diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/credentials/credential_factory.c | 1 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/credential_factory.h | 10 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pem/pem_builder.c | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pem/pem_builder.h | 8 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pem/pem_plugin.c | 10 | ||||
| -rw-r--r-- | src/pluto/certs.c | 97 |
6 files changed, 112 insertions, 22 deletions
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index 38bbc672a..e50740710 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -24,6 +24,7 @@ ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CERTIFICATE, "CRED_PRIVATE_KEY", "CRED_PUBLIC_KEY", "CRED_CERTIFICATE", + "CRED_PLUTO_CERT", ); typedef struct private_credential_factory_t private_credential_factory_t; diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index 5057a7aae..bf1d83e59 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -36,6 +36,8 @@ enum credential_type_t { CRED_PUBLIC_KEY, /** certificates, implemented in certificate_t */ CRED_CERTIFICATE, + /** deprecated pluto style certificates */ + CRED_PLUTO_CERT, }; /** @@ -47,7 +49,7 @@ extern enum_name_t *credential_type_names; * Manages credential construction functions and creates instances. */ struct credential_factory_t { - + /** * Create a credential using a list of builder_part_t's. * @@ -96,9 +98,9 @@ struct credential_factory_t { builder_constructor_t constructor); /** - * Destroy a credential_factory instance. - */ - void (*destroy)(credential_factory_t *this); + * Destroy a credential_factory instance. + */ + void (*destroy)(credential_factory_t *this); }; /** diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index 72cc8a301..4d8a32a07 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -561,3 +561,11 @@ builder_t *certificate_pem_builder(certificate_type_t type) return pem_builder(CRED_CERTIFICATE, type); } +/** + * Pluto specific cert builder. + */ +builder_t *pluto_pem_builder(certificate_type_t type) +{ + return pem_builder(CRED_PLUTO_CERT, type); +} + diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h index a473a2784..22099ee39 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.h +++ b/src/libstrongswan/plugins/pem/pem_builder.h @@ -48,5 +48,13 @@ builder_t *public_key_pem_builder(key_type_t type); */ builder_t *certificate_pem_builder(certificate_type_t type); +/** + * Builder for PEM encoded pluto certificates of all kind. + * + * @param type type of the key + * @return builder instance + */ +builder_t *pluto_pem_builder(certificate_type_t type); + #endif /** PEM_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index c8505047b..7d82ae38c 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -42,6 +42,8 @@ static void destroy(private_pem_plugin_t *this) (builder_constructor_t)public_key_pem_builder); lib->creds->remove_builder(lib->creds, (builder_constructor_t)certificate_pem_builder); + lib->creds->remove_builder(lib->creds, + (builder_constructor_t)pluto_pem_builder); free(this); } @@ -92,6 +94,14 @@ plugin_t *plugin_create() lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PGP, (builder_constructor_t)certificate_pem_builder); + /* pluto specific credentials formats */ + lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 0, + (builder_constructor_t)pluto_cert_pem_builder); + lib->creds->add_builder(lib->creds, CRED_PLUTO_CRL, 0, + (builder_constructor_t)pluto_crl_pem_builder); + lib->creds->add_builder(lib->creds, CRED_PLUTO_AC, 0, + (builder_constructor_t)pluto_ac_pem_builder); + return &this->public.plugin; } diff --git a/src/pluto/certs.c b/src/pluto/certs.c index fcc9ec577..b004a5094 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -215,53 +215,114 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, } /** - * Loads a X.509 or OpenPGP certificate + * currently building cert_t */ -bool load_cert(char *filename, const char *label, cert_t *cert) +static cert_t *cert_builder_cert; + +/** + * builder add function + */ +static void add(builder_t *this, builder_part_t part, ...) { - bool pgp = FALSE; - chunk_t blob = chunk_empty; + chunk_t blob; + va_list args; - /* initialize cert struct */ - cert->type = CERT_NONE; - cert->u.x509 = NULL; + va_start(args, part); + blob = va_arg(args, chunk_t); + va_end(args); - if (load_coded_file(filename, NULL, label, &blob, &pgp)) + switch (part) { - if (pgp) + case BUILD_BLOB_PGP: { pgpcert_t *pgpcert = malloc_thing(pgpcert_t); *pgpcert = pgpcert_empty; if (parse_pgp(blob, pgpcert)) { - cert->type = CERT_PGP; - cert->u.pgp = pgpcert; - return TRUE; + cert_builder_cert->type = CERT_PGP; + cert_builder_cert->u.pgp = pgpcert; } else { plog(" error in OpenPGP certificate"); free_pgpcert(pgpcert); - return FALSE; } + break; } - else + case BUILD_BLOB_ASN1_DER: { x509cert_t *x509cert = malloc_thing(x509cert_t); *x509cert = empty_x509cert; if (parse_x509cert(blob, 0, x509cert)) { - cert->type = CERT_X509_SIGNATURE; - cert->u.x509 = x509cert; - return TRUE; + cert_builder_cert->type = CERT_X509_SIGNATURE; + cert_builder_cert->u.x509 = x509cert; } else { plog(" error in X.509 certificate"); free_x509cert(x509cert); - return FALSE; } + break; } + default: + builder_cancel(this); + break; + } +} + +/** + * builder build function + */ +static void *build(builder_t *this) +{ + free(this); + if (cert_builder_cert->type == CERT_NONE) + { + return NULL; + } + return cert_builder_cert; +} + +/** + * certificate builder in cert_t format. + */ +static builder_t *cert_builder(credential_type_t type, int subtype) +{ + builder_t *this; + + if (subtype != 1) + { + return NULL; + } + this = malloc_thing(builder_t); + this->add = add; + this->build = build; + + return this; +} + +/** + * Loads a X.509 or OpenPGP certificate + */ +bool load_cert(char *filename, const char *label, cert_t *cert) +{ + cert_builder_cert = cert; + + cert->type = CERT_NONE; + cert->u.x509 = NULL; + cert->u.pgp = NULL; + + /* hook in builder functions to build pluto specific certificate format */ + lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 1, + (builder_constructor_t)cert_builder); + cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, 1, + BUILD_FROM_FILE, filename, BUILD_END); + lib->creds->remove_builder(lib->creds, + (builder_constructor_t)cert_builder); + if (cert) + { + return TRUE; } return FALSE; } |