aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/config
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/config')
-rw-r--r--Source/charon/config/Makefile.config15
-rw-r--r--Source/charon/config/connections/Makefile.connections24
-rw-r--r--Source/charon/config/connections/connection.c (renamed from Source/charon/config/connection.c)0
-rw-r--r--Source/charon/config/connections/connection.h (renamed from Source/charon/config/connection.h)0
-rwxr-xr-xSource/charon/config/connections/connection_store.h (renamed from Source/charon/config/connection_store.h)30
-rw-r--r--Source/charon/config/connections/local_connection_store.c202
-rw-r--r--Source/charon/config/connections/local_connection_store.h63
-rw-r--r--Source/charon/config/credentials/Makefile.credentials20
-rwxr-xr-xSource/charon/config/credentials/credential_store.h (renamed from Source/charon/config/credential_store.h)25
-rw-r--r--Source/charon/config/credentials/local_credential_store.c315
-rw-r--r--Source/charon/config/credentials/local_credential_store.h84
-rw-r--r--Source/charon/config/policies/Makefile.policies24
-rw-r--r--Source/charon/config/policies/local_policy_store.c137
-rw-r--r--Source/charon/config/policies/local_policy_store.h60
-rw-r--r--Source/charon/config/policies/policy.c (renamed from Source/charon/config/policy.c)0
-rw-r--r--Source/charon/config/policies/policy.h (renamed from Source/charon/config/policy.h)0
-rwxr-xr-xSource/charon/config/policies/policy_store.h (renamed from Source/charon/config/policy_store.h)13
17 files changed, 978 insertions, 34 deletions
diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config
index c95bccb8d..d4638b318 100644
--- a/Source/charon/config/Makefile.config
+++ b/Source/charon/config/Makefile.config
@@ -15,15 +15,6 @@
CONFIG_DIR= $(CHARON_DIR)config/
-
-CHARON_OBJS+= $(BUILD_DIR)connection.o
-$(BUILD_DIR)connection.o : $(CONFIG_DIR)connection.c $(CONFIG_DIR)connection.h
- $(CC) $(CFLAGS) -c -o $@ $<
-
-CHARON_OBJS+= $(BUILD_DIR)policy.o
-$(BUILD_DIR)policy.o : $(CONFIG_DIR)policy.c $(CONFIG_DIR)policy.h
- $(CC) $(CFLAGS) -c -o $@ $<
-
CHARON_OBJS+= $(BUILD_DIR)traffic_selector.o
$(BUILD_DIR)traffic_selector.o : $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h
$(CC) $(CFLAGS) -c -o $@ $<
@@ -34,4 +25,8 @@ $(BUILD_DIR)proposal.o : $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h
CHARON_OBJS+= $(BUILD_DIR)configuration.o
$(BUILD_DIR)configuration.o : $(CONFIG_DIR)configuration.c $(CONFIG_DIR)configuration.h
- $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+include $(CONFIG_DIR)connections/Makefile.connections
+include $(CONFIG_DIR)credentials/Makefile.credentials
+include $(CONFIG_DIR)policies/Makefile.policies \ No newline at end of file
diff --git a/Source/charon/config/connections/Makefile.connections b/Source/charon/config/connections/Makefile.connections
new file mode 100644
index 000000000..8fbc983f6
--- /dev/null
+++ b/Source/charon/config/connections/Makefile.connections
@@ -0,0 +1,24 @@
+# Copyright (C) 2006 Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+CONNECTIONS_DIR= $(CONFIG_DIR)connections/
+
+
+CHARON_OBJS+= $(BUILD_DIR)connection.o
+$(BUILD_DIR)connection.o : $(CONNECTIONS_DIR)connection.c $(CONNECTIONS_DIR)connection.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+CHARON_OBJS+= $(BUILD_DIR)local_connection_store.o
+$(BUILD_DIR)local_connection_store.o : $(CONNECTIONS_DIR)local_connection_store.c $(CONNECTIONS_DIR)local_connection_store.h
+ $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/Source/charon/config/connection.c b/Source/charon/config/connections/connection.c
index d2e50c780..d2e50c780 100644
--- a/Source/charon/config/connection.c
+++ b/Source/charon/config/connections/connection.c
diff --git a/Source/charon/config/connection.h b/Source/charon/config/connections/connection.h
index 39b076411..39b076411 100644
--- a/Source/charon/config/connection.h
+++ b/Source/charon/config/connections/connection.h
diff --git a/Source/charon/config/connection_store.h b/Source/charon/config/connections/connection_store.h
index 8b80c0fea..f1814a00d 100755
--- a/Source/charon/config/connection_store.h
+++ b/Source/charon/config/connections/connection_store.h
@@ -24,7 +24,7 @@
#define CONNECTION_STORE_H_
#include <types.h>
-#include <config/connection.h>
+#include <config/connections/connection.h>
typedef struct connection_store_t connection_store_t;
@@ -33,17 +33,17 @@ typedef struct connection_store_t connection_store_t;
* @brief The interface for a store of connection_t's.
