151 lines
3.3 KiB
C
151 lines
3.3 KiB
C
/* Pluto certificate/CRL/AC builder hooks.
|
|
* Copyright (C) 2002-2009 Andreas Steffen
|
|
* Copyright (C) 2009 Martin Willi
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include "builder.h"
|
|
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <time.h>
|
|
|
|
#include <freeswan.h>
|
|
|
|
#include <library.h>
|
|
#include <credentials/certificates/certificate.h>
|
|
|
|
#include "constants.h"
|
|
#include "defs.h"
|
|
#include "log.h"
|
|
#include "certs.h"
|
|
#include "crl.h"
|
|
|
|
/**
|
|
* Load a certificate
|
|
*/
|
|
static cert_t *builder_load_cert(certificate_type_t type, va_list args)
|
|
{
|
|
x509_flag_t flags = 0;
|
|
chunk_t blob = chunk_empty;
|
|
bool pgp = FALSE;
|
|
|
|
while (TRUE)
|
|
{
|
|
switch (va_arg(args, builder_part_t))
|
|
{
|
|
case BUILD_BLOB_PGP:
|
|
pgp = TRUE;
|
|
/* FALL */
|
|
case BUILD_BLOB_ASN1_DER:
|
|
blob = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_X509_FLAG:
|
|
flags |= va_arg(args, x509_flag_t);
|
|
continue;
|
|
case BUILD_END:
|
|
break;
|
|
default:
|
|
return NULL;
|
|
}
|
|
break;
|
|
}
|
|
if (blob.ptr)
|
|
{
|
|
cert_t *cert = malloc_thing(cert_t);
|
|
|
|
*cert = cert_empty;
|
|
|
|
if (pgp)
|
|
{
|
|
cert->cert = lib->creds->create(lib->creds,
|
|
CRED_CERTIFICATE, CERT_GPG,
|
|
BUILD_BLOB_PGP, blob,
|
|
BUILD_END);
|
|
}
|
|
else
|
|
{
|
|
cert->cert = lib->creds->create(lib->creds,
|
|
CRED_CERTIFICATE, CERT_X509,
|
|
BUILD_BLOB_ASN1_DER, blob,
|
|
BUILD_X509_FLAG, flags,
|
|
BUILD_END);
|
|
}
|
|
if (cert->cert)
|
|
{
|
|
return cert;
|
|
}
|
|
plog(" error in X.509 certificate");
|
|
cert_free(cert);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* Load a CRL
|
|
*/
|
|
static x509crl_t *builder_load_crl(certificate_type_t type, va_list args)
|
|
{
|
|
chunk_t blob = chunk_empty;
|
|
x509crl_t *crl;
|
|
|
|
while (TRUE)
|
|
{
|
|
switch (va_arg(args, builder_part_t))
|
|
{
|
|
case BUILD_BLOB_ASN1_DER:
|
|
blob = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_END:
|
|
break;
|
|
default:
|
|
return NULL;
|
|
}
|
|
break;
|
|
}
|
|
if (blob.ptr)
|
|
{
|
|
crl = malloc_thing(x509crl_t);
|
|
crl->next = NULL;
|
|
crl->distributionPoints = linked_list_create();
|
|
crl->crl = lib->creds->create(lib->creds,
|
|
CRED_CERTIFICATE, CERT_X509_CRL,
|
|
BUILD_BLOB_ASN1_DER, blob,
|
|
BUILD_END);
|
|
if (crl->crl)
|
|
{
|
|
return crl;
|
|
}
|
|
plog(" error in X.509 crl");
|
|
free_crl(crl);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
void init_builder(void)
|
|
{
|
|
lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE,
|
|
(builder_function_t)builder_load_cert);
|
|
lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE,
|
|
(builder_function_t)builder_load_crl);
|
|
}
|
|
|
|
void free_builder(void)
|
|
{
|
|
lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_cert);
|
|
lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_crl);
|
|
}
|
|
|