1 files changed, 40 insertions, 8 deletions

diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index b69adf399..da23d143c 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2012 Tobias Brunner
+ * Copyright (C) 2009-2015 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -47,10 +47,9 @@ ENUM_BEGIN(id_type_names, ID_ANY, ID_KEY_ID,
 	"ID_DER_ASN1_DN",
 	"ID_DER_ASN1_GN",
 	"ID_KEY_ID");
-ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_USER_ID, ID_KEY_ID,
-	"ID_DER_ASN1_GN_URI",
-	"ID_USER_ID");
-ENUM_END(id_type_names, ID_USER_ID);
+ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_DER_ASN1_GN_URI, ID_KEY_ID,
+	"ID_DER_ASN1_GN_URI");
+ENUM_END(id_type_names, ID_DER_ASN1_GN_URI);
 
 /**
  * coding of X.501 distinguished name
@@ -478,7 +477,7 @@ static status_t atodn(char *src, chunk_t *dn)
 					name.len -= whitespace;
 					rdn_type = (x501rdns[i].type == ASN1_PRINTABLESTRING
 								&& !asn1_is_printablestring(name))
-								? ASN1_T61STRING : x501rdns[i].type;
+								? ASN1_UTF8STRING : x501rdns[i].type;
 
 					if (rdn_count < RDN_MAX)
 					{
@@ -579,6 +578,19 @@ METHOD(identification_t, contains_wildcards_memchr, bool,
 	return memchr(this->encoded.ptr, '*', this->encoded.len) != NULL;
 }
 
+METHOD(identification_t, hash_binary, u_int,
+	private_identification_t *this, u_int inc)
+{
+	u_int hash;
+
+	hash = chunk_hash_inc(chunk_from_thing(this->type), inc);
+	if (this->type != ID_ANY)
+	{
+		hash = chunk_hash_inc(this->encoded, hash);
+	}
+	return hash;
+}
+
 METHOD(identification_t, equals_binary, bool,
 	private_identification_t *this, identification_t *other)
 {
@@ -687,6 +699,24 @@ METHOD(identification_t, equals_dn, bool,
 	return compare_dn(this->encoded, other->get_encoding(other), NULL);
 }
 
+METHOD(identification_t, hash_dn, u_int,
+	private_identification_t *this, u_int inc)
+{
+	enumerator_t *rdns;
+	chunk_t oid, data;
+	u_char type;
+	u_int hash;
+
+	hash = chunk_hash_inc(chunk_from_thing(this->type), inc);
+	rdns = create_rdn_enumerator(this->encoded);
+	while (rdns->enumerate(rdns, &oid, &type, &data))
+	{
+		hash = chunk_hash_inc(data, chunk_hash_inc(oid, hash));
+	}
+	rdns->destroy(rdns);
+	return hash;
+}
+
 METHOD(identification_t, equals_strcasecmp,  bool,
 	private_identification_t *this, identification_t *other)
 {
@@ -828,7 +858,6 @@ int identification_printf_hook(printf_hook_data_t *data,
 		case ID_FQDN:
 		case ID_RFC822_ADDR:
 		case ID_DER_ASN1_GN_URI:
-		case ID_USER_ID:
 			chunk_printable(this->encoded, &proper, '?');
 			snprintf(buf, sizeof(buf), "%.*s", (int)proper.len, proper.ptr);
 			chunk_free(&proper);
@@ -903,23 +932,26 @@ static private_identification_t *identification_create(id_type_t type)
 	switch (type)
 	{
 		case ID_ANY:
+			this->public.hash = _hash_binary;
 			this->public.matches = _matches_any;
 			this->public.equals = _equals_binary;
 			this->public.contains_wildcards = return_true;
 			break;
 		case ID_FQDN:
 		case ID_RFC822_ADDR:
-		case ID_USER_ID:
+			this->public.hash = _hash_binary;
 			this->public.matches = _matches_string;
 			this->public.equals = _equals_strcasecmp;
 			this->public.contains_wildcards = _contains_wildcards_memchr;
 			break;
 		case ID_DER_ASN1_DN:
+			this->public.hash = _hash_dn;
 			this->public.equals = _equals_dn;
 			this->public.matches = _matches_dn;
 			this->public.contains_wildcards = _contains_wildcards_dn;
 			break;
 		default:
+			this->public.hash = _hash_binary;
 			this->public.equals = _equals_binary;
 			this->public.matches = _matches_binary;
 			this->public.contains_wildcards = return_false;