Added support for CDPs to conftest

1 files changed, 44 insertions, 0 deletions

diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index 93b162f5b..e21914811 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -27,6 +27,7 @@
 #include "hooks/hook.h"
 
 #include <threading/thread.h>
+#include <credentials/certificates/x509.h>
 
 /**
  * Conftest globals struct
@@ -221,6 +222,48 @@ static bool load_keys(settings_t *settings, char *dir)
 }
 
 /**
+ * Load certificate distribution points
+ */
+static void load_cdps(settings_t *settings)
+{
+	enumerator_t *enumerator;
+	identification_t *id;
+	char *ca, *uri, *section;
+	x509_t *x509;
+
+	enumerator = settings->create_section_enumerator(settings, "cdps");
+	while (enumerator->enumerate(enumerator, &section))
+	{
+		if (!strncaseeq(section, "crl", strlen("crl")))
+		{
+			fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
+			continue;
+		}
+
+		uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
+		ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
+		if (!ca || !uri)
+		{
+			fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
+			continue;
+		}
+		x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+							CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
+		if (!x509)
+		{
+			fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
+			continue;
+		}
+		id = identification_create_from_encoding(ID_KEY_ID,
+									x509->get_subjectKeyIdentifier(x509));
+		conftest->creds->add_cdp(conftest->creds, CERT_X509_CRL, id, uri);
+		DESTROY_IF((certificate_t*)x509);
+		id->destroy(id);
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
  * Load configured hooks
  */
 static bool load_hooks()
@@ -448,6 +491,7 @@ int main(int argc, char *argv[])
 	{
 		return 1;
 	}
+	load_cdps(conftest->test);
 	if (!load_hooks())
 	{
 		return 1;