From 7b8edabd8a6ff47d33f3ca47915179b073c72ec7 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 29 Apr 2013 11:19:57 +0200
Subject: keychain: add a stub for a credential plugin using OS X Keychain
 Services

---
 src/libstrongswan/Makefile.am                      |  7 +++
 src/libstrongswan/plugins/keychain/Makefile.am     | 16 +++++
 .../plugins/keychain/keychain_creds.c              | 67 ++++++++++++++++++++
 .../plugins/keychain/keychain_creds.h              | 49 +++++++++++++++
 .../plugins/keychain/keychain_plugin.c             | 73 ++++++++++++++++++++++
 .../plugins/keychain/keychain_plugin.h             | 42 +++++++++++++
 6 files changed, 254 insertions(+)
 create mode 100644 src/libstrongswan/plugins/keychain/Makefile.am
 create mode 100644 src/libstrongswan/plugins/keychain/keychain_creds.c
 create mode 100644 src/libstrongswan/plugins/keychain/keychain_creds.h
 create mode 100644 src/libstrongswan/plugins/keychain/keychain_plugin.c
 create mode 100644 src/libstrongswan/plugins/keychain/keychain_plugin.h

(limited to 'src')

diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index bde5f710a..82d2159ce 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -423,6 +423,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_KEYCHAIN
+  SUBDIRS += plugins/keychain
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/keychain/libstrongswan-keychain.la
+endif
+endif
+
 if USE_PKCS11
   SUBDIRS += plugins/pkcs11
 if MONOLITHIC
diff --git a/src/libstrongswan/plugins/keychain/Makefile.am b/src/libstrongswan/plugins/keychain/Makefile.am
new file mode 100644
index 000000000..e0d25b686
--- /dev/null
+++ b/src/libstrongswan/plugins/keychain/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-keychain.la
+else
+plugin_LTLIBRARIES = libstrongswan-keychain.la
+endif
+
+libstrongswan_keychain_la_SOURCES = \
+	keychain_plugin.h keychain_plugin.c \
+	keychain_creds.h keychain_creds.c
+
+libstrongswan_keychain_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.c b/src/libstrongswan/plugins/keychain/keychain_creds.c
new file mode 100644
index 000000000..d3331fa40
--- /dev/null
+++ b/src/libstrongswan/plugins/keychain/keychain_creds.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "keychain_creds.h"
+
+#include <utils/debug.h>
+
+typedef struct private_keychain_creds_t private_keychain_creds_t;
+
+/**
+ * Private data of an keychain_creds_t object.
+ */
+struct private_keychain_creds_t {
+
+	/**
+	 * Public keychain_creds_t interface.
+	 */
+	keychain_creds_t public;
+};
+
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+	private_keychain_creds_t *this, certificate_type_t cert, key_type_t key,
+	identification_t *id, bool trusted)
+{
+	return enumerator_create_empty();
+}
+
+METHOD(keychain_creds_t, destroy, void,
+	private_keychain_creds_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+keychain_creds_t *keychain_creds_create()
+{
+	private_keychain_creds_t *this;
+
+	INIT(this,
+		.public = {
+			.set = {
+				.create_shared_enumerator = (void*)enumerator_create_empty,
+				.create_private_enumerator = (void*)enumerator_create_empty,
+				.create_cert_enumerator = _create_cert_enumerator,
+				.create_cdp_enumerator  = (void*)enumerator_create_empty,
+				.cache_cert = (void*)nop,
+			},
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.h b/src/libstrongswan/plugins/keychain/keychain_creds.h
new file mode 100644
index 000000000..f2ca5d75c
--- /dev/null
+++ b/src/libstrongswan/plugins/keychain/keychain_creds.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup keychain_creds keychain_creds
+ * @{ @ingroup keychain
+ */
+
+#ifndef KEYCHAIN_CREDS_H_
+#define KEYCHAIN_CREDS_H_
+
+typedef struct keychain_creds_t keychain_creds_t;
+
+#include <credentials/credential_manager.h>
+
+/**
+ * Credential set using OS X Keychain Services.
+ */
+struct keychain_creds_t {
+
+	/**
+	 * Implements credential_set_t.
+	 */
+	credential_set_t set;
+
+	/**
+	 * Destroy a keychain_creds_t.
+	 */
+	void (*destroy)(keychain_creds_t *this);
+};
+
+/**
+ * Create a keychain_creds instance.
+ */
+keychain_creds_t *keychain_creds_create();
+
+#endif /** KEYCHAIN_CREDS_H_ @}*/
diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.c b/src/libstrongswan/plugins/keychain/keychain_plugin.c
new file mode 100644
index 000000000..5ce7b16fb
--- /dev/null
+++ b/src/libstrongswan/plugins/keychain/keychain_plugin.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "keychain_plugin.h"
+#include "keychain_creds.h"
+
+#include <library.h>
+
+typedef struct private_keychain_plugin_t private_keychain_plugin_t;
+
+/**
+ * private data of keychain_plugin
+ */
+struct private_keychain_plugin_t {
+
+	/**
+	 * public functions
+	 */
+	keychain_plugin_t public;
+
+	/**
+	 * System level Keychain Services credential set
+	 */
+	keychain_creds_t *creds;
+};
+
+METHOD(plugin_t, get_name, char*,
+	private_keychain_plugin_t *this)
+{
+	return "keychain";
+}
+
+METHOD(plugin_t, destroy, void,
+	private_keychain_plugin_t *this)
+{
+	lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+	this->creds->destroy(this->creds);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *keychain_plugin_create()
+{
+	private_keychain_plugin_t *this;
+
+	INIT(this,
+		.public = {
+			.plugin = {
+				.get_name = _get_name,
+				.destroy = _destroy,
+			},
+		},
+		.creds = keychain_creds_create(),
+	);
+
+	lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+
+	return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.h b/src/libstrongswan/plugins/keychain/keychain_plugin.h
new file mode 100644
index 000000000..482f173c3
--- /dev/null
+++ b/src/libstrongswan/plugins/keychain/keychain_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup keychain keychain
+ * @ingroup plugins
+ *
+ * @defgroup keychain_plugin keychain_plugin
+ * @{ @ingroup keychain
+ */
+
+#ifndef KEYCHAIN_PLUGIN_H_
+#define KEYCHAIN_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct keychain_plugin_t keychain_plugin_t;
+
+/**
+ * Plugin providing OS X Keychain Services support.
+ */
+struct keychain_plugin_t {
+
+	/**
+	 * Implements plugin interface,
+	 */
+	plugin_t plugin;
+};
+
+#endif /** KEYCHAIN_PLUGIN_H_ @}*/
-- 
cgit v1.2.3