*
* @b Constructors:
- * - stroke_create()
+ * - stroke_create()
*
* @ingroup config
*/
-struct connection_store_t {
+struct connection_store_t {
/**
* @brief Returns a connection definition identified by two IDs.
*
- * This call is usefull to get a connection identified by addresses.
- * It may be used after kernel request for traffic protection.
+ * This call is useful to get a connection which is identified by IDs
+ * rather than addresses, e.g. for connection setup on user request.
* The returned connection gets created/cloned and therefore must
* be destroyed after usage.
*
@@ -59,8 +59,8 @@ struct connection_store_t {
/**
* @brief Returns a connection definition identified by two hosts.
*
- * This call is useful to get a connection which is identified by IDs
- * rather than addresses, e.g. for connection setup on user request.
+ * This call is usefull to get a connection identified by addresses.
+ * It may be used after kernel request for traffic protection.
* The returned connection gets created/cloned and therefore must
* be destroyed after usage.
*
@@ -74,6 +74,20 @@ struct connection_store_t {
connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host);
/**
+ * @brief Add a connection to the store.
+ *
+ * After a successful call, the connection is owned by the store and may
+ * not be manipulated nor destroyed.
+ *
+ * @param this calling object
+ * @param connection connection to add
+ * @return
+ * - SUCCESS, or
+ * - FAILED
+ */
+ status_t (*add_connection) (connection_store_t *this, connection_t *connection);
+
+ /**
* @brief Destroys a connection_store_t object.
*
* @param this calling object
@@ -81,4 +95,4 @@ struct connection_store_t {
void (*destroy) (connection_store_t *this);
};
-#endif /*CONNECTION_STORE_H_*/
+#endif /* CONNECTION_STORE_H_ */
diff --git a/Source/charon/config/connections/local_connection_store.c b/Source/charon/config/connections/local_connection_store.c
new file mode 100644
index 000000000..3eee2ba58
--- /dev/null
+++ b/Source/charon/config/connections/local_connection_store.c
@@ -0,0 +1,202 @@
+/**
+ * @file local_connection_store.c
+ *
+ * @brief Implementation of local_connection_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "local_connection_store.h"
+
+#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
+
+
+typedef struct private_local_connection_store_t private_local_connection_store_t;
+
+/**
+ * Private data of an local_connection_store_t object
+ */
+struct private_local_connection_store_t {
+
+ /**
+ * Public part
+ */
+ local_connection_store_t public;
+
+ /**
+ * stored connection
+ */
+ linked_list_t *connections;
+
+ /**
+ * Assigned logger
+ */
+ logger_t *logger;
+};
+
+
+/**
+ * Implementation of connection_store_t.get_connection_by_hosts.
+ */
+static connection_t *get_connection_by_hosts(private_local_connection_store_t *this, host_t *my_host, host_t *other_host)
+{
+ iterator_t *iterator;
+ connection_t *current, *found = NULL;
+
+ this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s",
+ my_host->get_address(my_host), other_host->get_address(other_host));
+
+ iterator = this->connections->create_iterator(this->connections, TRUE);
+ while (iterator->has_next(iterator))
+ {
+ host_t *config_my_host, *config_other_host;
+
+ iterator->current(iterator, (void**)&current);
+
+ config_my_host = current->get_my_host(current);
+ config_other_host = current->get_other_host(current);
+
+ /* first check if ip is equal */
+ if(config_other_host->ip_equals(config_other_host, other_host))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s",
+ config_other_host->get_address(config_other_host));
+ /* could be right one, check my_host for default route*/
+ if (config_my_host->is_default_route(config_my_host))
+ {
+ found = current->clone(current);
+ break;
+ }
+ /* check now if host informations are the same */
+ else if (config_my_host->ip_equals(config_my_host,my_host))
+ {
+ found = current->clone(current);
+ break;
+ }
+
+ }
+ /* Then check for wildcard hosts!
