new functions to add certificates and retrieve private and public keys
This commit is contained in:
parent
d793980f56
commit
fa896e9a21
|
@ -24,6 +24,7 @@
|
||||||
#define CREDENTIAL_STORE_H_
|
#define CREDENTIAL_STORE_H_
|
||||||
|
|
||||||
#include <types.h>
|
#include <types.h>
|
||||||
|
#include <crypto/x509.h>
|
||||||
#include <crypto/rsa/rsa_private_key.h>
|
#include <crypto/rsa/rsa_private_key.h>
|
||||||
#include <crypto/rsa/rsa_public_key.h>
|
#include <crypto/rsa/rsa_public_key.h>
|
||||||
#include <utils/identification.h>
|
#include <utils/identification.h>
|
||||||
|
@ -48,7 +49,7 @@ struct credential_store_t {
|
||||||
* The returned chunk must be destroyed by the caller after usage.
|
* The returned chunk must be destroyed by the caller after usage.
|
||||||
*
|
*
|
||||||
* @param this calling object
|
* @param this calling object
|
||||||
* @param identification identification_t object identifiying the secret.
|
* @param id identification_t object identifiying the secret.
|
||||||
* @param[out] preshared_secret the preshared secret will be written there.
|
* @param[out] preshared_secret the preshared secret will be written there.
|
||||||
* @return
|
* @return
|
||||||
* - NOT_FOUND if no preshared secrets for specific ID could be found
|
* - NOT_FOUND if no preshared secrets for specific ID could be found
|
||||||
|
@ -57,7 +58,7 @@ struct credential_store_t {
|
||||||
* @todo We should use two IDs to query shared secrets, since we want to use different
|
* @todo We should use two IDs to query shared secrets, since we want to use different
|
||||||
* keys for different peers...
|
* keys for different peers...
|
||||||
*/
|
*/
|
||||||
status_t (*get_shared_secret) (credential_store_t *this, identification_t *identification, chunk_t *preshared_secret);
|
status_t (*get_shared_secret) (credential_store_t *this, identification_t *id, chunk_t *secret);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Returns the RSA public key of a specific ID.
|
* @brief Returns the RSA public key of a specific ID.
|
||||||
|
@ -65,21 +66,40 @@ struct credential_store_t {
|
||||||
* The returned rsa_public_key_t must be destroyed by the caller after usage.
|
* The returned rsa_public_key_t must be destroyed by the caller after usage.
|
||||||
*
|
*
|
||||||
* @param this calling object
|
* @param this calling object
|
||||||
* @param identification identification_t object identifiying the key.
|
* @param id identification_t object identifiying the key.
|
||||||
* @return public key, or NULL if not found
|
* @return public key, or NULL if not found
|
||||||
*/
|
*/
|
||||||
rsa_public_key_t * (*get_rsa_public_key) (credential_store_t *this, identification_t *identification);
|
rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Returns the RSA private key of a specific ID.
|
* @brief Returns the RSA private key belonging to an RSA public key
|
||||||
*
|
*
|
||||||
* The returned rsa_private_key_t must be destroyed by the caller after usage.
|
* The returned rsa_private_key_t must be destroyed by the caller after usage.
|
||||||
*
|
*
|
||||||
* @param this calling object
|
* @param this calling object
|
||||||
* @param identification identification_t object identifiying the key
|
* @param pubkey public key
|
||||||
* @return private key, or NULL if not found
|
* @return private key, or NULL if not found
|
||||||
*/
|
*/
|
||||||
rsa_private_key_t *(*get_rsa_private_key) (credential_store_t *this, identification_t *identification);
|
rsa_private_key_t* (*get_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Is there a matching RSA private key belonging to an RSA public key?
|
||||||
|
*
|
||||||
|
* The returned rsa_private_key_t must be destroyed by the caller after usage.
|
||||||
|
*
|
||||||
|
* @param this calling object
|
||||||
|
* @param pubkey public key
|
||||||
|
* @return TRUE if matching private key was found
|
||||||
|
*/
|
||||||
|
bool (*has_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief If a certificate does not already exists in the credential store then add it.
|
||||||
|
*
|
||||||
|
* @param this calling object
|
||||||
|
* @param cert certificate to be added
|
||||||
|
*/
|
||||||
|
void (*add_certificate) (credential_store_t *this, x509_t *cert);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Lists all certificates kept in the local credential store.
|
* @brief Lists all certificates kept in the local credential store.
|
||||||
|
@ -90,6 +110,15 @@ struct credential_store_t {
|
||||||
*/
|
*/
|
||||||
void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc);
|
void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Lists all CA certificates kept in the local credential store.
|
||||||
|
*
|
||||||
|
* @param this calling object
|
||||||
|
* @param logger logger to be used
|
||||||
|
* @param utc log dates either in UTC or local time
|
||||||
|
*/
|
||||||
|
void (*log_ca_certificates) (credential_store_t *this, logger_t *logger, bool utc);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Destroys a credential_store_t object.
|
* @brief Destroys a credential_store_t object.
|
||||||
*
|
*
|
||||||
|
|
|
@ -33,25 +33,6 @@
|
||||||
|
|
||||||
#define PATH_BUF 256
|
#define PATH_BUF 256
|
||||||
|
|
||||||
typedef struct key_entry_t key_entry_t;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Private key with an associated ID to find it
|
|
||||||
*/
|
|
||||||
struct key_entry_t {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* ID, as added
|
|
||||||
*/
|
|
||||||
identification_t *id;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Associated rsa private key
|
|
||||||
*/
|
|
||||||
rsa_private_key_t *key;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct private_local_credential_store_t private_local_credential_store_t;
|
typedef struct private_local_credential_store_t private_local_credential_store_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -70,10 +51,14 @@ struct private_local_credential_store_t {
|
||||||
linked_list_t *private_keys;
|
linked_list_t *private_keys;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* list of x509 certificates with public keys
|
* list of X.509 certificates with public keys
|
||||||
*/
|
*/
|
||||||
linked_list_t *certificates;
|
linked_list_t *certs;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* list of X.509 CA certificates with public keys
|
||||||
|
*/
|
||||||
|
linked_list_t *ca_certs;
|
||||||
/**
|
/**
|
||||||
* Assigned logger
|
* Assigned logger
|
||||||
*/
|
*/
|
||||||
|
@ -84,7 +69,7 @@ struct private_local_credential_store_t {
|
||||||
/**
|
/**
|
||||||
* Implementation of credential_store_t.get_shared_secret.
|
* Implementation of credential_store_t.get_shared_secret.
|
||||||
*/
|
*/
|
||||||
static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *identification, chunk_t *preshared_secret)
|
static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *id, chunk_t *secret)
|
||||||
{
|
{
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
|
@ -92,24 +77,21 @@ static status_t get_shared_secret(private_local_credential_store_t *this, identi
|
||||||
/**
|
/**
|
||||||
* Implementation of credential_store_t.get_rsa_public_key.
|
* Implementation of credential_store_t.get_rsa_public_key.
|
||||||
*/
|
*/
|
||||||
static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *identification)
|
static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *id)
|
||||||
{
|
{
|
||||||
x509_t *current;
|
|
||||||
rsa_public_key_t *found = NULL;
|
rsa_public_key_t *found = NULL;
|
||||||
iterator_t *iterator;
|
|
||||||
|
|
||||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Looking for public key for %s",
|
iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
|
||||||
identification->get_string(identification));
|
|
||||||
iterator = this->certificates->create_iterator(this->certificates, TRUE);
|
|
||||||
while (iterator->has_next(iterator))
|
while (iterator->has_next(iterator))
|
||||||
{
|
{
|
||||||
iterator->current(iterator, (void**)¤t);
|
x509_t *cert;
|
||||||
identification_t *stored = current->get_subject(current);
|
|
||||||
this->logger->log(this->logger, CONTROL|LEVEL2, "there is one for %s",
|
iterator->current(iterator, (void**)&cert);
|
||||||
stored->get_string(stored));
|
|
||||||
if (identification->equals(identification, stored))
|
if (id->equals(id, cert->get_subject(cert)) || cert->equals_subjectAltName(cert, id))
|
||||||
{
|
{
|
||||||
found = current->get_public_key(current);
|
found = cert->get_public_key(cert);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -120,19 +102,20 @@ static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *t
|
||||||
/**
|
/**
|
||||||
* Implementation of credential_store_t.get_rsa_private_key.
|
* Implementation of credential_store_t.get_rsa_private_key.
|
||||||
*/
|
*/
|
||||||
static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *this, identification_t *identification)
|
static rsa_private_key_t* get_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey)
|
||||||
{
|
{
|
||||||
rsa_private_key_t *found = NULL;
|
rsa_private_key_t *found = NULL;
|
||||||
key_entry_t *current;
|
rsa_private_key_t *current;
|
||||||
iterator_t *iterator;
|
|
||||||
|
iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
|
||||||
|
|
||||||
iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
|
|
||||||
while (iterator->has_next(iterator))
|
while (iterator->has_next(iterator))
|
||||||
{
|
{
|
||||||
iterator->current(iterator, (void**)¤t);
|
iterator->current(iterator, (void**)¤t);
|
||||||
if (identification->equals(identification, current->id))
|
|
||||||
|
if (current->belongs_to(current, pubkey))
|
||||||
{
|
{
|
||||||
found = current->key->clone(current->key);
|
found = current->clone(current);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -140,12 +123,68 @@ static rsa_private_key_t *get_rsa_private_key(private_local_credential_store_t *
|
||||||
return found;
|
return found;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of credential_store_t.has_rsa_private_key.
|
||||||
|
*/
|
||||||
|
static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey)
|
||||||
|
{
|
||||||
|
bool found = FALSE;
|
||||||
|
rsa_private_key_t *current;
|
||||||
|
|
||||||
|
iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
|
||||||
|
|
||||||
|
while (iterator->has_next(iterator))
|
||||||
|
{
|
||||||
|
iterator->current(iterator, (void**)¤t);
|
||||||
|
|
||||||
|
if (current->belongs_to(current, pubkey))
|
||||||
|
{
|
||||||
|
found = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
iterator->destroy(iterator);
|
||||||
|
return found;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implements credential_store_t.add_certificate
|
||||||
|
*/
|
||||||
|
static void add_certificate(private_local_credential_store_t *this, x509_t *cert)
|
||||||
|
{
|
||||||
|
bool found = FALSE;
|
||||||
|
|
||||||
|
iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
|
||||||
|
|
||||||
|
while (iterator->has_next(iterator))
|
||||||
|
{
|
||||||
|
x509_t *current_cert;
|
||||||
|
|
||||||
|
iterator->current(iterator, (void**)¤t_cert);
|
||||||
|
if (cert->equals(cert, current_cert))
|
||||||
|
{
|
||||||
|
found = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
iterator->destroy(iterator);
|
||||||
|
|
||||||
|
if (found)
|
||||||
|
{
|
||||||
|
cert->destroy(cert);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
this->certs->insert_last(this->certs, (void*)cert);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements credential_store_t.log_certificates
|
* Implements credential_store_t.log_certificates
|
||||||
*/
|
*/
|
||||||
static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
|
static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
|
||||||
{
|
{
|
||||||
iterator_t *iterator = this->certificates->create_iterator(this->certificates, TRUE);
|
iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
|
||||||
|
|
||||||
if (iterator->get_count(iterator))
|
if (iterator->get_count(iterator))
|
||||||
{
|
{
|
||||||
|
@ -157,28 +196,58 @@ static void log_certificates(private_local_credential_store_t *this, logger_t *l
|
||||||
while (iterator->has_next(iterator))
|
while (iterator->has_next(iterator))
|
||||||
{
|
{
|
||||||
x509_t *cert;
|
x509_t *cert;
|
||||||
|
rsa_private_key_t *key;
|
||||||
|
bool has_key;
|
||||||
|
|
||||||
iterator->current(iterator, (void**)&cert);
|
iterator->current(iterator, (void**)&cert);
|
||||||
cert->log_certificate(cert, logger, utc);
|
has_key = has_rsa_private_key(this, cert->get_public_key(cert));
|
||||||
|
cert->log_certificate(cert, logger, utc, has_key);
|
||||||
}
|
}
|
||||||
iterator->destroy(iterator);
|
iterator->destroy(iterator);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements local_credential_store_t.load_certificates
|
* Implements credential_store_t.log_ca_certificates
|
||||||
*/
|
*/
|
||||||
static void load_certificates(private_local_credential_store_t *this, const char *path)
|
static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
|
||||||
|
{
|
||||||
|
iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
|
||||||
|
|
||||||
|
if (iterator->get_count(iterator))
|
||||||
|
{
|
||||||
|
logger->log(logger, CONTROL, "");
|
||||||
|
logger->log(logger, CONTROL, "List of X.509 CA Certificates:");
|
||||||
|
logger->log(logger, CONTROL, "");
|
||||||
|
}
|
||||||
|
|
||||||
|
while (iterator->has_next(iterator))
|
||||||
|
{
|
||||||
|
x509_t *cert;
|
||||||
|
|
||||||
|
iterator->current(iterator, (void**)&cert);
|
||||||
|
cert->log_certificate(cert, logger, utc, FALSE);
|
||||||
|
}
|
||||||
|
iterator->destroy(iterator);
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* Implements local_credential_store_t.load_ca_certificates
|
||||||
|
*/
|
||||||
|
static void load_ca_certificates(private_local_credential_store_t *this, const char *path)
|
||||||
{
|
{
|
||||||
struct dirent* entry;
|
struct dirent* entry;
|
||||||
struct stat stb;
|
struct stat stb;
|
||||||
DIR* dir;
|
DIR* dir;
|
||||||
x509_t *cert;
|
x509_t *cert;
|
||||||
|
|
||||||
|
this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", path);
|
||||||
|
|
||||||
dir = opendir(path);
|
dir = opendir(path);
|
||||||
if (dir == NULL) {
|
if (dir == NULL)
|
||||||
this->logger->log(this->logger, ERROR, "error opening certificate directory \"%s\"", path);
|
{
|
||||||
|
this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", path);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
while ((entry = readdir(dir)) != NULL)
|
while ((entry = readdir(dir)) != NULL)
|
||||||
{
|
{
|
||||||
char file[PATH_BUF];
|
char file[PATH_BUF];
|
||||||
|
@ -192,10 +261,10 @@ static void load_certificates(private_local_credential_store_t *this, const char
|
||||||
/* try to parse all regular files */
|
/* try to parse all regular files */
|
||||||
if (stb.st_mode & S_IFREG)
|
if (stb.st_mode & S_IFREG)
|
||||||
{
|
{
|
||||||
cert = x509_create_from_file(file);
|
cert = x509_create_from_file(file, "ca certificate");
|
||||||
if (cert)
|
if (cert)
|
||||||
{
|
{
|
||||||
this->certificates->insert_last(this->certificates, (void*)cert);
|
this->ca_certs->insert_last(this->ca_certs, (void*)cert);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -206,42 +275,6 @@ static void load_certificates(private_local_credential_store_t *this, const char
|
||||||
closedir(dir);
|
closedir(dir);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Query the ID for a private key, by doing a lookup in the certificates
|
|
||||||
*/
|
|
||||||
static identification_t *get_id_for_private_key(private_local_credential_store_t *this, rsa_private_key_t *private_key)
|
|
||||||
{
|
|
||||||
x509_t *cert;
|
|
||||||
iterator_t *iterator;
|
|
||||||
identification_t *found = NULL;
|
|
||||||
rsa_public_key_t *public_key;
|
|
||||||
|
|
||||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Getting ID for a private key...");
|
|
||||||
|
|
||||||
iterator = this->certificates->create_iterator(this->certificates, TRUE);
|
|
||||||
while (!found && iterator->has_next(iterator))
|
|
||||||
{
|
|
||||||
iterator->current(iterator, (void**)&cert);
|
|
||||||
public_key = cert->get_public_key(cert);
|
|
||||||
if (public_key)
|
|
||||||
{
|
|
||||||
if (private_key->belongs_to(private_key, public_key))
|
|
||||||
{
|
|
||||||
this->logger->log(this->logger, CONTROL|LEVEL2, "found a match");
|
|
||||||
found = cert->get_subject(cert);
|
|
||||||
found = found->clone(found);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
this->logger->log(this->logger, CONTROL|LEVEL3, "this one did not match");
|
|
||||||
}
|
|
||||||
public_key->destroy(public_key);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
iterator->destroy(iterator);
|
|
||||||
return found;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements local_credential_store_t.load_private_keys
|
* Implements local_credential_store_t.load_private_keys
|
||||||
*/
|
*/
|
||||||
|
@ -318,20 +351,7 @@ static void load_private_keys(private_local_credential_store_t *this, const char
|
||||||
rsa_private_key_t *key = rsa_private_key_create_from_file(path, NULL);
|
rsa_private_key_t *key = rsa_private_key_create_from_file(path, NULL);
|
||||||
if (key)
|
if (key)
|
||||||
{
|
{
|
||||||
key_entry_t *entry;
|
this->private_keys->insert_last(this->private_keys, (void*)key);
|
||||||
identification_t *id = get_id_for_private_key(this, key);
|
|
||||||
|
|
||||||
if (!id)
|
|
||||||
{
|
|
||||||
this->logger->log(this->logger, ERROR,
|
|
||||||
"no certificate found for private key \"%s\", skipped", path);
|
|
||||||
key->destroy(key);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
entry = malloc_thing(key_entry_t);
|
|
||||||
entry->key = key;
|
|
||||||
entry->id = id;
|
|
||||||
this->private_keys->insert_last(this->private_keys, (void*)entry);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (match("PSK", &token))
|
else if (match("PSK", &token))
