moved builder hooks to a separate file

src/pluto/Makefile.am

@@ -50,6 +50,7 @@ vendor.c vendor.h \
 virtual.c virtual.h \
 xauth.c xauth.h \
 x509.c x509.h \
+builder.c builder.h \
 rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
 
 _pluto_adns_SOURCES = adns.c adns.h

src/pluto/builder.c

@@ -0,0 +1,136 @@
+/* Pluto certificate/CRL/AC builder hooks.
+ * Copyright (C) 2002-2009 Andreas Steffen
+ * Copyright (C) 2009 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "builder.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <freeswan.h>
+
+#include "library.h"
+
+#include "constants.h"
+#include "defs.h"
+#include "log.h"
+#include "id.h"
+#include "certs.h"
+
+/**
+ * currently building cert_t
+ */
+static cert_t *cert;
+
+/**
+ * builder add function
+ */
+static void add(builder_t *this, builder_part_t part, ...)
+{
+	chunk_t blob;
+	va_list args;
+
+	va_start(args, part);
+	blob = va_arg(args, chunk_t);
+	va_end(args);
+
+	switch (part)
+	{
+		case BUILD_BLOB_PGP:
+		{
+			pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
+			*pgpcert = pgpcert_empty;
+			if (parse_pgp(blob, pgpcert))
+			{
+				cert->type = CERT_PGP;
+				cert->u.pgp = pgpcert;
+			}
+			else
+			{
+				plog("  error in OpenPGP certificate");
+				free_pgpcert(pgpcert);
+			}
+			break;
+		}
+		case BUILD_BLOB_ASN1_DER:
+		{
+			x509cert_t *x509cert = malloc_thing(x509cert_t);
+			*x509cert = empty_x509cert;
+			if (parse_x509cert(blob, 0, x509cert))
+			{
+				cert->type = CERT_X509_SIGNATURE;
+				cert->u.x509 = x509cert;
+			}
+			else
+			{
+				plog("  error in X.509 certificate");
+				free_x509cert(x509cert);
+			}
+			break;
+		}
+		default:
+			builder_cancel(this);
+			break;
+	}
+}
+
+/**
+ * builder build function
+ */
+static void *build(builder_t *this)
+{
+	free(this);
+	if (cert->type == CERT_NONE)
+	{
+		return NULL;
+	}
+	return cert;
+}
+
+/**
+ * certificate builder in cert_t format.
+ */
+static builder_t *cert_builder(credential_type_t type, int subtype)
+{
+	builder_t *this;
+	
+	if (subtype != CRED_TYPE_CERTIFICATE)
+	{
+		return NULL;
+	}
+	this = malloc_thing(builder_t);
+	this->add = add;
+	this->build = build;
+
+	cert->type = CERT_NONE;
+	cert->u.x509 = NULL;
+	cert->u.pgp = NULL;
+
+	return this;
+}
+
+void init_builder(void)
+{
+	lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE,
+							(builder_constructor_t)cert_builder);
+}
+
+void free_builder(void)
+{
+	lib->creds->remove_builder(lib->creds, (builder_constructor_t)cert_builder);
+}
+

src/pluto/builder.h

@@ -0,0 +1,34 @@
+/* Pluto certificate/CRL/AC builder hooks.
+ * Copyright (C) 2009 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _BUILDER_H
+#define _BUILDER_H
+
+/* types of pluto credentials */
+typedef enum {
+	/* cert_t certificate, either x509 or PGP */
+	CRED_TYPE_CERTIFICATE,
+	/* x509crl_t certificate revocation list */
+	CRED_TYPE_CRL,
+	/* x509acert_t attribute certificate */
+	CRED_TYPE_AC,
+} cred_type_t;
+
+/* register credential builder hooks */
+extern void init_builder();
+/* unregister credential builder hooks */
+extern void free_builder();
+
+#endif /* _BUILDER_H */

src/pluto/certs.c

@@ -31,6 +31,7 @@
 #include "pem.h"
 #include "certs.h"
 #include "whack.h"
+#include "builder.h"
 