+ * TODO
+ * actually its only checked if other host with default route can be found! */
+ else if (config_other_host->is_default_route(config_other_host))
+ {
+ /* could be right one, check my_host for default route*/
+ if (config_my_host->is_default_route(config_my_host))
+ {
+ found = current->clone(current);
+ break;
+ }
+ /* check now if host informations are the same */
+ else if (config_my_host->ip_equals(config_my_host,my_host))
+ {
+ found = current->clone(current);
+ break;
+ }
+ }
+ }
+ iterator->destroy(iterator);
+
+ /* apply hosts as they are supplied since my_host may be %defaultroute, and other_host may be %any. */
+ if (found)
+ {
+ found->update_my_host(found, my_host->clone(my_host));
+ found->update_other_host(found, other_host->clone(other_host));
+ }
+
+ return found;
+}
+
+/**
+ * Implementation of connection_store_t.get_connection_by_ids.
+ */
+static connection_t *get_connection_by_ids(private_local_connection_store_t *this, identification_t *my_id, identification_t *other_id)
+{
+ iterator_t *iterator;
+ connection_t *current, *found = NULL;
+
+ this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for ids %s - %s",
+ my_id->get_string(my_id), other_id->get_string(other_id));
+
+ iterator = this->connections->create_iterator(this->connections, TRUE);
+ while (iterator->has_next(iterator))
+ {
+ identification_t *config_my_id, *config_other_id;
+
+ iterator->current(iterator, (void**)&current);
+
+ config_my_id = current->get_my_id(current);
+ config_other_id = current->get_other_id(current);
+
+ /* first check if ids are equal
+ * TODO: Add wildcard checks */
+ if (config_other_id->equals(config_other_id, other_id) &&
+ config_my_id->equals(config_my_id, my_id))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote id %s",
+ config_other_id->get_string(config_other_id));
+ found = current->clone(current);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+
+ return found;
+}
+
+/**
+ * Implementation of connection_store_t.add_connection.
+ */
+status_t add_connection(private_local_connection_store_t *this, connection_t *connection)
+{
+ this->connections->insert_last(this->connections, connection);
+ return SUCCESS;
+}
+
+/**
+ * Implementation of connection_store_t.destroy.
+ */
+static void destroy (private_local_connection_store_t *this)
+{
+ connection_t *connection;
+
+ while (this->connections->remove_last(this->connections, (void**)&connection) == SUCCESS)
+ {
+ connection->destroy(connection);
+ }
+ this->connections->destroy(this->connections);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+local_connection_store_t * local_connection_store_create()
+{
+ private_local_connection_store_t *this = malloc_thing(private_local_connection_store_t);
+
+ this->public.connection_store.get_connection_by_hosts = (connection_t*(*)(connection_store_t*,host_t*,host_t*))get_connection_by_hosts;
+ this->public.connection_store.get_connection_by_ids = (connection_t*(*)(connection_store_t*,identification_t*,identification_t*))get_connection_by_ids;
+ this->public.connection_store.add_connection = (status_t(*)(connection_store_t*,connection_t*))add_connection;
+ this->public.connection_store.destroy = (void(*)(connection_store_t*))destroy;
+
+ /* private variables */
+ this->connections = linked_list_create();
+ this->logger = logger_manager->get_logger(logger_manager, CONFIG);
+
+ return (&this->public);
+}
diff --git a/Source/charon/config/connections/local_connection_store.h b/Source/charon/config/connections/local_connection_store.h
new file mode 100644
index 000000000..14a0a24ae
--- /dev/null
+++ b/Source/charon/config/connections/local_connection_store.h
@@ -0,0 +1,63 @@
+/**
+ * @file local_connection_store.h
+ *
+ * @brief Interface of local_connection_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef LOCAL_CONNECTION_H_
+#define LOCAL_CONNECTION_H_
+
+#include <types.h>
+#include <config/connections/connection_store.h>
+
+
+typedef struct local_connection_store_t local_connection_store_t;
+
+/**
+ * @brief A connection_store_t implementation using a simple connection list.
