certificates: Added ocsp_single_response object

src/libstrongswan/Android.mk

@@ -25,6 +25,7 @@ credentials/keys/public_key.c credentials/keys/shared_key.c \
 credentials/keys/signature_params.c \
 credentials/certificates/certificate.c credentials/certificates/crl.c \
 credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
+credentials/certificates/ocsp_single_response.c \
 credentials/certificates/certificate_printer.c \
 credentials/containers/container.c credentials/containers/pkcs12.c \
 credentials/credential_manager.c \

src/libstrongswan/Makefile.am

@@ -23,6 +23,7 @@ credentials/keys/public_key.c credentials/keys/shared_key.c \
 credentials/keys/signature_params.c \
 credentials/certificates/certificate.c credentials/certificates/crl.c \
 credentials/certificates/ocsp_response.c credentials/certificates/x509.c \
+credentials/certificates/ocsp_single_response.c \
 credentials/certificates/certificate_printer.c \
 credentials/containers/container.c credentials/containers/pkcs12.c \
 credentials/credential_manager.c \
@@ -91,6 +92,7 @@ credentials/keys/signature_params.h \
 credentials/certificates/certificate.h credentials/certificates/x509.h \
 credentials/certificates/ac.h credentials/certificates/crl.h \
 credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
+credentials/certificates/ocsp_single_response.h \
 credentials/certificates/ocsp_response.h \
 credentials/certificates/ocsp_responder.h \
 credentials/certificates/pgp_certificate.h \

src/libstrongswan/credentials/certificates/ocsp_single_response.c

@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2023 Andreas Steffen, strongSec GmbH
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ocsp_single_response.h"
+
+typedef struct private_ocsp_single_response_t private_ocsp_single_response_t;
+
+/**
+ * Private data of an ocsp_single_response object.
+ */
+struct private_ocsp_single_response_t {
+
+	/**
+	 * Public interface for this ocsp_single_response object.
+	 */
+	ocsp_single_response_t public;
+
+	/**
+	 * reference counter
+	 */
+	refcount_t ref;
+};
+
+METHOD(ocsp_single_response_t, get_ref, ocsp_single_response_t*,
+	private_ocsp_single_response_t *this)
+{
+	ref_get(&this->ref);
+	return &this->public;
+}
+
+METHOD(ocsp_single_response_t, destroy, void,
+	private_ocsp_single_response_t *this)
+{
+	if (ref_put(&this->ref))
+	{
+		free(this->public.issuerNameHash.ptr);
+		free(this->public.issuerKeyHash.ptr);
+		free(this->public.serialNumber.ptr);
+		free(this);
+	}
+}
+
+/**
+ * See header.
+ */
+ocsp_single_response_t *ocsp_single_response_create()
+{
+	private_ocsp_single_response_t *this;
+
+	INIT(this,
+		.public = {
+			.hashAlgorithm = HASH_UNKNOWN,
+			.status = VALIDATION_FAILED,
+			.get_ref = _get_ref,
+			.destroy = _destroy,
+		},
+		.ref = 1,
+	);
+
+	return &this->public;
+}

src/libstrongswan/credentials/certificates/ocsp_single_response.h

@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2023 Andreas Steffen, strongSec GmbH
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ocsp_single_response ocsp_single_response
+ * @{ @ingroup certificates
+ */
+
+#ifndef OCSP_SINGLE_RESPONSE_H_
+#define OCSP_SINGLE_RESPONSE_H_
+
+#include <credentials/certificates/x509.h>
+#include <credentials/certificates/crl.h>
+
+typedef struct ocsp_single_response_t ocsp_single_response_t;
+
+/**
+ * Single response contained in OCSP response
+ */
+struct ocsp_single_response_t {
+
+	/**
+	 *  Hash algorithm for the two hashes
+	 */
+	int hashAlgorithm;
+
+	/**
+	 *  hash of issuer DN
+	 */
+	chunk_t issuerNameHash;
+
+	/**
+	 * issuerKeyID
+	 */
+	chunk_t issuerKeyHash;
+
+	/**
+	 * Serial number of certificate
+	 */
+	chunk_t serialNumber;
+
+	/**
+	 * OCSP certificate status
+	 */
+	cert_validation_t status;
+
+	/**
+	 * Time of revocation, if revoked
+	 */
+	time_t revocationTime;
+
+	/**
+	 * Revocation reason, if revoked
+	 */
+	crl_reason_t revocationReason;
+
+	/**
+	 * Creation of the OCSP single response
+	 */
+	time_t thisUpdate;
+
+	/**
+	 * Creation of next OCSP single response
+	 */
+	time_t nextUpdate;
+
+	/**
+	 * Get a new reference to the ocsp_single_response object.
+	 *
+	 * @return			this, with an increased refcount
+	 */
+	ocsp_single_response_t* (*get_ref)(ocsp_single_response_t *this);
+
+	/**
+	 * Destroy an ocsp_single_response_t object.
+	 */
+	void (*destroy)(ocsp_single_response_t *this);
+};
+
+/**
+ * Create an ocsp_single_response_t object
+ *
+ * @return              ocsp_single_response_t object
+ */
+ocsp_single_response_t *ocsp_single_response_create(void);
+
+#endif /** OCSP_SINGLE_RESPONSE_H_ @}*/