moved builder hooks to a separate file
This commit is contained in:
parent
11aa7e7869
commit
a5dc4a9585
|
@ -50,6 +50,7 @@ vendor.c vendor.h \
|
|||
virtual.c virtual.h \
|
||||
xauth.c xauth.h \
|
||||
x509.c x509.h \
|
||||
builder.c builder.h \
|
||||
rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
|
||||
|
||||
_pluto_adns_SOURCES = adns.c adns.h
|
||||
|
|
|
@ -0,0 +1,136 @@
|
|||
/* Pluto certificate/CRL/AC builder hooks.
|
||||
* Copyright (C) 2002-2009 Andreas Steffen
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "builder.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <freeswan.h>
|
||||
|
||||
#include "library.h"
|
||||
|
||||
#include "constants.h"
|
||||
#include "defs.h"
|
||||
#include "log.h"
|
||||
#include "id.h"
|
||||
#include "certs.h"
|
||||
|
||||
/**
|
||||
* currently building cert_t
|
||||
*/
|
||||
static cert_t *cert;
|
||||
|
||||
/**
|
||||
* builder add function
|
||||
*/
|
||||
static void add(builder_t *this, builder_part_t part, ...)
|
||||
{
|
||||
chunk_t blob;
|
||||
va_list args;
|
||||
|
||||
va_start(args, part);
|
||||
blob = va_arg(args, chunk_t);
|
||||
va_end(args);
|
||||
|
||||
switch (part)
|
||||
{
|
||||
case BUILD_BLOB_PGP:
|
||||
{
|
||||
pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
|
||||
*pgpcert = pgpcert_empty;
|
||||
if (parse_pgp(blob, pgpcert))
|
||||
{
|
||||
cert->type = CERT_PGP;
|
||||
cert->u.pgp = pgpcert;
|
||||
}
|
||||
else
|
||||
{
|
||||
plog(" error in OpenPGP certificate");
|
||||
free_pgpcert(pgpcert);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case BUILD_BLOB_ASN1_DER:
|
||||
{
|
||||
x509cert_t *x509cert = malloc_thing(x509cert_t);
|
||||
*x509cert = empty_x509cert;
|
||||
if (parse_x509cert(blob, 0, x509cert))
|
||||
{
|
||||
cert->type = CERT_X509_SIGNATURE;
|
||||
cert->u.x509 = x509cert;
|
||||
}
|
||||
else
|
||||
{
|
||||
plog(" error in X.509 certificate");
|
||||
free_x509cert(x509cert);
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
builder_cancel(this);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* builder build function
|
||||
*/
|
||||
static void *build(builder_t *this)
|
||||
{
|
||||
free(this);
|
||||
if (cert->type == CERT_NONE)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
return cert;
|
||||
}
|
||||
|
||||
/**
|
||||
* certificate builder in cert_t format.
|
||||
*/
|
||||
static builder_t *cert_builder(credential_type_t type, int subtype)
|
||||
{
|
||||
builder_t *this;
|
||||
|
||||
if (subtype != CRED_TYPE_CERTIFICATE)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
this = malloc_thing(builder_t);
|
||||
this->add = add;
|
||||
this->build = build;
|
||||
|
||||
cert->type = CERT_NONE;
|
||||
cert->u.x509 = NULL;
|
||||
cert->u.pgp = NULL;
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
void init_builder(void)
|
||||
{
|
||||
lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE,
|
||||
(builder_constructor_t)cert_builder);
|
||||
}
|
||||
|
||||
void free_builder(void)
|
||||
{
|
||||
lib->creds->remove_builder(lib->creds, (builder_constructor_t)cert_builder);
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
/* Pluto certificate/CRL/AC builder hooks.
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef _BUILDER_H
|
||||
#define _BUILDER_H
|
||||
|
||||
/* types of pluto credentials */
|
||||
typedef enum {
|
||||
/* cert_t certificate, either x509 or PGP */
|
||||
CRED_TYPE_CERTIFICATE,
|
||||
/* x509crl_t certificate revocation list */
|
||||
CRED_TYPE_CRL,
|
||||
/* x509acert_t attribute certificate */
|
||||
CRED_TYPE_AC,
|
||||
} cred_type_t;
|
||||
|
||||
/* register credential builder hooks */
|
||||
extern void init_builder();
|
||||
/* unregister credential builder hooks */
|
||||
extern void free_builder();
|
||||
|
||||
#endif /* _BUILDER_H */
|
|
@ -31,6 +31,7 @@
|
|||
#include "pem.h"
|
||||
#include "certs.h"
|
||||
#include "whack.h"
|
||||
#include "builder.h"
|
||||
|
||||
/**
|
||||
* used for initializatin of certs
|
||||
|
@ -214,114 +215,20 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
|
|||
return key;
|
||||
}
|
||||
|
||||
/**
|
||||
* currently building cert_t
|
||||
*/
|
||||
static cert_t *cert_builder_cert;
|
||||
|
||||
/**
|
||||
* builder add function
|
||||
*/
|
||||
static void add(builder_t *this, builder_part_t part, ...)
