Made some useful methods in the credential manager public
This commit is contained in:
parent
5f9e62c54f
commit
c1f9dad672
|
@ -375,11 +375,8 @@ METHOD(credential_manager_t, get_shared, shared_key_t*,
|
|||
return found;
|
||||
}
|
||||
|
||||
/**
|
||||
* add a credential set to the thread local list
|
||||
*/
|
||||
static void add_local_set(private_credential_manager_t *this,
|
||||
credential_set_t *set)
|
||||
METHOD(credential_manager_t, add_local_set, void,
|
||||
private_credential_manager_t *this, credential_set_t *set)
|
||||
{
|
||||
linked_list_t *sets;
|
||||
|
||||
|
@ -392,11 +389,8 @@ static void add_local_set(private_credential_manager_t *this,
|
|||
sets->insert_last(sets, set);
|
||||
}
|
||||
|
||||
/**
|
||||
* remove a credential set from the thread local list
|
||||
*/
|
||||
static void remove_local_set(private_credential_manager_t *this,
|
||||
credential_set_t *set)
|
||||
METHOD(credential_manager_t, remove_local_set, void,
|
||||
private_credential_manager_t *this, credential_set_t *set)
|
||||
{
|
||||
linked_list_t *sets;
|
||||
|
||||
|
@ -1265,11 +1259,9 @@ METHOD(enumerator_t, trusted_destroy, void,
|
|||
free(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* create an enumerator over trusted certificates and their trustchain
|
||||
*/
|
||||
static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this,
|
||||
key_type_t type, identification_t *id, bool online)
|
||||
METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*,
|
||||
private_credential_manager_t *this, key_type_t type,
|
||||
identification_t *id, bool online)
|
||||
{
|
||||
trusted_enumerator_t *enumerator;
|
||||
|
||||
|
@ -1539,6 +1531,13 @@ METHOD(credential_manager_t, flush_cache, void,
|
|||
this->cache->flush(this->cache, type);
|
||||
}
|
||||
|
||||
METHOD(credential_manager_t, issued_by, bool,
|
||||
private_credential_manager_t *this, certificate_t *subject,
|
||||
certificate_t *issuer)
|
||||
{
|
||||
return this->cache->issued_by(this->cache, subject, issuer);
|
||||
}
|
||||
|
||||
METHOD(credential_manager_t, add_set, void,
|
||||
private_credential_manager_t *this, credential_set_t *set)
|
||||
{
|
||||
|
@ -1601,11 +1600,15 @@ credential_manager_t *credential_manager_create()
|
|||
.get_cert = _get_cert,
|
||||
.get_shared = _get_shared,
|
||||
.get_private = _get_private,
|
||||
.create_trusted_enumerator = _create_trusted_enumerator,
|
||||
.create_public_enumerator = _create_public_enumerator,
|
||||
.flush_cache = _flush_cache,
|
||||
.cache_cert = _cache_cert,
|
||||
.issued_by = _issued_by,
|
||||
.add_set = _add_set,
|
||||
.remove_set = _remove_set,
|
||||
.add_local_set = _add_local_set,
|
||||
.remove_local_set = _remove_local_set,
|
||||
.add_validator = _add_validator,
|
||||
.remove_validator = _remove_validator,
|
||||
.destroy = _destroy,
|
||||
|
|
|
@ -142,6 +142,24 @@ struct credential_manager_t {
|
|||
private_key_t* (*get_private)(credential_manager_t *this, key_type_t type,
|
||||
identification_t *id, auth_cfg_t *auth);
|
||||
|
||||
/**
|
||||
* Create an enumerator over trusted certificates.
|
||||
*
|
||||
* This method creates an enumerator over trusted certificates. The auth
|
||||
* parameter (if given) recevies the trustchain used to validate
|
||||
* the certificate. The resulting enumerator enumerates over
|
||||
* certificate_t*, auth_cfg_t*.
|
||||
* If online is set, revocations are checked online for the whole
|
||||
* trustchain.
|
||||
*
|
||||
* @param type type of the key we want a certificate for
|
||||
* @param id subject of the certificate
|
||||
* @param online whether revocations should be checked online
|
||||
* @return enumerator
|
||||
*/
|
||||
enumerator_t* (*create_trusted_enumerator)(credential_manager_t *this,
|
||||
key_type_t type, identification_t *id, bool online);
|
||||
|
||||
/**
|
||||
* Create an enumerator over trusted public keys.
|
||||
*
|
||||
|
@ -150,6 +168,8 @@ struct credential_manager_t {
|
|||
* authentication infos, e.g. peer and intermediate certificates.
|
||||
* The resulting enumerator enumerates over public_key_t *, auth_cfg_t *,
|
||||
* where the auth config helper contains rules for constraint checks.
|
||||
* This function is very similar to create_trusted_enumerator(), but
|
||||
* gets public keys directly.
|
||||
*
|
||||
* @param type type of the key to get
|
||||
* @param id owner of the key, signer of the signature
|
||||
|
@ -176,6 +196,19 @@ struct credential_manager_t {
|
|||
*/
|
||||
void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
|
||||
|
||||
/**
|
||||
* Check if a given subject certificate is issued by an issuer certificate.
|
||||
*
|
||||
* This operation does signature verification, but uses the credential
|
||||
* managers cache for to speed up the operation.
|
||||
*
|
||||
* @param subject subject certificate to check
|
||||
* @param issuer issuer certificate that potentially has signed subject
|
||||
* @return TRUE if issuer signed subject
|
||||
*/
|
||||
bool (*issued_by)(credential_manager_t *this,
|
||||
certificate_t *subject, certificate_t *issuer);
|
||||
|
||||
/**
|
||||
* Register a credential set to the manager.
|
||||
*
|
||||
|
@ -190,6 +223,25 @@ struct credential_manager_t {
|
|||
*/
|
||||
void (*remove_set)(credential_manager_t *this, credential_set_t *set);
|
||||
|
||||
/**
|
||||
* Register a thread local credential set to the manager.
|
||||
*
|
||||
* To add a credential set for the current trustchain verification
|
||||
* operation, sets may be added for the calling thread only. This
|
||||
* does not require a write lock and is therefore a much less expensive
|
||||
* operation.
|
||||
*
|
||||
* @param set set to register
|
||||
*/
|
||||
void (*add_local_set)(credential_manager_t *this, credential_set_t *set);
|
||||
|
||||
/**
|
||||
* Unregister a thread local credential set from the manager.
|
||||
*
|
||||
* @param set set to unregister
|
||||
*/
|
||||
void (*remove_local_set)(credential_manager_t *this, credential_set_t *set);
|
||||
|
||||
/**
|
||||
* Register a certificate validator to the manager.
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue