diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-09-05 18:19:50 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-09-08 12:08:17 +0200 |
commit | a75a4e87f3cca4619c882487aa76967666565dcc (patch) | |
tree | df212e06ecde363828deb441bf688d5be6136c0d /src/libimcv/tcg/pts | |
parent | 6ef5c05829a366b45a442b40c02a75f19f5e65c3 (diff) | |
download | strongswan-a75a4e87f3cca4619c882487aa76967666565dcc.tar.bz2 strongswan-a75a4e87f3cca4619c882487aa76967666565dcc.tar.xz |
added a PTS credential set
Diffstat (limited to 'src/libimcv/tcg/pts')
-rw-r--r-- | src/libimcv/tcg/pts/pts_creds.c | 136 | ||||
-rw-r--r-- | src/libimcv/tcg/pts/pts_creds.h | 57 |
2 files changed, 193 insertions, 0 deletions
diff --git a/src/libimcv/tcg/pts/pts_creds.c b/src/libimcv/tcg/pts/pts_creds.c new file mode 100644 index 000000000..1a8211ceb --- /dev/null +++ b/src/libimcv/tcg/pts/pts_creds.c @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pts_creds.h" + +#include <debug.h> +#include <credentials/certificates/x509.h> +#include <credentials/sets/mem_cred.h> + +#include <sys/stat.h> + +typedef struct private_pts_creds_t private_pts_creds_t; + +/** + * Private data of a pts_creds_t object. + * + */ +struct private_pts_creds_t { + + /** + * Public pts_creds_t interface. + */ + pts_creds_t public; + + /** + * Credential set + */ + mem_cred_t *creds; + +}; + +METHOD(pts_creds_t, verify, bool, + private_pts_creds_t *this, certificate_t *cert) +{ + return FALSE; +} + + +METHOD(pts_creds_t, destroy, void, + private_pts_creds_t *this) +{ + this->creds->destroy(this->creds); + free(this); +} + +/** + * Load trusted PTS CA certificates from a directory + */ +static void load_cacerts(private_pts_creds_t *this, char *path) +{ + enumerator_t *enumerator; + struct stat st; + char *file; + + DBG1(DBG_TNC, "loading PTS ca certificates from '%s'", path); + + enumerator = enumerator_create_directory(path); + if (!enumerator) + { + return; + } + + while (enumerator->enumerate(enumerator, NULL, &file, &st)) + { + certificate_t *cert; + + if (!S_ISREG(st.st_mode)) + { + /* skip special file */ + continue; + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, file, BUILD_END); + if (cert) + { + x509_t *x509 = (x509_t*)cert; + + if (!(x509->get_flags(x509) & X509_CA)) + { + DBG1(DBG_TNC, " ca certificate \"%Y\" lacks ca basic constraint" + ", discarded", cert->get_subject(cert)); + cert->destroy(cert); + } + else + { + DBG1(DBG_TNC, " loaded ca certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); + this->creds->add_cert(this->creds, TRUE, cert); + } + } + else + { + DBG1(DBG_TNC, " loading ca certificate from '%s' failed", file); + } + } + enumerator->destroy(enumerator); +} + +/** + * See header + */ +pts_creds_t *pts_creds_create(char *path) +{ + private_pts_creds_t *this; + + if (!path) + { + DBG1(DBG_TNC, "no PTS cacerts directory defined"); + return NULL; + } + + INIT(this, + .public = { + .verify = _verify, + .destroy = _destroy, + }, + .creds = mem_cred_create(), + ); + + load_cacerts(this, path); + + return &this->public; +} + diff --git a/src/libimcv/tcg/pts/pts_creds.h b/src/libimcv/tcg/pts/pts_creds.h new file mode 100644 index 000000000..d5ae1762b --- /dev/null +++ b/src/libimcv/tcg/pts/pts_creds.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pts_creds pts_creds + * @{ @ingroup pts + */ + +#ifndef PTS_CREDS_H_ +#define PTS_CREDS_H_ + +typedef struct pts_creds_t pts_creds_t; + +#include <library.h> + +/** + * Class implementing a PTS credentials set + * + */ +struct pts_creds_t { + +/** + * Verify an AIK certificate + * + * @cert certificate to be verified + * @return TRUE if valid and trusted + */ + bool (*verify)(pts_creds_t *this, certificate_t *cert); + + + /** + * Destroys a pts_creds_t object. + */ + void (*destroy)(pts_creds_t *this); + +}; + +/** + * Creates an pts_creds_t object + * + * @param path path to the PTS cacerts directory + */ +pts_creds_t* pts_creds_create(char *path); + +#endif /** PTS_CREDS_H_ @}*/ |