|
||||||
|
@ -364,21 +384,30 @@ error:
|
||||||
*/
|
*/
|
||||||
static void destroy(private_local_credential_store_t *this)
|
static void destroy(private_local_credential_store_t *this)
|
||||||
{
|
{
|
||||||
x509_t *certificate;
|
x509_t *cert;
|
||||||
key_entry_t *key_entry;
|
rsa_private_key_t *key;
|
||||||
|
|
||||||
while (this->certificates->remove_last(this->certificates, (void**)&certificate) == SUCCESS)
|
/* destroy cert list */
|
||||||
|
while (this->certs->remove_last(this->certs, (void**)&cert) == SUCCESS)
|
||||||
{
|
{
|
||||||
certificate->destroy(certificate);
|
cert->destroy(cert);
|
||||||
}
|
}
|
||||||
this->certificates->destroy(this->certificates);
|
this->certs->destroy(this->certs);
|
||||||
while (this->private_keys->remove_last(this->private_keys, (void**)&key_entry) == SUCCESS)
|
|
||||||
|
/* destroy ca cert list */
|
||||||
|
while (this->ca_certs->remove_last(this->ca_certs, (void**)&cert) == SUCCESS)
|
||||||
{
|
{
|
||||||
key_entry->id->destroy(key_entry->id);
|
cert->destroy(cert);
|
||||||
key_entry->key->destroy(key_entry->key);
|
}
|
||||||
free(key_entry);
|
this->ca_certs->destroy(this->ca_certs);
|
||||||
|
|
||||||
|
/* destroy private key list */
|
||||||
|
while (this->private_keys->remove_last(this->private_keys, (void**)&key) == SUCCESS)
|
||||||
|
{
|
||||||
|
key->destroy(key);
|
||||||
}
|
}
|
||||||
this->private_keys->destroy(this->private_keys);
|
this->private_keys->destroy(this->private_keys);
|
||||||
|
|
||||||
free(this);
|
free(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -390,16 +419,20 @@ local_credential_store_t * local_credential_store_create(void)
|
||||||
private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
|
private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
|
||||||
|
|
||||||
this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
|
this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
|
||||||
this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,identification_t*))get_rsa_private_key;
|
this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,rsa_public_key_t*))get_rsa_private_key;
|
||||||
|
this->public.credential_store.has_rsa_private_key = (bool(*)(credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
|
||||||
this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
|
this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
|
||||||
|
this->public.credential_store.add_certificate = (void(*)(credential_store_t*,x509_t*))add_certificate;
|
||||||
this->public.credential_store.log_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_certificates;
|
this->public.credential_store.log_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_certificates;
|
||||||
this->public.load_certificates = (void(*)(local_credential_store_t*,const char*))load_certificates;
|
this->public.credential_store.log_ca_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_ca_certificates;
|
||||||
|
this->public.load_ca_certificates = (void(*)(local_credential_store_t*,const char*))load_ca_certificates;
|
||||||
this->public.load_private_keys = (void(*)(local_credential_store_t*,const char*, const char*))load_private_keys;
|
this->public.load_private_keys = (void(*)(local_credential_store_t*,const char*, const char*))load_private_keys;
|
||||||
this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy;
|
this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy;
|
||||||
|
|
||||||
/* private variables */
|
/* private variables */
|
||||||
this->private_keys = linked_list_create();
|
this->private_keys = linked_list_create();
|
||||||
this->certificates = linked_list_create();
|
this->certs = linked_list_create();
|
||||||
|
this->ca_certs = linked_list_create();
|
||||||
this->logger = logger_manager->get_logger(logger_manager, CONFIG);
|
this->logger = logger_manager->get_logger(logger_manager, CONFIG);
|
||||||
|
|
||||||
return (&this->public);
|
return (&this->public);
|
||||||
|
|
|
@ -57,7 +57,7 @@ struct local_credential_store_t {
|
||||||
* @param this calling object
|
* @param this calling object
|
||||||
* @param path directory to load certificates from
|
* @param path directory to load certificates from
|
||||||
*/
|
*/
|
||||||
void (*load_certificates) (local_credential_store_t *this, const char *path);
|
void (*load_ca_certificates) (local_credential_store_t *this, const char *path);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Loads RSA private keys defined in ipsec.secrets
|
* @brief Loads RSA private keys defined in ipsec.secrets
|
||||||
|
|
Loading…
Reference in New Issue