diff options
author | Martin Willi <martin@strongswan.org> | 2009-08-13 11:15:31 +0200 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2009-08-26 11:23:49 +0200 |
commit | 37f5a0da2ca7cd12ae5119414c9e4005369c372a (patch) | |
tree | b76523cbfd50870b06cd4e7c77dfdb0edf61a683 /src | |
parent | a5dc4a9585e3f5882974872f80fbc69decccb4fe (diff) | |
download | strongswan-37f5a0da2ca7cd12ae5119414c9e4005369c372a.tar.bz2 strongswan-37f5a0da2ca7cd12ae5119414c9e4005369c372a.tar.xz |
use credential builder to build attribute certificates
Diffstat (limited to 'src')
-rw-r--r-- | src/pluto/ac.c | 20 | ||||
-rw-r--r-- | src/pluto/builder.c | 79 |
2 files changed, 82 insertions, 17 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 3b5df9738..c09b4f12c 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -36,6 +36,7 @@ #include "log.h" #include "whack.h" #include "fetch.h" +#include "builder.h" /** * Chained list of X.509 attribute certificates @@ -818,20 +819,13 @@ void load_acerts(void) { while (n--) { - chunk_t blob = chunk_empty; - bool pgp = FALSE; - - if (load_coded_file(filelist[n]->d_name, NULL, "acert", &blob, &pgp)) + x509acert_t *ac; + + ac = lib->creds->create(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_AC, + BUILD_FROM_FILE, filelist[n]->d_name, BUILD_END); + if (ac) { - x509acert_t *ac = malloc_thing(x509acert_t); - - *ac = empty_ac; - - if (parse_ac(blob, ac) - && verify_x509acert(ac, FALSE)) - add_acert(ac); - else - free_acert(ac); + add_acert(ac); } free(filelist[n]); } diff --git a/src/pluto/builder.c b/src/pluto/builder.c index 665d78634..854c8c69b 100644 --- a/src/pluto/builder.c +++ b/src/pluto/builder.c @@ -30,6 +30,7 @@ #include "log.h" #include "id.h" #include "certs.h" +#include "ac.h" /** * currently building cert_t @@ -39,7 +40,7 @@ static cert_t *cert; /** * builder add function */ -static void add(builder_t *this, builder_part_t part, ...) +static void cert_add(builder_t *this, builder_part_t part, ...) { chunk_t blob; va_list args; @@ -91,7 +92,7 @@ static void add(builder_t *this, builder_part_t part, ...) /** * builder build function */ -static void *build(builder_t *this) +static void *cert_build(builder_t *this) { free(this); if (cert->type == CERT_NONE) @@ -113,8 +114,8 @@ static builder_t *cert_builder(credential_type_t type, int subtype) return NULL; } this = malloc_thing(builder_t); - this->add = add; - this->build = build; + this->add = cert_add; + this->build = cert_build; cert->type = CERT_NONE; cert->u.x509 = NULL; @@ -123,14 +124,84 @@ static builder_t *cert_builder(credential_type_t type, int subtype) return this; } +/** + * currently building x509ac_t + */ +static x509acert_t *ac; + +/** + * builder add function + */ +static void ac_add(builder_t *this, builder_part_t part, ...) +{ + chunk_t blob; + va_list args; + + switch (part) + { + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + blob = va_arg(args, chunk_t); + va_end(args); + + ac = malloc_thing(x509acert_t); + + *ac = empty_ac; + + if (!parse_ac(blob, ac) && !verify_x509acert(ac, FALSE)) + { + free_acert(ac); + ac = NULL; + } + break; + } + default: + builder_cancel(this); + break; + } +} + +/** + * builder build function + */ +static void *ac_build(builder_t *this) +{ + free(this); + return ac; +} + +/** + * certificate builder in x509ac_t format. + */ +static builder_t *ac_builder(credential_type_t type, int subtype) +{ + builder_t *this; + + if (subtype != CRED_TYPE_AC) + { + return NULL; + } + this = malloc_thing(builder_t); + this->add = ac_add; + this->build = ac_build; + + ac = NULL; + + return this; +} + void init_builder(void) { lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE, (builder_constructor_t)cert_builder); + lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_AC, + (builder_constructor_t)ac_builder); } void free_builder(void) { lib->creds->remove_builder(lib->creds, (builder_constructor_t)cert_builder); + lib->creds->remove_builder(lib->creds, (builder_constructor_t)ac_builder); } |