, *type, NULL); + return FALSE; + } + + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, data, BUILD_END); + + if (!cert) + { + DBG1(DBG_CFG, " parsing fetched certificate failed"); + /* we set the item to NULL, so we can skip it */ + enumerator->auth->replace_item(enumerator->inner, *type, NULL); + return FALSE; + } + + DBG1(DBG_CFG, " fetched certificate \"%D\"", cert->get_subject(cert)); + charon->credentials->cache_cert(charon->credentials, cert); + + *type = (*type == AUTHN_IM_HASH_URL) ? AUTHN_IM_CERT : AUTHN_SUBJECT_CERT; + *value = cert; + enumerator->auth->replace_item(enumerator->inner, *type, cert); + + return TRUE; +} + +/** + * enumerate function for wrapper_enumerator_t + */ +static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) +{ + auth_item_t type; + certificate_t *current; + public_key_t *public; + + while (this->inner->enumerate(this->inner, &type, ¤t)) + { + if (type == AUTHN_IM_HASH_URL || + type == AUTHN_SUBJECT_HASH_URL) + { + if (!fetch_cert(this, &type, (void**)¤t)) + { + continue; + } + } + else if (type != AUTHN_SUBJECT_CERT && + type != AUTHN_IM_CERT) + { + continue; + } + + if (this->cert != CERT_ANY && this->cert != current->get_type(current)) + { /* CERT type requested, but does not match */ + continue; + } + public = current->get_public_key(current); + if (this->key != KEY_ANY && !public) + { /* key type requested, but no public key */ + DESTROY_IF(public); + continue; + } + if (this->key != KEY_ANY && public && this->key != public->get_type(public)) + { /* key type requested, but public key has another type */ + DESTROY_IF(public); + continue; + } + DESTROY_IF(public); + if (this->id && !current->has_subject(current, this->id)) + { /* subject requested, but does not match */ + continue; + } + *cert = current; + return TRUE; + } + return FALSE; +} + +/** + * destroy function for wrapper_enumerator_t + */ +static void wrapper_enumerator_destroy(wrapper_enumerator_t *this) +{ + this->inner->destroy(this->inner); + free(this); +} + +/** + * implementation of auth_info_wrapper_t.set.create_cert_enumerator + */ +static enumerator_t *create_enumerator(private_auth_info_wrapper_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + wrapper_enumerator_t *enumerator; + + if (trusted) + { + return NULL; + } + enumerator = malloc_thing(wrapper_enumerator_t); + enumerator->auth = this->auth; + enumerator->cert = cert; + enumerator->key = key; + enumerator->id = id; + enumerator->inner = this->auth->create_item_enumerator(this->auth); + enumerator->public.enumerate = (void*)enumerate; + enumerator->public.destroy = (void*)wrapper_enumerator_destroy; + return &enumerator->public; +} + +/** + * Implementation of auth_info_wrapper_t.destroy + */ +static void destroy(private_auth_info_wrapper_t *this) +{ + free(this); +} + +/* + * see header file + */ +auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth) +{ + private_auth_info_wrapper_t *this = malloc_thing(private_auth_info_wrapper_t); + + this->public.set.create_private_enumerator = (void*)return_null; + this->public.set.create_cert_enumerator = (void*)create_enumerator; + this->public.set.create_shared_enumerator = (void*)return_null; + this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)nop; + this->public.destroy = (void(*)(auth_info_wrapper_t*))destroy; + + this->auth = auth; + + return &this->public; +} + diff --git a/src/charon/credentials/sets/auth_info_wrapper.h b/src/charon/credentials/sets/auth_info_wrapper.h new file mode 100644 index 000000000..c382e9870 --- /dev/null +++ b/src/charon/credentials/sets/auth_info_wrapper.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup auth_info_wrapper auth_info_wrapper + * @{ @ingroup sets + */ + +#ifndef AUTH_INFO_WRAPPER_H_ +#define AUTH_INFO_WRAPPER_H_ + +#include <credentials/credential_set.h> +#include <credentials/auth_info.h> + +typedef struct auth_info_wrapper_t auth_info_wrapper_t; + +/** + * A wrapper around auth_info_t to handle it like a credential set. + */ +struct auth_info_wrapper_t { + + /** + * implements credential_set_t + */ + credential_set_t set; + + /** + * Destroy a auth_info_wrapper instance. + */ + void (*destroy)(auth_info_wrapper_t *this); +}; + +/** + * Create a auth_info_wrapper instance. + * + * @param auth the wrapped auth info + * @return wrapper around auth + */ +auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth); + +#endif /* AUTH_INFO_WRAPPER_H_ @}*/ diff --git a/src/charon/credentials/sets/cert_cache.c b/src/charon/credentials/sets/cert_cache.c new file mode 100644 index 000000000..8af8bb619 --- /dev/null +++ b/src/charon/credentials/sets/cert_cache.c @@ -0,0 +1,332 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "cert_cache.h" + +#include <daemon.h> +#include <utils/linked_list.h> +#include <utils/mutex.h> + +#define CACHE_SIZE 30 + +typedef struct private_cert_cache_t private_cert_cache_t; +typedef struct relation_t relation_t; + +/** + * private data of cert_cache + */ +struct private_cert_cache_t { + + /** + * public functions + */ + cert_cache_t public; + + /** + * list of trusted subject-issuer relations, as relation_t + */ + linked_list_t *relations; + + /** + * do we have an active enumerator + */ + bool enumerating; + + /** + * have we increased the cache without a check_cache? + */ + bool check_required; + + /** + * mutex to lock relations list + */ + mutex_t *mutex; +}; + +/** + * A trusted relation between subject and issuer + */ +struct relation_t { + /** subject of this relation */ + certificate_t *subject; + /** issuer of this relation */ + certificate_t *issuer; + /** time of last use */ + time_t last_use; +}; + +/** + * destroy a relation_t structure + */ +static void relation_destroy(relation_t *this) +{ + this->subject->destroy(this->subject); + this->issuer->destroy(this->issuer); + free(this); +} + +/** + * check the cache for oversize + */ +static void check_cache(private_cert_cache_t *this) +{ + if (this->enumerating) + { + this->check_required = TRUE; + } + else + { + while (this->relations->get_count(this->relations) > CACHE_SIZE) + { + relation_t *oldest = NULL, *current; + enumerator_t *enumerator; + + enumerator = this->relations->create_enumerator(this->relations); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (oldest == NULL || oldest->last_use <= current->last_use) + { + oldest = current; + } + } + enumerator->destroy(enumerator); + this->relations->remove(this->relations, oldest, NULL); + relation_destroy(oldest); + } + this->check_required = FALSE; + } +} + +/** + * Implementation of cert_cache_t.issued_by. + */ +static bool issued_by(private_cert_cache_t *this, + certificate_t *subject, certificate_t *issuer) +{ + relation_t *found = NULL, *current; + enumerator_t *enumerator; + + /* lookup cache */ + this->mutex->lock(this->mutex); + enumerator = this->relations->create_enumerator(this->relations); + while (enumerator->enumerate(enumerator, ¤t)) + { + bool match = FALSE; + + /* check for equal certificates */ + if (subject->equals(subject, current->subject)) + { + match = TRUE; + subject = current->subject; + } + if (issuer->equals(issuer, current->issuer)) + { + issuer = current->issuer; + /* if both certs match, we already have a relation */ + if (match) + { + current->last_use = time(NULL); + found = current; + break; + } + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); + if (found) + { + return TRUE; + } + /* no cache hit, check signature */ + if (!subject->issued_by(subject, issuer)) + { + return FALSE; + } + /* cache if good, respect cache limit */ + found = malloc_thing(relation_t); + found->subject = subject->get_ref(subject); + found->issuer = issuer->get_ref(issuer); + found->last_use = time(NULL); + this->mutex->lock(this->mutex); + this->relations->insert_last(this->relations, found); + check_cache(this); + this->mutex->unlock(this->mutex); + return TRUE; +} + +/** + * data associated to a cert enumeration + */ +typedef struct { + /** type of requested certificate */ + certificate_type_t cert; + /** type of requested key */ + key_type_t key; + /** ID to get a cert from */ + identification_t *id; + /** reverse pointer to cache */ + private_cert_cache_t *this; +} cert_data_t; + +/** + * filter function for certs enumerator + */ +static bool certs_filter(cert_data_t *data, relation_t **in, certificate_t **out) +{ + public_key_t *public; + certificate_t *cert; + + cert = (*in)->subject; + if (data->key == KEY_ANY && data->id && + (data->cert == CERT_ANY || data->cert == CERT_X509_CRL) && + cert->get_type(cert) == CERT_X509_CRL) + { /* CRL lookup is done using issuer/authkeyidentifier */ + if (cert->has_issuer(cert, data->id)) + { + *out = cert; + return TRUE; + } + } + + if ((data->cert == CERT_ANY || cert->get_type(cert) == data->cert) && + (!data->id || cert->has_subject(cert, data->id))) + { + if (data->key == KEY_ANY) + { + *out = cert; + return TRUE; + } + public = cert->get_public_key(cert); + if (public) + { + if (public->get_type(public) == data->key) + { + public->destroy(public); + *out = cert; + return TRUE; + } + public->destroy(public); + } + } + return FALSE; +} + +/** + * clean up enumeration data + */ +static void certs_destroy(cert_data_t *data) +{ + data->this->enumerating--; + if (data->this->check_required) + { + check_cache(data->this); + } + data->this->mutex->unlock(data->this->mutex); + free(data); +} + +/** + * implementation of credential_set_t.create_cert_enumerator + */ +static enumerator_t *create_enumerator(private_cert_cache_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + cert_data_t *data; + + if (trusted) + { + return NULL; + } + data = malloc_thing(cert_data_t); + data->cert = cert; + data->key = key; + data->id = id; + data->this = this; + + this->mutex->lock(this->mutex); + this->enumerating++; + return enumerator_create_filter( + this->relations->create_enumerator(this->relations), + (void*)certs_filter, data, (void*)certs_destroy); +} + +/** + * Implementation of credential_set_t.cache_cert. + */ +static void cache_cert(private_cert_cache_t *this, certificate_t *cert) +{ + /* TODO: implement caching */ +} + +/** + * Implementation of cert_cache_t.flush. + */ +static void flush(private_cert_cache_t *this, certificate_type_t type) +{ + enumerator_t *enumerator; + relation_t *relation; + + this->mutex->lock(this->mutex); + enumerator = this->relations->create_enumerator(this->relations); + while (enumerator->enumerate(enumerator, &relation)) + { + if (type == CERT_ANY || + type == relation->subject->get_type(relation->subject)) + { + this->relations->remove_at(this->relations, enumerator); + relation_destroy(relation); + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of cert_cache_t.destroy + */ +static void destroy(private_cert_cache_t *this) +{ + this->relations->destroy_function(this->relations, (void*)relation_destroy); + this->mutex->destroy(this->mutex); + free(this); +} + +/* + * see header file + */ +cert_cache_t *cert_cache_create() +{ + private_cert_cache_t *this = malloc_thing(private_cert_cache_t); + + this->public.set.create_private_enumerator = (void*)return_null; + this->public.set.create_cert_enumerator = (void*)create_enumerator; + this->public.set.create_shared_enumerator = (void*)return_null; + this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)cache_cert; + this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; + this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; + this->public.destroy = (void(*)(cert_cache_t*))destroy; + + this->relations = linked_list_create(); + this->enumerating = FALSE; + this->check_required = FALSE; + this->mutex = mutex_create(MUTEX_RECURSIVE); + + return &this->public; +} + diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h new file mode 100644 index 000000000..281189d53 --- /dev/null +++ b/src/charon/credentials/sets/cert_cache.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup cert_cache cert_cache + * @{ @ingroup sets + */ + +#ifndef CERT_CACHE_H_ +#define CERT_CACHE_H_ + +#include <credentials/credential_set.h> + +typedef struct cert_cache_t cert_cache_t; + +/** + * Certificate signature verification and certificate cache. + * + * This cache serves all certificates seen in its issued_by method + * and serves them as untrusted through the credential set interface. Further, + * it caches valid subject-issuer relationships to speed up the issued_by + * method. + */ +struct cert_cache_t { + + /** + * Implements credential_set_t. + */ + credential_set_t set; + + /** + * Caching wrapper around certificate_t.issued_by. + * + * @param subject certificate to verify + * @param issuer issuing certificate to verify subject + * @return TRUE if subject issued by issuer + */ + bool (*issued_by)(cert_cache_t *this, + certificate_t *subject, certificate_t *issuer); + + /** + * Flush the certificate cache. + * + * @param type type of certificate to flush, or CERT_ANY + */ + void (*flush)(cert_cache_t *this, certificate_type_t type); + + /** + * Destroy a cert_cache instance. + */ + void (*destroy)(cert_cache_t *this); +}; + +/** + * Create a cert_cache instance. + */ +cert_cache_t *cert_cache_create(); + +#endif /* CERT_CACHE_H_ @}*/ diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/charon/credentials/sets/ocsp_response_wrapper.c new file mode 100644 index 000000000..c4d3a5b0f --- /dev/null +++ b/src/charon/credentials/sets/ocsp_response_wrapper.c @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "ocsp_response_wrapper.h" + +typedef struct private_ocsp_response_wrapper_t private_ocsp_response_wrapper_t; + +/** + * private data of ocsp_response_wrapper + */ +struct private_ocsp_response_wrapper_t { + + /** + * public functions + */ + ocsp_response_wrapper_t public; + + /** + * wrapped OCSP response + */ + ocsp_response_t *response; +}; + +/** + * enumerator for ocsp_response_wrapper_t.create_cert_enumerator() + */ +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** enumerator over ocsp response */ + enumerator_t *inner; + /** type of cert */ + certificate_type_t cert; + /** type of key */ + key_type_t key; + /** filtering identity */ + identification_t *id; +} wrapper_enumerator_t; + +/** + * enumerate function wrapper_enumerator_t + */ +static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) +{ + certificate_t *current; + public_key_t *public; + + while (this->inner->enumerate(this->inner, ¤t)) + { + if (this->cert != CERT_ANY && this->cert != current->get_type(current)) + { /* CERT type requested, but does not match */ + continue; + } + public = current->get_public_key(current); + if (this->key != KEY_ANY && !public) + { /* key type requested, but no public key */ + DESTROY_IF(public); + continue; + } + if (this->key != KEY_ANY && public && this->key != public->get_type(public)) + { /* key type requested, but public key has another type */ + DESTROY_IF(public); + continue; + } + DESTROY_IF(public); + if (this->id && !current->has_subject(current, this->id)) + { /* subject requested, but does not match */ + continue; + } + *cert = current; + return TRUE; + } + return FALSE; +} + +/** + * destroy function for wrapper_enumerator_t + */ +static void enumerator_destroy(wrapper_enumerator_t *this) +{ + this->inner->destroy(this->inner); + free(this); +} + +/** + * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator + */ +static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, + certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + wrapper_enumerator_t *enumerator; + + if (trusted) + { + return NULL; + } + + enumerator = malloc_thing(wrapper_enumerator_t); + enumerator->cert = cert; + enumerator->key = key; + enumerator->id = id; + enumerator->inner = this->response->create_cert_enumerator(this->response); + enumerator->public.enumerate = (void*)enumerate; + enumerator->public.destroy = (void*)enumerator_destroy; + return &enumerator->public; +} + +/** + * Implementation of ocsp_response_wrapper_t.destroy + */ +static void destroy(private_ocsp_response_wrapper_t *this) +{ + free(this); +} + +/* + * see header file + */ +ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) +{ + private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t); + + this->public.set.create_private_enumerator = (void*)return_null; + this->public.set.create_cert_enumerator = (void*)create_enumerator; + this->public.set.create_shared_enumerator = (void*)return_null; + this->public.set.create_cdp_enumerator = (void*)return_null; + this->public.set.cache_cert = (void*)nop; + this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; + + this->response = response; + + return &this->public; +} + diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/charon/credentials/sets/ocsp_response_wrapper.h new file mode 100644 index 000000000..6d32c2ca8 --- /dev/null +++ b/src/charon/credentials/sets/ocsp_response_wrapper.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup ocsp_response_wrapper ocsp_response_wrapper + * @{ @ingroup sets + */ + +#ifndef OCSP_RESPONSE_WRAPPER_H_ +#define OCSP_RESPONSE_WRAPPER_H_ + +#include <credentials/credential_set.h> +#include <credentials/certificates/ocsp_response.h> + +typedef struct ocsp_response_wrapper_t ocsp_response_wrapper_t; + +/** + * A wrapper around ocsp_response_t to handle it like a credential set. + */ +struct ocsp_response_wrapper_t { + + /** + * implements credential_set_t + */ + credential_set_t set; + + /** + * Destroy a ocsp_response_wrapper instance. + */ + void (*destroy)(ocsp_response_wrapper_t *this); +}; + +/** + * Create a ocsp_response_wrapper instance. + * + * @param response the wrapped OCSP response + * @return wrapper around response + */ +ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response); + +#endif /* OCSP_RESPONSE_WRAPPER_H_ @}*/ |