|
||||
{
|
||||
chunk_t blob;
|
||||
va_list args;
|
||||
|
||||
va_start(args, part);
|
||||
blob = va_arg(args, chunk_t);
|
||||
va_end(args);
|
||||
|
||||
switch (part)
|
||||
{
|
||||
case BUILD_BLOB_PGP:
|
||||
{
|
||||
pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
|
||||
*pgpcert = pgpcert_empty;
|
||||
if (parse_pgp(blob, pgpcert))
|
||||
{
|
||||
cert_builder_cert->type = CERT_PGP;
|
||||
cert_builder_cert->u.pgp = pgpcert;
|
||||
}
|
||||
else
|
||||
{
|
||||
plog(" error in OpenPGP certificate");
|
||||
free_pgpcert(pgpcert);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case BUILD_BLOB_ASN1_DER:
|
||||
{
|
||||
x509cert_t *x509cert = malloc_thing(x509cert_t);
|
||||
*x509cert = empty_x509cert;
|
||||
if (parse_x509cert(blob, 0, x509cert))
|
||||
{
|
||||
cert_builder_cert->type = CERT_X509_SIGNATURE;
|
||||
cert_builder_cert->u.x509 = x509cert;
|
||||
}
|
||||
else
|
||||
{
|
||||
plog(" error in X.509 certificate");
|
||||
free_x509cert(x509cert);
|
||||
}
|
||||
break;
|
||||
}
|
||||
default:
|
||||
builder_cancel(this);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* builder build function
|
||||
*/
|
||||
static void *build(builder_t *this)
|
||||
{
|
||||
free(this);
|
||||
if (cert_builder_cert->type == CERT_NONE)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
return cert_builder_cert;
|
||||
}
|
||||
|
||||
/**
|
||||
* certificate builder in cert_t format.
|
||||
*/
|
||||
static builder_t *cert_builder(credential_type_t type, int subtype)
|
||||
{
|
||||
builder_t *this;
|
||||
|
||||
if (subtype != 1)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
this = malloc_thing(builder_t);
|
||||
this->add = add;
|
||||
this->build = build;
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads a X.509 or OpenPGP certificate
|
||||
*/
|
||||
bool load_cert(char *filename, const char *label, cert_t *cert)
|
||||
bool load_cert(char *filename, const char *label, cert_t *out)
|
||||
{
|
||||
cert_builder_cert = cert;
|
||||
|
||||
cert->type = CERT_NONE;
|
||||
cert->u.x509 = NULL;
|
||||
cert->u.pgp = NULL;
|
||||
cert_t *cert;
|
||||
|
||||
/* hook in builder functions to build pluto specific certificate format */
|
||||
lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 1,
|
||||
(builder_constructor_t)cert_builder);
|
||||
cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, 1,
|
||||
cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE,
|
||||
BUILD_FROM_FILE, filename, BUILD_END);
|
||||
lib->creds->remove_builder(lib->creds,
|
||||
(builder_constructor_t)cert_builder);
|
||||
if (cert)
|
||||
{
|
||||
/* As the API passes an empty cert_t, the CRED_TYPE_CERTIFICATE
|
||||
* returns a statically allocated cert to copy. */
|
||||
*out = *cert;
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
|
|
|
@ -73,6 +73,7 @@
|
|||
#include "virtual.h"
|
||||
#include "timer.h"
|
||||
#include "vendor.h"
|
||||
#include "builder.h"
|
||||
|
||||
static void usage(const char *mess)
|
||||
{
|
||||
|
@ -655,6 +656,7 @@ int main(int argc, char **argv)
|
|||
lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
|
||||
print_plugins();
|
||||
|
||||
init_builder();
|
||||
if (!init_secret() || !init_crypto())
|
||||
{
|
||||
plog("initialization failed - aborting pluto");
|
||||
|
@ -760,6 +762,7 @@ void exit_pluto(int status)
|
|||
free_id(); /* free myids */
|
||||
free_events(); /* free remaining events */
|
||||
free_vendorid(); /* free all vendor id records */
|
||||
free_builder();
|
||||
delete_lock();
|
||||
options->destroy(options);
|
||||
library_deinit();
|
||||
|
|
Loading…
Reference in New Issue