Implemented support for preinstalled PGP certificates in charon

5 files changed, 17 insertions, 6 deletions

diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 9133a1380..5f322c5f9 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -240,8 +240,8 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
 					(cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter,
 					data, (void*)id_data_destroy);
 	}
-	if (cert != CERT_X509 && cert != CERT_ANY)
-	{	/* we only have X509 certificates. TODO: ACs? */
+	if (cert != CERT_X509 && cert != CERT_GPG && cert != CERT_ANY)
+	{	/* we have X509/PGP certificates. TODO: ACs? */
 		return NULL;
 	}
 	data = malloc_thing(id_data_t);
@@ -484,9 +484,8 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
 	}
 
 	cert = lib->creds->create(lib->creds,
-							  CRED_CERTIFICATE, CERT_X509,
+							  CRED_CERTIFICATE, CERT_ANY,
 							  BUILD_FROM_FILE, path,
-							  BUILD_X509_FLAG, 0,
 							  BUILD_END);
 	if (cert)
 	{
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index c53e1e9cd..eb3d300a6 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -375,6 +375,11 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
 			 * RSA for PGP keys, which is actually wrong. */
 			subtype = KEY_ANY;
 		}
+		/* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */
+		if (type == CRED_CERTIFICATE && subtype == CERT_ANY)
+		{
+			subtype = pgp ? CERT_GPG : CERT_X509;
+		}
 	}
 	cred = lib->creds->create(lib->creds, type, subtype,
 							  pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index f9a2ff3c7..d289a3b86 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -347,7 +347,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
 /**
  * See header.
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args)
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
 {
 	chunk_t packet, blob = chunk_empty;
 	pgp_packet_tag_t tag;
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h
index b6411557f..7845e8f04 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.h
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.h
@@ -43,6 +43,6 @@ struct pgp_cert_t {
  * @param args		builder_part_t argument list
  * @return 			builder instance
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args);
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args);
 
 #endif /* PGP_CERT_ @}*/
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 198b58cbf..eabb3695f 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -18,6 +18,7 @@
 #include <library.h>
 #include "pgp_builder.h"
 #include "pgp_encoder.h"
+#include "pgp_cert.h"
 
 typedef struct private_pgp_plugin_t private_pgp_plugin_t;
 
@@ -42,6 +43,9 @@ static void destroy(private_pgp_plugin_t *this)
 	lib->creds->remove_builder(lib->creds,
 							(builder_function_t)pgp_private_key_load);
 
+	lib->creds->remove_builder(lib->creds,
+							(builder_function_t)pgp_cert_load);
+
 	lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode);
 
 	free(this);
@@ -65,6 +69,9 @@ plugin_t *plugin_create()
 	lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
 							(builder_function_t)pgp_private_key_load);
 
+	lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+							(builder_function_t)pgp_cert_load);
+
 	lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
 
 	return &this->public.plugin;