Commit 9847f129 authored by Niels Möller's avatar Niels Möller

* certificate.h (struct spki_principal): New field verifier, for

use by the application.

* certificate.c (spki_principal_add_key): Initialize verifier
field.
(spki_principal_add_md5, spki_principal_add_sha1): Likewise.
(spki_5_tuple_by_subject): Moved function from reduce.c, and made
non-static.
(spki_acl_by_subject_first): New function.
(spki_acl_by_subject_next): New function.

Rev: src/spki/certificate.c:1.19
Rev: src/spki/certificate.h:1.18
parent f9229917
......@@ -93,6 +93,7 @@ spki_principal_add_key(struct spki_acl_db *db,
return NULL;
principal->alias = NULL;
principal->verifier = NULL;
if (!(principal->key = spki_dup(db, key_length, key)))
{
......@@ -125,6 +126,7 @@ spki_principal_add_md5(struct spki_acl_db *db,
principal->key = NULL;
principal->alias = NULL;
principal->verifier = NULL;
memcpy(principal->hashes.md5, md5, sizeof(principal->hashes.md5));
principal->flags = SPKI_PRINCIPAL_MD5;
......@@ -145,6 +147,7 @@ spki_principal_add_sha1(struct spki_acl_db *db,
principal->key = NULL;
principal->alias = NULL;
principal->verifier = NULL;
memcpy(principal->hashes.sha1, sha1, sizeof(principal->hashes.sha1));
principal->flags = SPKI_PRINCIPAL_SHA1;
......@@ -298,6 +301,24 @@ spki_5_tuple_fix_aliases(struct spki_5_tuple *tuple)
}
#endif
const struct spki_5_tuple *
spki_5_tuple_by_subject(const struct spki_5_tuple *list,
const struct spki_principal *subject)
{
subject = spki_principal_normalize(subject);
assert(!subject->alias);
for ( ; list; list = list->next)
{
assert(list->subject);
if (spki_principal_normalize(list->subject) == subject)
return list;
}
return NULL;
}
/* ACL database */
int
......@@ -343,6 +364,21 @@ spki_acl_parse(struct spki_acl_db *db, struct spki_iterator *i)
}
const struct spki_5_tuple *
spki_acl_by_subject_first(struct spki_acl_db *db,
const struct spki_principal *subject)
{
return spki_5_tuple_by_subject(db->first_acl, subject);
}
const struct spki_5_tuple *
spki_acl_by_subject_next(struct spki_acl_db *db UNUSED,
const struct spki_5_tuple *acl,
const struct spki_principal *subject)
{
return spki_5_tuple_by_subject(acl->next, subject);
}
/* Iterating through the acls that delegate the requested authorization. */
static const struct spki_5_tuple *
acl_by_auth(const struct spki_5_tuple *acl,
......
......@@ -70,10 +70,9 @@ struct spki_principal
struct spki_principal *alias;
#if 0
/* Information needed to verify signatures for this key. */
/* Information needed to verify signatures for this key. For now,
* details are up to the application. */
void *verifier;
#endif
};
enum spki_5_tuple_flags
......@@ -131,6 +130,10 @@ struct spki_5_tuple
void
spki_5_tuple_init(struct spki_5_tuple *tuple);
const struct spki_5_tuple *
spki_5_tuple_by_subject(const struct spki_5_tuple *list,
const struct spki_principal *subject);
struct spki_acl_db
{
/* For custom memory allocation. */
......@@ -174,15 +177,13 @@ int
spki_acl_parse(struct spki_acl_db *db, struct spki_iterator *i);
const struct spki_5_tuple *
spki_acl_by_principal_first(struct spki_acl_db *,
unsigned principal_length,
uint8_t *principal);
spki_acl_by_subject_first(struct spki_acl_db *,
const struct spki_principal *principal);
const struct spki_5_tuple *
spki_acl_by_principal_next(struct spki_acl_db *db,
const struct spki_5_tuple *acl,
unsigned principal_length,
uint8_t *principal);
spki_acl_by_subject_next(struct spki_acl_db *db,
const struct spki_5_tuple *acl,
const struct spki_principal *principal);
const struct spki_5_tuple *
spki_acl_by_authorization_first(struct spki_acl_db *db,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment