projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Implement TKM-specific credential set
[strongswan.git] / src / charon-tkm / src / tkm / tkm_cred.c
1 /*
2 * Copyright (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <credentials/sets/mem_cred.h>
18 #include <collections/hashtable.h>
19 #include <threading/rwlock.h>
20 #include <utils/debug.h>
21
22 #include "tkm_private_key.h"
23 #include "tkm_cred.h"
24
25 typedef struct private_tkm_cred_t private_tkm_cred_t;
26
27 /**
28 * Private data of a tkm_cred_t object.
29 */
30 struct private_tkm_cred_t {
31
32 /**
33 * Public tkm_cred_t interface.
34 */
35 tkm_cred_t public;
36
37 /**
38 * In-memory credential set.
39 */
40 mem_cred_t *creds;
41
42 /**
43 * Key-id hashtable.
44 */
45 hashtable_t *known_keys;
46
47 /**
48 * rwlock for hashtable.
49 */
50 rwlock_t *lock;
51
52 };
53
54 METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
55 private_tkm_cred_t *this, key_type_t type, identification_t *id)
56 {
57 if (!id)
58 {
59 return this->known_keys->create_enumerator(this->known_keys);
60 }
61
62 identification_t *entry;
63 this->lock->write_lock(this->lock);
64 entry = this->known_keys->get(this->known_keys, id);
65
66 if (!entry)
67 {
68 identification_t *clone = id->clone(id);
69 DBG1(DBG_CFG, "adding private key proxy for id '%Y'", clone);
70 tkm_private_key_t *key = tkm_private_key_init(id);
71 if (!key)
72 {
73 DBG1(DBG_CFG, "unable to create private key for id '%Y'", clone);
74 this->lock->unlock(this->lock);
75 return NULL;
76 }
77 this->creds->add_key(this->creds, (private_key_t *)key);
78 entry = this->known_keys->put(this->known_keys, clone, clone);
79 }
80 this->lock->unlock(this->lock);
81
82 return this->creds->set.create_private_enumerator(&this->creds->set,
83 type, id);
84 }
85
86 METHOD(tkm_cred_t, destroy, void,
87 private_tkm_cred_t *this)
88 {
89 enumerator_t *enumerator;
90 identification_t *entry;
91
92 enumerator = this->known_keys->create_enumerator(this->known_keys);
93 while (enumerator->enumerate(enumerator, NULL, &entry))
94 {
95 entry->destroy(entry);
96 }
97 enumerator->destroy(enumerator);
98 this->known_keys->destroy(this->known_keys);
99
100 this->creds->destroy(this->creds);
101 this->lock->destroy(this->lock);
102 free(this);
103 }
104
105 /**
106 * Hashtable hash function.
107 */
108 static u_int hash(identification_t *id)
109 {
110 return chunk_hash(id->get_encoding(id));
111 }
112
113 /**
114 * Hashtable equals function.
115 */
116 static bool equals(identification_t *a, identification_t *b)
117 {
118 return a->equals(a, b);
119 }
120
121 /**
122 * See header
123 */
124 tkm_cred_t *tkm_cred_create()
125 {
126 private_tkm_cred_t *this;
127
128 INIT(this,
129 .public = {
130 .set = {
131 .create_shared_enumerator = (void*)return_null,
132 .create_private_enumerator = _create_private_enumerator,
133 .create_cert_enumerator = (void*)return_null,
134 .create_cdp_enumerator = (void*)return_null,
135 .cache_cert = (void*)nop,
136 },
137 .destroy = _destroy,
138 },
139 .creds = mem_cred_create(),
140 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
141 .known_keys = hashtable_create((hashtable_hash_t)hash,
142 (hashtable_equals_t)equals, 4),
143 );
144
145 return &this->public;
146 }
strongSwan - IPsec VPN