ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Removed is_newer() from certificate_t, obsoleting all implementations

This commit is contained in:
Martin Willi 2010-05-21 09:53:23 +02:00
parent 8029e5efd2
commit aab861608a
10 changed files with 2 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/libstrongswan/credentials/certificates/certificate.h
View File

@ -162,13 +162,6 @@ struct certificate_t {
bool (*get_validity)(certificate_t *this, time_t *when,
time_t *not_before, time_t *not_after);
/**
* Is this newer than that?
*
* @return TRUE if newer, FALSE otherwise
*/
bool (*is_newer)(certificate_t *this, certificate_t *that);
/**
* Get the certificate in an encoded form.
*

30
src/libstrongswan/plugins/openssl/openssl_crl.c
View File

@ -296,35 +296,6 @@ METHOD(certificate_t, get_validity, bool,
return t <= this->nextUpdate;
}
METHOD(certificate_t, is_newer, bool,
private_openssl_crl_t *this, certificate_t *other)
{
time_t this_update, that_update;
chunk_t other_serial;
x509_t *x509;
bool new;
x509 = (x509_t*)other;
other_serial = x509->get_serial(x509);
if (this->serial.ptr != NULL && other_serial.ptr != NULL)
{ /* compare crlNumbers if available */
new = chunk_compare(this->serial, other_serial) > 0;
DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
&this->serial, new ? "newer":"not newer",
&other_serial, new ? "replaced":"retained");
}
else
{ /* otherwise use thisUpdate */
get_validity(this, NULL, &this_update, NULL);
other->get_validity(other, NULL, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s",
&this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
}
return new;
}
METHOD(certificate_t, get_encoding, chunk_t,
private_openssl_crl_t *this)
{
@ -395,7 +366,6 @@ static private_openssl_crl_t *create_empty()
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
.is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,

16
src/libstrongswan/plugins/openssl/openssl_x509.c
View File

@ -383,21 +383,6 @@ METHOD(certificate_t, get_validity, bool,
return (t >= this->notBefore && t <= this->notAfter);
}
METHOD(certificate_t, is_newer, bool,
private_openssl_x509_t *this, certificate_t *other)
{
time_t this_update, that_update, now = time(NULL);
bool new;
get_validity(this, &now, &this_update, NULL);
other->get_validity(other, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " certificate from %T is %s - existing certificate "
"from %T %s", &this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
METHOD(certificate_t, get_encoding, chunk_t,
private_openssl_x509_t *this)
{
@ -481,7 +466,6 @@ static private_openssl_x509_t *create_empty()
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
.is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,

18
src/libstrongswan/plugins/pgp/pgp_cert.c
View File

@ -187,23 +187,6 @@ static bool get_validity(private_pgp_cert_t *this, time_t *when,
return (t >= this->valid && t <= until);
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(certificate_t *this, certificate_t *that)
{
time_t this_update, that_update, now = time(NULL);
bool new;
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " certificate from %T is %s - existing certificate"
" from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
&that_update, FALSE, new ? "replaced" : "retained");
return new;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -276,7 +259,6 @@ private_pgp_cert_t *create_empty()
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;

9
src/libstrongswan/plugins/pubkey/pubkey_cert.c
View File

@ -160,14 +160,6 @@ static bool get_validity(private_pubkey_cert_t *this, time_t *when,
return TRUE;
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(certificate_t *this, certificate_t *that)
{
return FALSE;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -221,7 +213,6 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
this->public.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;

20
src/libstrongswan/plugins/x509/x509_ac.c
View File

@ -812,25 +812,6 @@ static bool get_validity(private_x509_ac_t *this, time_t *when,
return (t >= this->notBefore && t <= this->notAfter);
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(private_x509_ac_t *this, ac_t *that)
{
certificate_t *this_cert = &this->public.interface.certificate;
certificate_t *that_cert = &that->certificate;
time_t this_update, that_update, now = time(NULL);
bool new;
this_cert->get_validity(this_cert, &now, &this_update, NULL);
that_cert->get_validity(that_cert, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " attr cert from %T is %s - existing attr cert from %T %s",
&this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -904,7 +885,6 @@ static private_x509_ac_t *create_empty(void)
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;

