From 7542d311ee92ce103c00dacc65e9879bd3d24256 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 26 Mar 2006 23:51:10 +0000
Subject: [PATCH] Expose more of the hx509_query interface.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16812 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c | 65 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 61 insertions(+), 4 deletions(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index 9e4fa583b..e25ff7dbd 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -257,7 +257,8 @@ hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
 void
 hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
 {
-    memset(ctx, 0, sizeof(*ctx));
+    if (ctx)
+	memset(ctx, 0, sizeof(*ctx));
     free(ctx);
 }
 
@@ -567,7 +568,7 @@ certificate_is_anchor(hx509_context context,
     q.match = HX509_QUERY_MATCH_CERTIFICATE;
     q.certificate = _hx509_get_cert(cert);
 
-    ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
+    ret = hx509_certs_find(context, ctx->trust_anchors, &q, &c);
     if (ret == 0)
 	hx509_cert_free(c);
     return ret == 0;
@@ -599,10 +600,10 @@ find_parent(hx509_context context,
     q.subject = _hx509_get_cert(current);
     q.path = path;
 
-    ret = _hx509_certs_find(context, chain, &q, &c);
+    ret = hx509_certs_find(context, chain, &q, &c);
     if (ret == 0)
 	return c;
-    ret = _hx509_certs_find(context, ctx->trust_anchors, &q, &c);
+    ret = hx509_certs_find(context, ctx->trust_anchors, &q, &c);
     if (ret == 0)
 	return c;
     return NULL;
@@ -1213,6 +1214,26 @@ hx509_verify_path(hx509_context context,
 	}
     }
 
+#if 0
+    for (i = path.len - 1; i >= 0; i--) {
+	hx509_name name;
+	char *subject_name;
+	
+	ret = hx509_cert_get_subject(path.val[i], &name);
+	if (ret)
+	    abort();
+	
+	ret = hx509_name_to_string(name, &subject_name);
+	hx509_name_free(&name);
+	if (ret)
+	    abort();
+
+	printf("name %d: %s\n", i, subject_name);
+
+	free(subject_name);
+    }
+#endif
+
     /*
      * Verify signatures, do this backward so public key working
      * parameter is passed up from the anchor up though the chain.
@@ -1361,6 +1382,42 @@ _hx509_query_clear(hx509_query *q)
     memset(q, 0, sizeof(*q));
 }
 
+int
+hx509_query_alloc(hx509_context context, hx509_query **q)
+{
+    *q = calloc(1, sizeof(*q));
+    if (*q == NULL)
+	return ENOMEM;
+    return 0;
+}
+
+void
+hx509_query_match_option(hx509_query *q, hx509_query_option option)
+{
+    switch(option) {
+    case HX509_QUERY_OPTION_PRIVATE_KEY:
+	q->match |= HX509_QUERY_PRIVATE_KEY;
+	break;
+    case HX509_QUERY_OPTION_KU_ENCIPHERMENT:
+	q->match |= HX509_QUERY_KU_ENCIPHERMENT;
+	break;
+    case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE:
+	q->match |= HX509_QUERY_KU_DIGITALSIGNATURE;
+	break;
+    case HX509_QUERY_OPTION_END:
+    default:
+	break;
+    }
+}
+
+void
+hx509_query_free(hx509_context context, hx509_query *q)
+{
+    if (q)
+	memset(q, 0, sizeof(*q));
+    free(q);
+}
+
 int
 _hx509_query_match_cert(const hx509_query *q, hx509_cert cert)
 {