extended credential_set_t interface by a cache_cert() method

allows persistent or in-memory caching of fetched certificates

src/charon/control/controller.c

@@ -105,14 +105,6 @@ struct interface_job_t {
 	interface_bus_listener_t listener;
 };
 
-/**
- * Implements the famous nop operation
- */
-static void nop(job_t *job)
-{
-	/* NOP */
-}
-
 /**
  * Implementation of controller_t.create_ike_sa_iterator.
  */

src/charon/credentials/credential_manager.c

@@ -1437,6 +1437,24 @@ static void flush_cache(private_credential_manager_t *this,
 	this->cache->flush(this->cache, type);
 }
 
+/**
+ * Implementation of credential_manager_t.cache_cert.
+ */
+static void cache_cert(private_credential_manager_t *this, certificate_t *cert)
+{
+	credential_set_t *set;
+	enumerator_t *enumerator;
+	
+	pthread_rwlock_rdlock(&this->lock);
+	enumerator = this->sets->create_enumerator(this->sets);
+	while (enumerator->enumerate(enumerator, &set))
+	{
+		set->cache_cert(set, cert);
+	}
+	enumerator->destroy(enumerator);
+	pthread_rwlock_unlock(&this->lock);
+}	
+
 /**
  * Implementation of credential_manager_t.add_set.
  */
@@ -1486,6 +1504,7 @@ credential_manager_t *credential_manager_create()
 	this->public.get_private = (private_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_private;
 	this->public.create_public_enumerator = (enumerator_t*(*)(credential_manager_t*, key_type_t type, identification_t *id, auth_info_t *aut))create_public_enumerator;
 	this->public.flush_cache = (void(*)(credential_manager_t*, certificate_type_t type))flush_cache;
+	this->public.cache_cert = (void(*)(credential_manager_t*, certificate_t *cert))cache_cert;
 	this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
 	this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
 	this->public.destroy = (void(*)(credential_manager_t*))destroy;

src/charon/credentials/credential_manager.h

@@ -162,9 +162,19 @@ struct credential_manager_t {
 	enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
 					key_type_t type, identification_t *id, auth_info_t *auth);
 	
+	/**
+	 * Cache a certificate by invoking cache_cert() on all registerd sets.
+	 *
+	 * @param cert		certificate to cache
+	 */
+	void (*cache_cert)(credential_manager_t *this, certificate_t *cert);
+	
 	/**
 	 * Flush the certificate cache.
 	 *
+	 * Only the managers local cache is flushed, but not the sets cache filled
+	 * by the cache_cert() method.
+	 *
 	 * @param type		type of certificate to flush, or CERT_ANY
 	 */
 	void (*flush_cache)(credential_manager_t *this, certificate_type_t type);

src/charon/credentials/credential_set.h

@@ -87,7 +87,17 @@ struct credential_set_t {
 	 * @return			an enumerator over CDPs as char*
 	 */
 	enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
-						certificate_type_t type, identification_t *id);	
+						certificate_type_t type, identification_t *id);
+	
+	/**
+	 * Cache a certificate in the credential set.
+	 *
+	 * The caching policy is implementation dependent, the sets may cache the
+	 * certificate in-memory, persistent on disk or not at all.
+	 *
+	 * @param cert		certificate to cache
+	 */
+	void (*cache_cert)(credential_set_t *this, certificate_t *cert);	
 };
 
 #endif /* CREDENTIAL_SET_H_ @} */

src/charon/credentials/sets/auth_info_wrapper.c

@@ -145,6 +145,7 @@ auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth)
 	this->public.set.create_cert_enumerator = (void*)create_enumerator;
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)nop;
 	this->public.destroy = (void(*)(auth_info_wrapper_t*))destroy;
 	
 	this->auth = auth;

src/charon/credentials/sets/cert_cache.c

@@ -265,6 +265,14 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
 							(void*)certs_filter, data, (void*)certs_destroy);
 }
 
+/**
+ * Implementation of credential_set_t.cache_cert.
+ */
+static void cache_cert(private_cert_cache_t *this, certificate_t *cert)
+{
+	/* TODO: implement caching */
+}
+
 /**
  * Implementation of cert_cache_t.flush.
  */
@@ -309,6 +317,7 @@ cert_cache_t *cert_cache_create()
 	this->public.set.create_cert_enumerator = (void*)create_enumerator;
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)cache_cert;
 	this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
 	this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
 	this->public.destroy = (void(*)(cert_cache_t*))destroy;

src/charon/credentials/sets/ocsp_response_wrapper.c

@@ -139,6 +139,7 @@ ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response)
 	this->public.set.create_cert_enumerator = (void*)create_enumerator;
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)nop;
 	this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy;
 	
 	this->response = response;

src/charon/plugins/med_db/med_db_creds.c

@@ -144,6 +144,7 @@ med_db_creds_t *med_db_creds_create(database_t *db)
 	this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)nop;
 
 	this->public.destroy = (void (*)(med_db_creds_t*))destroy;
 	

src/charon/plugins/sql/sql_cred.c

@@ -331,6 +331,14 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this,
 	return &e->public;
 }
 
+/**
+ * Implementation of credential_set_t.cache_cert.
+ */
+static void cache_cert(private_sql_cred_t *this, certificate_t *cert)
+{
+	/* TODO: implement CRL caching to database */
+}
+
 /**
  * Implementation of sql_cred_t.destroy.
  */
@@ -338,7 +346,6 @@ static void destroy(private_sql_cred_t *this)
 {
 	free(this);
 }
-
 /**
  * Described in header.
  */
@@ -350,6 +357,7 @@ sql_cred_t *sql_cred_create(database_t *db)
 	this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
 	this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
+	this->public.set.cache_cert = (void*)cache_cert;
 	this->public.destroy = (void(*)(sql_cred_t*))destroy;
 	
 	this->db = db;

src/charon/plugins/stroke/stroke_cred.c

@@ -304,6 +304,14 @@ static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this,
 									(void*)shared_data_destroy);
 }
 
+/**
+ * Implementation of credential_set_t.cache_cert.
+ */
+static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
+{
+	/* TODO: implement crl writeback to ipsec.d/crls */
+}
+
 /**
  * Add a certificate to chain
  */
@@ -868,6 +876,7 @@ stroke_cred_t *stroke_cred_create()
 	this->public.set.create_private_enumerator = (void*)create_private_enumerator;
 	this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
 	this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
+	this->public.set.cache_cert = (void*)cache_cert;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
 	this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread;
 	this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca;

src/libstrongswan/utils.c

@@ -71,6 +71,13 @@ void *return_null()
 	return NULL;
 }
 
+/**
+ * nop operation
+ */
+void nop()
+{
+}
+
 /**
  * We use a single mutex for all refcount variables. This
  * is not optimal for performance, but the critical section

src/libstrongswan/utils.h

@@ -214,6 +214,11 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n);
  */
 void *return_null();
 
+/**
+ * No-Operation function
+ */
+void nop();
+
 /**
  * Special type to count references
  */