 /**
  * used for initializatin of certs
@@ -214,114 +215,20 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
 	return key;
 }
 
-/**
- * currently building cert_t
- */
-static cert_t *cert_builder_cert;
-
-/**
- * builder add function
- */
-static void add(builder_t *this, builder_part_t part, ...)
-{
-	chunk_t blob;
-	va_list args;
-
-	va_start(args, part);
-	blob = va_arg(args, chunk_t);
-	va_end(args);
-
-	switch (part)
-	{
-		case BUILD_BLOB_PGP:
-		{
-			pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
-			*pgpcert = pgpcert_empty;
-			if (parse_pgp(blob, pgpcert))
-			{
-				cert_builder_cert->type = CERT_PGP;
-				cert_builder_cert->u.pgp = pgpcert;
-			}
-			else
-			{
-				plog("  error in OpenPGP certificate");
-				free_pgpcert(pgpcert);
-			}
-			break;
-		}
-		case BUILD_BLOB_ASN1_DER:
-		{
-			x509cert_t *x509cert = malloc_thing(x509cert_t);
-			*x509cert = empty_x509cert;
-			if (parse_x509cert(blob, 0, x509cert))
-			{
-				cert_builder_cert->type = CERT_X509_SIGNATURE;
-				cert_builder_cert->u.x509 = x509cert;
-			}
-			else
-			{
-				plog("  error in X.509 certificate");
-				free_x509cert(x509cert);
-			}
-			break;
-		}
-		default:
-			builder_cancel(this);
-			break;
-	}
-}
-
-/**
- * builder build function
- */
-static void *build(builder_t *this)
-{
-	free(this);
-	if (cert_builder_cert->type == CERT_NONE)
-	{
-		return NULL;
-	}
-	return cert_builder_cert;
-}
-
-/**
- * certificate builder in cert_t format.
- */
-static builder_t *cert_builder(credential_type_t type, int subtype)
-{
-	builder_t *this;
-	
-	if (subtype != 1)
-	{
-		return NULL;
-	}
-	this = malloc_thing(builder_t);
-	this->add = add;
-	this->build = build;
-
-	return this;
-}
-
 /**
  *  Loads a X.509 or OpenPGP certificate
  */
-bool load_cert(char *filename, const char *label, cert_t *cert)
+bool load_cert(char *filename, const char *label, cert_t *out)
 {
-	cert_builder_cert = cert;
-	
-	cert->type = CERT_NONE;
-	cert->u.x509 = NULL;
-	cert->u.pgp = NULL;
+	cert_t *cert;
 
-	/* hook in builder functions to build pluto specific certificate format */
-	lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 1,
-							(builder_constructor_t)cert_builder);
-	cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, 1,
+	cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, CRED_TYPE_CERTIFICATE,
 							  BUILD_FROM_FILE, filename, BUILD_END);
-	lib->creds->remove_builder(lib->creds,
-							(builder_constructor_t)cert_builder);
 	if (cert)
 	{
+		/* As the API passes an empty cert_t, the CRED_TYPE_CERTIFICATE 
+		 * returns a statically allocated cert to copy. */
+		*out = *cert;
 		return TRUE;
 	}
 	return FALSE;

src/pluto/plutomain.c

@@ -73,6 +73,7 @@
 #include "virtual.h"
 #include "timer.h"
 #include "vendor.h"
+#include "builder.h"
 
 static void usage(const char *mess)
 {
@@ -655,6 +656,7 @@ int main(int argc, char **argv)
 		lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
 	print_plugins();
 
+	init_builder();
 	if (!init_secret() || !init_crypto())
 	{
 		plog("initialization failed - aborting pluto");
@@ -760,6 +762,7 @@ void exit_pluto(int status)
 	free_id();                  /* free myids */
 	free_events();              /* free remaining events */
 	free_vendorid();			/* free all vendor id records */
+	free_builder();
 	delete_lock();
 	options->destroy(options);
 	library_deinit();