18
src/libstrongswan/plugins/x509/x509_cert.c
View File

@ -1208,23 +1208,6 @@ static bool get_validity(private_x509_cert_t *this, time_t *when,
return (t >= this->notBefore && t <= this->notAfter);
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(certificate_t *this, certificate_t *that)
{
time_t this_update, that_update, now = time(NULL);
bool new;
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " certificate from %T is %s - existing certificate "
"from %T %s", &this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
return new;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -1383,7 +1366,6 @@ static private_x509_cert_t* create_empty(void)
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;

35
src/libstrongswan/plugins/x509/x509_crl.c
View File

@ -452,40 +452,6 @@ METHOD(certificate_t, get_validity, bool,
return (t <= this->nextUpdate);
}
METHOD(certificate_t, is_newer, bool,
private_x509_crl_t *this, certificate_t *other)
{
chunk_t other_crlNumber = chunk_empty;
bool new;
if (other->get_type(other) == CERT_X509_CRL)
{
crl_t *crl = (crl_t*)other;
other_crlNumber = crl->get_serial(crl);
}
/* compare crlNumbers if available - otherwise use thisUpdate */
if (this->crlNumber.ptr != NULL && other_crlNumber.ptr != NULL)
{
new = chunk_compare(this->crlNumber, other_crlNumber) > 0;
DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
&this->crlNumber, new ? "newer":"not newer",
&other_crlNumber, new ? "replaced":"retained");
}
else
{
time_t this_update, that_update, now = time(NULL);
get_validity(this, &now, &this_update, NULL);
other->get_validity(other, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s",
&this_update, FALSE, new ? "newer":"not newer",
&that_update, FALSE, new ? "replaced":"retained");
}
return new;
}
METHOD(certificate_t, get_encoding, chunk_t,
private_x509_crl_t *this)
{
@ -544,7 +510,6 @@ static private_x509_crl_t* create_empty(void)
.issued_by = _issued_by,
.get_public_key = _get_public_key,
.get_validity = _get_validity,
.is_newer = _is_newer,
.get_encoding = _get_encoding,
.equals = _equals,
.get_ref = _get_ref,

18
src/libstrongswan/plugins/x509/x509_ocsp_response.c
View File

@ -763,23 +763,6 @@ static bool get_validity(private_x509_ocsp_response_t *this, time_t *when,
return (t < this->usableUntil);
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(certificate_t *this, certificate_t *that)
{
time_t this_update, that_update, now = time(NULL);
bool new;
this->get_validity(this, &now, &this_update, NULL);
that->get_validity(that, &now, &that_update, NULL);
new = this_update > that_update;
DBG1(DBG_LIB, " ocsp response from %T is %s - existing ocsp response "
"from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
&that_update, FALSE, new ? "replaced" : "retained");
return new;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -855,7 +838,6 @@ static x509_ocsp_response_t *load(chunk_t blob)
this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
this->public.interface.certificate.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
this->public.interface.certificate.get_encoding = (chunk_t(*)(certificate_t*))get_encoding;
this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;

13
src/libstrongswan/plugins/x509/x509_pkcs10.c
View File

@ -188,14 +188,6 @@ static bool get_validity(private_x509_pkcs10_t *this, time_t *when,
return TRUE;
}
/**
* Implementation of certificate_t.is_newer.
*/
static bool is_newer(certificate_t *this, certificate_t *that)
{
return FALSE;
}
/**
* Implementation of certificate_t.get_encoding.
*/
@ -357,7 +349,7 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
*/
static const asn1Object_t certificationRequestObjects[] = {
{ 0, "certificationRequest", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
{ 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
{ 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
{ 2, "version", ASN1_INTEGER, ASN1_BODY }, /* 2 */
{ 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 3 */
{ 2, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_RAW }, /* 4 */
@ -369,7 +361,7 @@ static const asn1Object_t certificationRequestObjects[] = {
{ 4, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
{ 2, "end loop", ASN1_EOC, ASN1_END }, /* 11 */
{ 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 12 */
{ 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */
{ 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKCS10_CERT_REQUEST_INFO 1
@ -512,7 +504,6 @@ static private_x509_pkcs10_t* create_empty(void)
this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;