+ *
+ * The local_connection_store_t class implements the connection_store_t interface
+ * as simple as possible. connection_t's are stored in an in-memory list.
+ *
+ * @b Constructors:
+ * - local_connection_store_create()
+ *
+ * @todo Make thread-save first
+ * @todo Add remove_connection method
+ *
+ * @ingroup config
+ */
+struct local_connection_store_t {
+
+ /**
+ * Implements connection_store_t interface
+ */
+ connection_store_t connection_store;
+};
+
+/**
+ * @brief Creates a local_connection_store_t instance.
+ *
+ * @return connection store instance.
+ *
+ * @ingroup config
+ */
+local_connection_store_t * local_connection_store_create();
+
+#endif /* LOCAL_CONNECTION_H_ */
diff --git a/Source/charon/config/credentials/Makefile.credentials b/Source/charon/config/credentials/Makefile.credentials
new file mode 100644
index 000000000..720d56656
--- /dev/null
+++ b/Source/charon/config/credentials/Makefile.credentials
@@ -0,0 +1,20 @@
+# Copyright (C) 2006 Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+CREDENTIALS_DIR= $(CONFIG_DIR)credentials/
+
+
+CHARON_OBJS+= $(BUILD_DIR)local_credential_store.o
+$(BUILD_DIR)local_credential_store.o : $(CREDENTIALS_DIR)local_credential_store.c $(CREDENTIALS_DIR)local_credential_store.h
+ $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/Source/charon/config/credential_store.h b/Source/charon/config/credentials/credential_store.h
index 27f1a287d..2339469c0 100755
--- a/Source/charon/config/credential_store.h
+++ b/Source/charon/config/credentials/credential_store.h
@@ -26,6 +26,7 @@
#include <types.h>
#include <crypto/rsa/rsa_private_key.h>
#include <crypto/rsa/rsa_public_key.h>
+#include <utils/identification.h>
typedef struct credential_store_t credential_store_t;
@@ -48,10 +49,12 @@ struct credential_store_t {
* @param this calling object
* @param identification identification_t object identifiying the secret.
* @param[out] preshared_secret the preshared secret will be written there.
- *
- * @return
+ * @return
* - NOT_FOUND if no preshared secrets for specific ID could be found
* - SUCCESS
+ *
+ * @todo We should use two IDs to query shared secrets, since we want to use different
+ * keys for different peers...
*/
status_t (*get_shared_secret) (credential_store_t *this, identification_t *identification, chunk_t *preshared_secret);
@@ -62,13 +65,9 @@ struct credential_store_t {
*
* @param this calling object
* @param identification identification_t object identifiying the key.
- * @param[out] public_key the public key will be written there
- *
- * @return
- * - NOT_FOUND if no key is configured for specific id
- * - SUCCESS
- */
- status_t (*get_rsa_public_key) (credential_store_t *this, identification_t *identification, rsa_public_key_t **public_key);
+ * @return public key, or NULL if not found
+ */
+ rsa_public_key_t * (*get_rsa_public_key) (credential_store_t *this, identification_t *identification);
/**
* @brief Returns the RSA private key of a specific ID.
@@ -77,13 +76,9 @@ struct credential_store_t {
*
* @param this calling object
* @param identification identification_t object identifiying the key
- * @param[out] private_key the private key will be written there
- *
- * @return
- * - NOT_FOUND if no key is configured for specific id
- * - SUCCESS
+ * @return private key, or NULL if not found
*/
- status_t (*get_rsa_private_key) (credential_store_t *this, identification_t *identification, rsa_private_key_t **private_key);
+ rsa_private_key_t *(*get_rsa_private_key) (credential_store_t *this, identification_t *identification);
/**
* @brief Destroys a credential_store_t object.
diff --git a/Source/charon/config/credentials/local_credential_store.c b/Source/charon/config/credentials/local_credential_store.c
new file mode 100644
index 000000000..dc6cb6c50
--- /dev/null
+++ b/Source/charon/config/credentials/local_credential_store.c
@@ -0,0 +1,315 @@
+/**
+ * @file local_credential_store.c
+ *
+ * @brief Implementation of local_credential_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <sys/stat.h>
+#include <dirent.h>
+
+#include "local_credential_store.h"
+
+#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
+#include <crypto/x509.h>
+
+
+typedef struct key_entry_t key_entry_t;
+
+/**
+ * Private key with an associated ID to find it
+ */
+struct key_entry_t {
+
+ /**
+ * ID, as added
+ */
+ identification_t *id;
+
+ /**
+ * Associated rsa private key
+ */
+ rsa_private_key_t *key;
+};
+
+
+typedef struct private_local_credential_store_t private_local_credential_store_t;
+
+/**
+ * Private data of an local_credential_store_t object
+ */
+struct private_local_credential_store_t {
+
+ /**
+ * Public part
+ */
+ local_credential_store_t public;
+
+ /**
+ * list of key_entry_t's with private keys
+ */
+ linked_list_t *private_keys;
+
+ /**
+ * list of x509 certificates with public keys
+ */
+ linked_list_t *certificates;
+
+ /**
+ * Assigned logger
+ */
+ logger_t *logger;
+};
+
+
+/**
+ * Implementation of credential_store_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *identification, chunk_t *preshared_secret)
+{
+ return FAILED;
+}
+
+/**
+ * Implementation of credential_store_t.get_rsa_public_key.
+ */
+static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *identification)
+{
+ x509_t *current;
+ rsa_public_key_t *found = NULL;
+ iterator_t *iterator;
+
+ this->logger->log(this->logger, CONTROL|LEVEL2, "Looking for public key for %s",
+ identification->get_string(identification));
+ iterator = this->certificates->create_iterator(this->certificates, TRUE);
+ while (iterator->has_next(iterator))
+ {
+ iterator->current(iterator, (void**)&current);
+ identification_t *stored = current->get_subject(current);
+ this->logger->log(this->logger, CONTROL|LEVEL2, "there is one for %s",
+ stored->get_string(stored));
+ if (identification->equals(identification, stored))
+ {
+ found = current->get_public_key(current);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * Implementation of credential_store_t.get_rsa_private_key.
+ */
+static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *this, identification_t *identification)
+{
+ rsa_private_key_t *found = NULL;
+ key_entry_t *current;
+ iterator_t *iterator;
+
+ iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
+ while (iterator->has_next(iterator))
+ {
+ iterator->current(iterator, (void**)&current);
+ if (identification->equals(identification, current->id))
+ {
+ found = current->key->clone(current->key);
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * Implements local_credential_store_t.load_private_keys
+ */
+static void load_certificates(private_local_credential_store_t *this, char *path)
+{
+ struct dirent* entry;
+ struct stat stb;
+ DIR* dir;
+ x509_t *cert;
+
+ dir = opendir(path);
+ if (dir == NULL) {
+ this->logger->log(this->logger, ERROR, "error opening certificate directory \"%s\"", path);
+ return;
+ }
+ while ((entry = readdir(dir)) != NULL)
+ {
+ char file[256];
+ snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
+
+ if (stat(file, &stb) == -1)
+ {
+ continue;
+ }
+ /* try to parse all regular files */
+ if (stb.st_mode & S_IFREG)
+ {
+ cert = x509_create_from_file(file);
+ if (cert)
+ {
+ this->certificates->insert_last(this->certificates, (void*)cert);
+ this->logger->log(this->logger, CONTROL|LEVEL1, "loaded certificate \"%s\"", file);
+ }
+ else
+ {
+ this->logger->log(this->logger, ERROR, "certificate \"%s\" invalid, skipped", file);
+ }
+ }
+ }
+ closedir(dir);
+}
+
+/**
+ * Query the ID for a private key, by doing a lookup in the certificates
+ */
+static identification_t *get_id_for_private_key(private_local_credential_store_t *this, rsa_private_key_t *private_key)
+{
+ iterator_t *iterator;
+ x509_t *cert;
+ identification_t *found = NULL;
+ rsa_public_key_t *public_key;
+
+ this->logger->log(this->logger, CONTROL|LEVEL2, "Getting ID for a private key...");
+
