diff options
Diffstat (limited to 'src/libstrongswan/plugins/x509/x509_ac.c')
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 206 |
1 files changed, 81 insertions, 125 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index ba0357cc4..a2cb589e0 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -179,11 +179,11 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi if (has_directoryName) { - iterator_t *iterator = list->create_iterator(list, TRUE); + enumerator_t *enumerator = list->create_enumerator(list); identification_t *directoryName; bool first = TRUE; - while (iterator->iterate(iterator, (void**)&directoryName)) + while (enumerator->enumerate(enumerator, (void**)&directoryName)) { if (first) { @@ -192,15 +192,15 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi } else { - DBG1(DBG_LIB, "more than one directory name - first selected"); + DBG1(DBG_ASN, "more than one directory name - first selected"); directoryName->destroy(directoryName); } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } else { - DBG1(DBG_LIB, "no directoryName found"); + DBG1(DBG_ASN, "no directoryName found"); } list->destroy(list); @@ -359,10 +359,10 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_VERSION: this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1; - DBG2(DBG_LIB, " v%d", this->version); + DBG2(DBG_ASN, " v%d", this->version); if (this->version != 2) { - DBG1(DBG_LIB, "v%d attribute certificates are not " + DBG1(DBG_ASN, "v%d attribute certificates are not " "supported", this->version); goto end; } @@ -408,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this) switch (type) { case OID_AUTHENTICATION_INFO: - DBG2(DBG_LIB, " need to parse authenticationInfo"); + DBG2(DBG_ASN, " need to parse authenticationInfo"); break; case OID_ACCESS_IDENTITY: - DBG2(DBG_LIB, " need to parse accessIdentity"); + DBG2(DBG_ASN, " need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); this->charging = ietf_attributes_create_from_encoding(object); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); break; case OID_GROUP: - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); this->groups = ietf_attributes_create_from_encoding(object); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -436,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s",(critical)?"TRUE":"FALSE"); + DBG2(DBG_ASN, " %s",(critical)?"TRUE":"FALSE"); break; case AC_OBJ_EXTN_VALUE: { switch (extn_oid) { case OID_CRL_DISTRIBUTION_POINTS: - DBG2(DBG_LIB, " need to parse crlDistributionPoints"); + DBG2(DBG_ASN, " need to parse crlDistributionPoints"); break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, level, &this->authKeySerialNumber); break; case OID_TARGET_INFORMATION: - DBG2(DBG_LIB, " need to parse targetInformation"); + DBG2(DBG_ASN, " need to parse targetInformation"); break; case OID_NO_REV_AVAIL: this->noRevAvail = TRUE; @@ -465,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this) NULL); if (this->algorithm != sig_alg) { - DBG1(DBG_LIB, " signature algorithms do not agree"); + DBG1(DBG_ASN, " signature algorithms do not agree"); success = FALSE; goto end; } @@ -528,7 +528,7 @@ static chunk_t build_attr_cert_validity(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_from_time(&this->notBefore, ASN1_GENERALIZEDTIME), - asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME)); + asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME)); } @@ -616,7 +616,6 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) build_extensions(this)); } - /** * build an X.509 attribute certificate */ @@ -636,82 +635,62 @@ static chunk_t build_ac(private_x509_ac_t *this) asn1_bitstring("m", signatureValue)); } -/** - * Implementation of ac_t.get_serial. - */ -static chunk_t get_serial(private_x509_ac_t *this) +METHOD(ac_t, get_serial, chunk_t, + private_x509_ac_t *this) { return this->serialNumber; } -/** - * Implementation of ac_t.get_holderSerial. - */ -static chunk_t get_holderSerial(private_x509_ac_t *this) +METHOD(ac_t, get_holderSerial, chunk_t, + private_x509_ac_t *this) { return this->holderSerial; } -/** - * Implementation of ac_t.get_holderIssuer. - */ -static identification_t* get_holderIssuer(private_x509_ac_t *this) +METHOD(ac_t, get_holderIssuer, identification_t*, + private_x509_ac_t *this) { return this->holderIssuer; } -/** - * Implementation of ac_t.get_authKeyIdentifier. - */ -static chunk_t get_authKeyIdentifier(private_x509_ac_t *this) +METHOD(ac_t, get_authKeyIdentifier, chunk_t, + private_x509_ac_t *this) { return this->authKeyIdentifier; } -/** - * Implementation of certificate_t.get_groups. - */ -static ietf_attributes_t* get_groups(private_x509_ac_t *this) +METHOD(ac_t, get_groups, ietf_attributes_t*, + private_x509_ac_t *this) { return this->groups ? this->groups->get_ref(this->groups) : NULL; } -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_ac_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_x509_ac_t *this) { return CERT_X509_AC; } -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_x509_ac_t *this) +METHOD(certificate_t, get_subject, identification_t*, + private_x509_ac_t *this) { return this->entityName; } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_ac_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_x509_ac_t *this) { return this->issuerName; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_x509_ac_t *this, identification_t *subject) { return ID_MATCH_NONE; } -/** - * Implementation of certificate_t.has_issuer. - */ -static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) +METHOD(certificate_t, has_issuer, id_match_t, + private_x509_ac_t *this, identification_t *issuer) { if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) @@ -721,10 +700,8 @@ static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) return this->issuerName->matches(this->issuerName, issuer); } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_x509_ac_t *this, certificate_t *issuer) { public_key_t *key; signature_scheme_t scheme; @@ -776,28 +753,21 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) return valid; } -/** - * Implementation of certificate_t.get_public_key. - */ -static public_key_t* get_public_key(private_x509_ac_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_x509_ac_t *this) { return NULL; } -/** - * Implementation of certificate_t.get_ref. - */ -static private_x509_ac_t* get_ref(private_x509_ac_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_x509_ac_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.certificate; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_x509_ac_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_x509_ac_t *this, time_t *when, time_t *not_before, time_t *not_after) { time_t t = when ? *when : time(NULL); @@ -812,11 +782,8 @@ static bool get_validity(private_x509_ac_t *this, time_t *when, return (t >= this->notBefore && t <= this->notAfter); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type, - chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_x509_ac_t *this, cred_encoding_type_t type, chunk_t *encoding) { if (type == CERT_ASN1_DER) { @@ -827,10 +794,8 @@ static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type, CRED_PART_X509_AC_ASN1_DER, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_ac_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_x509_ac_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -852,10 +817,8 @@ static bool equals(private_x509_ac_t *this, certificate_t *other) return equal; } -/** - * Implementation of x509_ac_t.destroy - */ -static void destroy(private_x509_ac_t *this) +METHOD(certificate_t, destroy, void, + private_x509_ac_t *this) { if (ref_put(&this->ref)) { @@ -879,41 +842,34 @@ static void destroy(private_x509_ac_t *this) */ static private_x509_ac_t *create_empty(void) { - private_x509_ac_t *this = malloc_thing(private_x509_ac_t); - - /* public functions */ - this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; - this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; - this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; - this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier; - this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups; - this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; - this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.certificate.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_subject; - this->public.interface.certificate.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals; - this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; - - /* initialize */ - this->encoding = chunk_empty; - this->serialNumber = chunk_empty; - this->holderSerial = chunk_empty; - this->authKeyIdentifier = chunk_empty; - this->holderIssuer = NULL; - this->entityName = NULL; - this->issuerName = NULL; - this->holderCert = NULL; - this->signerCert = NULL; - this->signerKey = NULL; - this->charging = NULL; - this->groups = NULL; - this->ref = 1; + private_x509_ac_t *this; + + INIT(this, + .public = { + .interface = { + .certificate = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_issuer, + .has_subject = _has_subject, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_serial = _get_serial, + .get_holderSerial = _get_holderSerial, + .get_holderIssuer = _get_holderIssuer, + .get_authKeyIdentifier = _get_authKeyIdentifier, + .get_groups = _get_groups, + }, + }, + .ref = 1, + ); return this; } |