sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

x509: Match acert has_subject() against entityName or holder serial

Browse Source 
This allows us to find attribute certificates for a subject certificate in
credential sets.
This commit is contained in:
Martin Willi 2014-02-05 14:45:47 +01:00
parent 6e8c665a51
commit b06283f1e3
1 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/libstrongswan/plugins/x509/x509_ac.c
View File

@ -74,7 +74,7 @@ struct private_x509_ac_t {
/** /**
* Serial number of the holder certificate * Serial number of the holder certificate
*/ */
chunk_t holderSerial; identification_t *holderSerial;
/** /**
* ID representing the holder * ID representing the holder
@ -455,7 +455,8 @@ static bool parse_certificate(private_x509_ac_t *this)
} }
break; break;
case AC_OBJ_HOLDER_SERIAL: case AC_OBJ_HOLDER_SERIAL:
this->holderSerial = object; this->holderSerial = identification_create_from_encoding(
ID_KEY_ID, object);
break; break;
case AC_OBJ_ENTITY_NAME: case AC_OBJ_ENTITY_NAME:
if (!parse_directoryName(object, level, TRUE, if (!parse_directoryName(object, level, TRUE,
@ -775,7 +776,11 @@ METHOD(ac_t, get_serial, chunk_t,
METHOD(ac_t, get_holderSerial, chunk_t, METHOD(ac_t, get_holderSerial, chunk_t,
private_x509_ac_t *this) private_x509_ac_t *this)
{ {
return this->holderSerial; if (this->holderSerial)
{
return this->holderSerial->get_encoding(this->holderSerial);
}
return chunk_empty;
} }
METHOD(ac_t, get_holderIssuer, identification_t*, METHOD(ac_t, get_holderIssuer, identification_t*,
@ -823,7 +828,11 @@ METHOD(certificate_t, get_type, certificate_type_t,
METHOD(certificate_t, get_subject, identification_t*, METHOD(certificate_t, get_subject, identification_t*,
private_x509_ac_t *this) private_x509_ac_t *this)
{ {
return this->entityName; if (this->entityName)
{
return this->entityName;
}
return this->holderSerial;
} }
METHOD(certificate_t, get_issuer, identification_t*, METHOD(certificate_t, get_issuer, identification_t*,
@ -835,7 +844,17 @@ METHOD(certificate_t, get_issuer, identification_t*,
METHOD(certificate_t, has_subject, id_match_t, METHOD(certificate_t, has_subject, id_match_t,
private_x509_ac_t *this, identification_t *subject) private_x509_ac_t *this, identification_t *subject)
{ {
return ID_MATCH_NONE; id_match_t entity = ID_MATCH_NONE, serial = ID_MATCH_NONE;
if (this->entityName)
{
entity = this->entityName->matches(this->entityName, subject);
}
if (this->holderSerial)
{
serial = this->holderSerial->matches(this->holderSerial, subject);
}
return max(entity, serial);
} }
METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, has_issuer, id_match_t,
@ -978,6 +997,7 @@ METHOD(certificate_t, destroy, void,
if (ref_put(&this->ref)) if (ref_put(&this->ref))
{ {
DESTROY_IF(this->holderIssuer); DESTROY_IF(this->holderIssuer);
DESTROY_IF(this->holderSerial);
DESTROY_IF(this->entityName); DESTROY_IF(this->entityName);
DESTROY_IF(this->issuerName); DESTROY_IF(this->issuerName);
DESTROY_IF(this->holderCert); DESTROY_IF(this->holderCert);