implement basic listing of attribute certificates
This commit is contained in:
Andreas Steffen
parent
be1585c587
commit
7199d22e77
|
|
@ -157,8 +157,9 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou
|
|||
public_key_t *public;
|
||||
identification_t *candidate;
|
||||
certificate_t *cert = *in;
|
||||
|
||||
if (cert->get_type(cert) == CERT_X509_CRL)
|
||||
certificate_type_t type = cert->get_type(cert);
|
||||
|
||||
if (type == CERT_X509_CRL || type == CERT_X509_AC)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -204,6 +205,26 @@ static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* filter function for attribute certificate enumerator
|
||||
*/
|
||||
static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out)
|
||||
{
|
||||
certificate_t *cert = *in;
|
||||
|
||||
if (cert->get_type(cert) != CERT_X509_AC)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (data->id == NULL || cert->has_subject(cert, data->id))
|
||||
{
|
||||
*out = *in;
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements credential_set_t.create_cert_enumerator
|
||||
*/
|
||||
|
|
@ -213,21 +234,20 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
|
|||
{
|
||||
id_data_t *data;
|
||||
|
||||
if (cert == CERT_X509_CRL)
|
||||
if (cert == CERT_X509_CRL || cert == CERT_X509_AC)
|
||||
{
|
||||
if (trusted)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
data = malloc_thing(id_data_t);
|
||||
data->this = this;
|
||||
data->id = id;
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
return enumerator_create_filter(this->certs->create_enumerator(this->certs),
|
||||
(void*)crl_filter, data,
|
||||
(void*)id_data_destroy);
|
||||
(cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter,
|
||||
data, (void*)id_data_destroy);
|
||||
}
|
||||
if (cert != CERT_X509 && cert != CERT_ANY)
|
||||
{ /* we only have X509 certificates. TODO: ACs? */
|
||||
|
|
@ -439,6 +459,19 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl)
|
|||
return new;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add X.509 attribute certificate to chain
|
||||
*/
|
||||
static bool add_ac(private_stroke_cred_t *this, ac_t* ac)
|
||||
{
|
||||
certificate_t *cert = &ac->certificate;
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
this->certs->insert_last(this->certs, cert);
|
||||
this->mutex->unlock(this->mutex);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of stroke_cred_t.load_peer.
|
||||
*/
|
||||
|
|
@ -525,7 +558,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
|
|||
BUILD_END);
|
||||
if (cert)
|
||||
{
|
||||
cert->destroy(cert);
|
||||
add_ac(this, (ac_t*)cert);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
/* warning intervals for list functions */
|
||||
#define CERT_WARNING_INTERVAL 30 /* days */
|
||||
#define CRL_WARNING_INTERVAL 7 /* days */
|
||||
#define AC_WARNING_INTERVAL 1 /* day */
|
||||
|
||||
typedef struct private_stroke_list_t private_stroke_list_t;
|
||||
|
||||
|
|
@ -461,9 +462,45 @@ static void stroke_list_certs(linked_list_t *list, char *label,
|
|||
/**
|
||||
* list all X.509 attribute certificates
|
||||
*/
|
||||
static void stroke_list_acerts(bool utc, FILE *out)
|
||||
static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out)
|
||||
{
|
||||
bool first = TRUE;
|
||||
time_t thisUpdate, nextUpdate, now = time(NULL);
|
||||
enumerator_t *enumerator = list->create_enumerator(list);
|
||||
certificate_t *cert;
|
||||
|
||||
while (enumerator->enumerate(enumerator, (void**)&cert))
|
||||
{
|
||||
if (first)
|
||||
{
|
||||
fprintf(out, "\n");
|
||||
fprintf(out, "List of X.509 Attribute Certificates:\n");
|
||||
first = FALSE;
|
||||
}
|
||||
fprintf(out, "\n");
|
||||
|
||||
fprintf(out, " holder: \"%D\"\n", cert->get_subject(cert));
|
||||
fprintf(out, " issuer: \"%D\"\n", cert->get_issuer(cert));
|
||||
|
||||
/* list validity */
|
||||
cert->get_validity(cert, &now, &thisUpdate, &nextUpdate);
|
||||
fprintf(out, " updates: this %#T\n", &thisUpdate, utc);
|
||||
fprintf(out, " next %#T, ", &nextUpdate, utc);
|
||||
if (now > nextUpdate)
|
||||
{
|
||||
fprintf(out, "expired (%#V ago)\n", &now, &nextUpdate);
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(out, "ok");
|
||||
if (now > nextUpdate - AC_WARNING_INTERVAL * 60 * 60 * 24)
|
||||
{
|
||||
fprintf(out, " (expires in %#V)", &now, &nextUpdate);
|
||||
}
|
||||
fprintf(out, " \n");
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -596,7 +633,10 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out)
|
|||
}
|
||||
if (msg->list.flags & LIST_ACERTS)
|
||||
{
|
||||
stroke_list_acerts(msg->list.utc, out);
|
||||
linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC);
|
||||
|
||||
stroke_list_acerts(ac_list, msg->list.utc, out);
|
||||
ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy));
|
||||
}
|
||||
if (msg->list.flags & LIST_CRLS)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -990,13 +990,8 @@ static private_x509_ac_t* build(private_builder_t *this)
|
|||
|
||||
free(this);
|
||||
|
||||
if (ac == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* synthesis if TRUE or analysis if FALSE */
|
||||
if (ac->encoding.ptr == NULL)
|
||||
/* synthesis if encoding does not exist */
|
||||
if (ac && ac->encoding.ptr == NULL)
|
||||
{
|
||||
if (ac->holderCert && ac->signerCert && ac->signerKey)
|
||||
{
|
||||
|
|
@ -1008,7 +1003,7 @@ static private_x509_ac_t* build(private_builder_t *this)
|
|||
}
|
||||
else
|
||||
{
|
||||
return NULL;
|
||||
return ac;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue