From b8064f4099997a9e2179f3ad4ace605f5ccac3a1 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Mon, 9 Aug 2010 08:09:54 +0000 Subject: [svn-upgrade] new version strongswan (4.4.1) --- src/libstrongswan/plugins/x509/x509_ac.c | 42 ++++++++++++-------------------- 1 file changed, 16 insertions(+), 26 deletions(-) (limited to 'src/libstrongswan/plugins/x509/x509_ac.c') diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 95e72789e..ba0357cc4 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -568,7 +568,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) public = this->signerCert->get_public_key(this->signerCert); if (public) { - if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyIdentifier)) + if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier)) { this->authKeyIdentifier = chunk_clone(keyIdentifier); } @@ -749,7 +749,7 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) { chunk_t fingerprint; - if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + if (!key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fingerprint) || !chunk_equals(fingerprint, this->authKeyIdentifier)) { return FALSE; @@ -812,31 +812,19 @@ static bool get_validity(private_x509_ac_t *this, time_t *when, return (t >= this->notBefore && t <= this->notAfter); } -/** - * Implementation of certificate_t.is_newer. - */ -static bool is_newer(private_x509_ac_t *this, ac_t *that) -{ - certificate_t *this_cert = &this->public.interface.certificate; - certificate_t *that_cert = &that->certificate; - time_t this_update, that_update, now = time(NULL); - bool new; - - this_cert->get_validity(this_cert, &now, &this_update, NULL); - that_cert->get_validity(that_cert, &now, &that_update, NULL); - new = this_update > that_update; - DBG1(DBG_LIB, " attr cert from %T is %s - existing attr cert from %T %s", - &this_update, FALSE, new ? "newer":"not newer", - &that_update, FALSE, new ? "replaced":"retained"); - return new; -} - /** * Implementation of certificate_t.get_encoding. */ -static chunk_t get_encoding(private_x509_ac_t *this) +static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type, + chunk_t *encoding) { - return chunk_clone(this->encoding); + if (type == CERT_ASN1_DER) + { + *encoding = chunk_clone(this->encoding); + return TRUE; + } + return lib->encoding->encode(lib->encoding, type, NULL, encoding, + CRED_PART_X509_AC_ASN1_DER, this->encoding, CRED_PART_END); } /** @@ -855,7 +843,10 @@ static bool equals(private_x509_ac_t *this, certificate_t *other) { /* skip allocation if we have the same implementation */ return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding); } - encoding = other->get_encoding(other); + if (!other->get_encoding(other, CERT_ASN1_DER, &encoding)) + { + return FALSE; + } equal = chunk_equals(this->encoding, encoding); free(encoding.ptr); return equal; @@ -904,8 +895,7 @@ static private_x509_ac_t *create_empty(void) this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer; - this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding; + this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals; this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; -- cgit v1.2.3