+ iterator = this->certificates->create_iterator(this->certificates, TRUE);
+ while (!found && iterator->has_next(iterator))
+ {
+ iterator->current(iterator, (void**)&cert);
+ public_key = cert->get_public_key(cert);
+ if (public_key)
+ {
+ if (private_key->belongs_to(private_key, public_key))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL2, "found a match");
+ found = cert->get_subject(cert);
+ found = found->clone(found);
+ }
+ else
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL3, "this one did not match");
+ }
+ public_key->destroy(public_key);
+ }
+ }
+ iterator->destroy(iterator);
+ return found;
+}
+
+/**
+ * Implements local_credential_store_t.load_private_keys
+ */
+static void load_private_keys(private_local_credential_store_t *this, char *path)
+{
+ struct dirent* entry;
+ struct stat stb;
+ DIR* dir;
+ rsa_private_key_t *key;
+
+ dir = opendir(path);
+ if (dir == NULL) {
+ this->logger->log(this->logger, ERROR, "error opening private key directory \"%s\"", path);
+ return;
+ }
+ while ((entry = readdir(dir)) != NULL)
+ {
+ char file[256];
+ snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
+
+ if (stat(file, &stb) == -1)
+ {
+ continue;
+ }
+ /* try to parse all regular files */
+ if (stb.st_mode & S_IFREG)
+ {
+ key = rsa_private_key_create_from_file(file, NULL);
+ if (key)
+ {
+ key_entry_t *entry;
+ identification_t *id = get_id_for_private_key(this, key);
+ if (!id)
+ {
+ this->logger->log(this->logger, ERROR,
+ "no certificate found for private key \"%s\", skipped", file);
+ key->destroy(key);
+ continue;
+ }
+ entry = malloc_thing(key_entry_t);
+ entry->key = key;
+ entry->id = id;
+ this->private_keys->insert_last(this->private_keys, (void*)entry);
+ this->logger->log(this->logger, CONTROL|LEVEL1, "loaded private key \"%s\"", file);
+ }
+ else
+ {
+ this->logger->log(this->logger, ERROR, "private key \"%s\" invalid, skipped", file);
+ }
+ }
+ }
+ closedir(dir);
+}
+
+/**
+ * Implementation of credential_store_t.destroy.
+ */
+static void destroy(private_local_credential_store_t *this)
+{
+ x509_t *certificate;
+ key_entry_t *key_entry;
+
+ while (this->certificates->remove_last(this->certificates, (void**)&certificate) == SUCCESS)
+ {
+ certificate->destroy(certificate);
+ }
+ this->certificates->destroy(this->certificates);
+ while (this->private_keys->remove_last(this->private_keys, (void**)&key_entry) == SUCCESS)
+ {
+ key_entry->id->destroy(key_entry->id);
+ key_entry->key->destroy(key_entry->key);
+ free(key_entry);
+ }
+ this->private_keys->destroy(this->private_keys);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+local_credential_store_t * local_credential_store_create()
+{
+ private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
+
+ this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
+ this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,identification_t*))get_rsa_private_key;
+ this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
+ this->public.load_certificates = (void(*)(local_credential_store_t*,char*))load_certificates;
+ this->public.load_private_keys = (void(*)(local_credential_store_t*,char*))load_private_keys;
+ this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy;
+
+ /* private variables */
+ this->private_keys = linked_list_create();
+ this->certificates = linked_list_create();
+ this->logger = logger_manager->get_logger(logger_manager, CONFIG);
+
+ return (&this->public);
+}
diff --git a/Source/charon/config/credentials/local_credential_store.h b/Source/charon/config/credentials/local_credential_store.h
new file mode 100644
index 000000000..ab9ef88d7
--- /dev/null
+++ b/Source/charon/config/credentials/local_credential_store.h
@@ -0,0 +1,84 @@
+/**
+ * @file local_credential_store.h
+ *
+ * @brief Interface of local_credential_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef LOCAL_CREDENTIAL_H_
+#define LOCAL_CREDENTIAL_H_
+
+#include <types.h>
+#include <config/credentials/credential_store.h>
+
+
+typedef struct local_credential_store_t local_credential_store_t;
+
+/**
+ * @brief A credential_store_t implementation using simple credentail lists.
+ *
+ * The local_credential_store_t class implements the credential_store_t interface
+ * as simple as possible. The credentials are stored in lists, and can be loaded
+ * from folders.
+ * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND.
+ *
+ * @b Constructors:
+ * - local_credential_store_create()
+ *
+ * @ingroup config
+ */
+struct local_credential_store_t {
+
+ /**
+ * Implements credential_store_t interface
+ */
+ credential_store_t credential_store;
+
+ /**
+ * @brief Loads trusted certificates from a folder.
+ *
+ * Currently, all keys must be in binary DER format.
+ *
+ * @param this calling object
+ * @param path directory to load certificates from
+ */
+ void (*load_certificates) (local_credential_store_t *this, char *path);
+
+ /**
+ * @brief Loads RSA private keys from a folder.
+ *
+ * Currently, all keys must be unencrypted in binary DER format. Anything
+ * other gets ignored. Further, a certificate for the specific private
+ * key must already be loaded to get the ID from.
+ *
+ * @param this calling object
+ * @param path directory to load keys from
+ */
+ void (*load_private_keys) (local_credential_store_t *this, char *path);
+};
+
+/**
+ * @brief Creates a local_credential_store_t instance.
+ *
+ * @return credential store instance.
+ *
+ * @ingroup config
+ */
+local_credential_store_t *local_credential_store_create();
+
+#endif /* LOCAL_CREDENTIAL_H_ */
diff --git a/Source/charon/config/policies/Makefile.policies b/Source/charon/config/policies/Makefile.policies
new file mode 100644
index 000000000..e7ed8ab13
--- /dev/null
+++ b/Source/charon/config/policies/Makefile.policies
@@ -0,0 +1,24 @@
+# Copyright (C) 2006 Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+POLICIES_DIR= $(CONFIG_DIR)policies/
+
+
+CHARON_OBJS+= $(BUILD_DIR)policy.o
+$(BUILD_DIR)policy.o : $(POLICIES_DIR)policy.c $(POLICIES_DIR)policy.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+CHARON_OBJS+= $(BUILD_DIR)local_policy_store.o
+$(BUILD_DIR)local_policy_store.o : $(POLICIES_DIR)local_policy_store.c $(POLICIES_DIR)local_policy_store.h
+ $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/Source/charon/config/policies/local_policy_store.c b/Source/charon/config/policies/local_policy_store.c
new file mode 100644
index 000000000..a03b86a73
--- /dev/null
+++ b/Source/charon/config/policies/local_policy_store.c
@@ -0,0 +1,137 @@
+/**
+ * @file local_policy_store.c
+ *
+ * @brief Implementation of local_policy_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "local_policy_store.h"
+
+#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
+
+
+typedef struct private_local_policy_store_t private_local_policy_store_t;
+
+/**
+ * Private data of an local_policy_store_t object
+ */
+struct private_local_policy_store_t {
+
+ /**
+ * Public part
+ */
+ local_policy_store_t public;
+
+ /**
+ * list of policy_t's
+ */
+ linked_list_t *policies;
+
+ /**
+ * Assigned logger
+ */
+ logger_t *logger;
+};
+
+/**
+ * Implementation of policy_store_t.add_policy.
+ */
+static void add_policy(private_local_policy_store_t *this, policy_t *policy)
+{
+ this->policies->insert_last(this->policies, (void*)policy);
+}
+
+
+/**
+ * Implementation of policy_store_t.get_policy.
+ */
+static policy_t *get_policy(private_local_policy_store_t *this, identification_t *my_id, identification_t *other_id)
+{
+ iterator_t *iterator;
+ policy_t *current, *found = NULL;
+
+ iterator = this->policies->create_iterator(this->policies, TRUE);
+ while (iterator->has_next(iterator))
+ {
+ iterator->current(iterator, (void **)&current);
+ identification_t *config_my_id = current->get_my_id(current);
+ identification_t *config_other_id = current->get_other_id(current);
+
+ /* check other host first */
+ if (config_other_id->belongs_to(config_other_id, other_id))
+ {
+ /* get it if my_id not specified */
+ if (my_id == NULL)
+ {
+ found = current->clone(current);
+ break;
+ }
+ if (config_my_id->belongs_to(config_my_id, my_id))
+ {
+ found = current->clone(current);
+ break;
+ }
+ }
+ }
+ iterator->destroy(iterator);
+
+ /* apply IDs as they are requsted, since they may be configured as %any or such */
+ if (found)
+ {
+ if (my_id)
+ {
+ found->update_my_id(found, my_id->clone(my_id));
+ }
+ found->update_other_id(found, other_id->clone(other_id));
+ }
+ return found;
+}
+
+/**
+ * Implementation of policy_store_t.destroy.
