diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.c | 24 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.h | 7 | ||||
| -rw-r--r-- | src/starter/keywords.h | 6 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 6 |
5 files changed, 24 insertions, 22 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 86f0fe431..988129f03 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -489,8 +489,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, pubkey = end->rsakey; if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert")) { - certificate = this->cred->load_pubkey(this->cred, KEY_RSA, pubkey, - identity); + certificate = this->cred->load_pubkey(this->cred, pubkey, identity); if (certificate) { cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index bee16c581..f24082ee3 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -279,13 +279,13 @@ METHOD(stroke_cred_t, load_peer, certificate_t*, } METHOD(stroke_cred_t, load_pubkey, certificate_t*, - private_stroke_cred_t *this, key_type_t type, char *filename, - identification_t *identity) + private_stroke_cred_t *this, char *filename, identification_t *identity) { certificate_t *cert; + public_key_t *key; char path[PATH_MAX]; builder_part_t build_part; - key_type_t build_type = KEY_ANY; + key_type_t type = KEY_ANY; if (streq(filename, "%dns")) { @@ -294,8 +294,8 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, if (strncaseeq(filename, "dns:", 4)) { /* RFC 3110 format */ build_part = BUILD_BLOB_DNSKEY; - /* not a complete RR */ - build_type = KEY_RSA; + /* not a complete RR, only RSA supported */ + type = KEY_RSA; filename += 4; } else if (strncaseeq(filename, "ssh:", 4)) @@ -310,13 +310,12 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, if (strncaseeq(filename, "0x", 2) || strncaseeq(filename, "0s", 2)) { chunk_t printable_key, raw_key; - public_key_t *key; printable_key = chunk_create(filename + 2, strlen(filename) - 2); raw_key = strncaseeq(filename, "0x", 2) ? chunk_from_hex(printable_key, NULL) : chunk_from_base64(printable_key, NULL); - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, build_type, + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, build_part, raw_key, BUILD_END); chunk_free(&raw_key); if (key) @@ -326,6 +325,7 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, BUILD_PUBLIC_KEY, key, BUILD_SUBJECT, identity, BUILD_END); + type = key->get_type(key); key->destroy(key); if (cert) { @@ -335,8 +335,7 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, return cert; } } - DBG1(DBG_CFG, " loading %N public key for \"%Y\" failed", - key_type_names, type, identity); + DBG1(DBG_CFG, " loading public key for \"%Y\" failed", identity); } else { @@ -357,12 +356,15 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, if (cert) { cert = this->creds->add_cert_ref(this->creds, TRUE, cert); + key = cert->get_public_key(cert); + type = key->get_type(key); + key->destroy(key); DBG1(DBG_CFG, " loaded %N public key for \"%Y\" from '%s'", key_type_names, type, identity, filename); return cert; } - DBG1(DBG_CFG, " loading %N public key for \"%Y\" from '%s' failed", - key_type_names, type, identity, filename); + DBG1(DBG_CFG, " loading public key for \"%Y\" from '%s' failed", + identity, filename); } return NULL; } diff --git a/src/libcharon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h index c37d05808..f6fbb96d3 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.h +++ b/src/libcharon/plugins/stroke/stroke_cred.h @@ -68,13 +68,12 @@ struct stroke_cred_t { /** * Load a raw public key and serve it through the credential_set. * - * @param type type of the raw public key (RSA or ECDSA) - * @param filename file to load raw public key from + * @param filename encoding or file to load raw public key from * @param identity identity of the raw public key owner * @return reference to loaded raw public key, or NULL */ - certificate_t* (*load_pubkey)(stroke_cred_t *this, key_type_t type, - char *filename, identification_t *identity); + certificate_t* (*load_pubkey)(stroke_cred_t *this, char *filename, + identification_t *identity); /** * Add a shared secret to serve through the credential_set. diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 4a96a418c..83ce4a7dd 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -108,7 +108,7 @@ typedef enum { KW_AUTH2, KW_ID, KW_ID2, - KW_RSASIGKEY, + KW_SIGKEY, KW_CERT, KW_CERT2, KW_CERTPOLICY, @@ -137,7 +137,7 @@ typedef enum { KW_LEFTAUTH2, KW_LEFTID, KW_LEFTID2, - KW_LEFTRSASIGKEY, + KW_LEFTSIGKEY, KW_LEFTCERT, KW_LEFTCERT2, KW_LEFTCERTPOLICY, @@ -166,7 +166,7 @@ typedef enum { KW_RIGHTAUTH2, KW_RIGHTID, KW_RIGHTID2, - KW_RIGHTRSASIGKEY, + KW_RIGHTSIGKEY, KW_RIGHTCERT, KW_RIGHTCERT2, KW_RIGHTCERTPOLICY, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index cd964b0e3..20d35ded0 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -96,7 +96,8 @@ leftauth, KW_LEFTAUTH leftauth2, KW_LEFTAUTH2 leftid, KW_LEFTID leftid2, KW_LEFTID2 -leftrsasigkey, KW_LEFTRSASIGKEY +leftsigkey, KW_LEFTSIGKEY +leftrsasigkey, KW_LEFTSIGKEY leftcert, KW_LEFTCERT leftcert2, KW_LEFTCERT2 leftcertpolicy, KW_LEFTCERTPOLICY @@ -120,7 +121,8 @@ rightauth, KW_RIGHTAUTH rightauth2, KW_RIGHTAUTH2 rightid, KW_RIGHTID rightid2, KW_RIGHTID2 -rightrsasigkey, KW_RIGHTRSASIGKEY +rightsigkey, KW_RIGHTSIGKEY +rightrsasigkey, KW_RIGHTSIGKEY rightcert, KW_RIGHTCERT rightcert2, KW_RIGHTCERT2 rightcertpolicy, KW_RIGHTCERTPOLICY |