+ */
+static void destroy(private_local_policy_store_t *this)
+{
+ policy_t *policy;
+
+ while (this->policies->remove_last(this->policies, (void**)&policy) == SUCCESS)
+ {
+ policy->destroy(policy);
+ }
+ this->policies->destroy(this->policies);
+ free(this);
+}
+
+/**
+ * Described in header.
+ */
+local_policy_store_t *local_policy_store_create()
+{
+ private_local_policy_store_t *this = malloc_thing(private_local_policy_store_t);
+
+ this->public.policy_store.add_policy = (void(*)(policy_store_t*,policy_t*))add_policy;
+ this->public.policy_store.get_policy = (policy_t*(*)(policy_store_t*,identification_t*,identification_t*))get_policy;
+ this->public.policy_store.destroy = (void(*)(policy_store_t*))destroy;
+
+ /* private variables */
+ this->policies = linked_list_create();
+ this->logger = logger_manager->get_logger(logger_manager, CONFIG);
+
+ return (&this->public);
+}
diff --git a/Source/charon/config/policies/local_policy_store.h b/Source/charon/config/policies/local_policy_store.h
new file mode 100644
index 000000000..7ab9e0efd
--- /dev/null
+++ b/Source/charon/config/policies/local_policy_store.h
@@ -0,0 +1,60 @@
+/**
+ * @file local_policy_store.h
+ *
+ * @brief Interface of local_policy_store_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef LOCAL_POLICY_STORE_H_
+#define LOCAL_POLICY_STORE_H_
+
+#include <types.h>
+#include <config/policies/policy_store.h>
+
+
+typedef struct local_policy_store_t local_policy_store_t;
+
+/**
+ * @brief A policy_store_t implementation using a simple policy lists.
+ *
+ * The local_policy_store_t class implements the policy_store_t interface
+ * as simple as possible. The policies are stored in a in-memory list.
+ *
+ * @b Constructors:
+ * - local_policy_store_create()
+ *
+ * @ingroup config
+ */
+struct local_policy_store_t {
+
+ /**
+ * Implements policy_store_t interface
+ */
+ policy_store_t policy_store;
+};
+
+/**
+ * @brief Creates a local_policy_store_t instance.
+ *
+ * @return policy store instance.
+ *
+ * @ingroup config
+ */
+local_policy_store_t *local_policy_store_create();
+
+#endif /* LOCAL_POLICY_STORE_H_ */
diff --git a/Source/charon/config/policy.c b/Source/charon/config/policies/policy.c
index cff87fc6b..cff87fc6b 100644
--- a/Source/charon/config/policy.c
+++ b/Source/charon/config/policies/policy.c
diff --git a/Source/charon/config/policy.h b/Source/charon/config/policies/policy.h
index 5a0823758..5a0823758 100644
--- a/Source/charon/config/policy.h
+++ b/Source/charon/config/policies/policy.h
diff --git a/Source/charon/config/policy_store.h b/Source/charon/config/policies/policy_store.h
index 467e27d1d..651dea634 100755
--- a/Source/charon/config/policy_store.h
+++ b/Source/charon/config/policies/policy_store.h
@@ -24,7 +24,7 @@
#define POLICY_STORE_H_
#include <types.h>
-#include <config/policy.h>
+#include <config/policies/policy.h>
typedef struct policy_store_t policy_store_t;
@@ -53,6 +53,17 @@ struct policy_store_t {
* - NULL otherwise
*/
policy_t *(*get_policy) (policy_store_t *this, identification_t *my_id, identification_t *other_id);
+
+ /**
+ * @brief Add a policy to the list.
+ *
+ * The policy is owned by the store after the call. Do
+ * not modify nor free.
+ *
+ * @param this calling object
+ * @param policy policy to add
+ */
+ void (*add_policy) (policy_store_t *this, policy_t *policy);
/**
* @brief Destroys a policy_store_t object.