projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Load private keys from suite and test configs
[strongswan.git] / src / conftest / conftest.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <unistd.h>
18 #include <stdio.h>
19 #include <errno.h>
20 #include <signal.h>
21 #include <getopt.h>
22 #include <dlfcn.h>
23 #include <libgen.h>
24
25 #include "conftest.h"
26 #include "config.h"
27 #include "hooks/hook.h"
28
29 #include <threading/thread.h>
30
31 /**
32 * Conftest globals struct
33 */
34 conftest_t *conftest;
35
36 /**
37 * Print usage information
38 */
39 static void usage(FILE *out)
40 {
41 fprintf(out, "Usage:\n");
42 fprintf(out, " --help show usage information\n");
43 fprintf(out, " --version show conftest version\n");
44 fprintf(out, " --suite <file> global testsuite configuration "
45 "(default: ./suite.conf)\n");
46 fprintf(out, " --test <file> test specific configuration\n");
47 }
48
49 /**
50 * Handle SIGSEGV/SIGILL signals raised by threads
51 */
52 static void segv_handler(int signal)
53 {
54 fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
55 abort();
56 }
57
58 /**
59 * Load suite and test specific configurations
60 */
61 static bool load_configs(char *suite_file, char *test_file)
62 {
63 if (!test_file)
64 {
65 fprintf(stderr, "Missing test configuration file.\n");
66 return FALSE;
67 }
68 if (access(suite_file, R_OK) != 0)
69 {
70 fprintf(stderr, "Reading suite configuration file '%s' failed: %s.\n",
71 suite_file, strerror(errno));
72 return FALSE;
73 }
74 if (access(test_file, R_OK) != 0)
75 {
76 fprintf(stderr, "Reading test configuration file '%s' failed: %s.\n",
77 test_file, strerror(errno));
78 return FALSE;
79 }
80 conftest->suite = settings_create(suite_file);
81 conftest->test = settings_create(test_file);
82 suite_file = dirname(suite_file);
83 test_file = dirname(test_file);
84 conftest->suite_dir = strdup(suite_file);
85 conftest->test_dir = strdup(test_file);
86 return TRUE;
87 }
88
89 /**
90 * Load certificates from the confiuguration file
91 */
92 static bool load_certs(settings_t *settings, char *dir)
93 {
94 enumerator_t *enumerator;
95 char *key, *value, wd[PATH_MAX];
96 certificate_t *cert;
97
98 if (getcwd(wd, sizeof(wd)) == NULL)
99 {
100 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
101 return FALSE;
102 }
103 if (chdir(dir) != 0)
104 {
105 fprintf(stderr, "opening directory '%s' failed: %s\n",
106 dir, strerror(errno));
107 return FALSE;
108 }
109
110 enumerator = settings->create_key_value_enumerator(settings, "certs.trusted");
111 while (enumerator->enumerate(enumerator, &key, &value))
112 {
113 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
114 BUILD_FROM_FILE, value, BUILD_END);
115 if (!cert)
116 {
117 fprintf(stderr, "loading trusted certificate "
118 "'%s' from '%s' failed\n", key, value);
119 enumerator->destroy(enumerator);
120 return FALSE;
121 }
122 conftest->creds->add_cert(conftest->creds, TRUE, cert);
123 }
124 enumerator->destroy(enumerator);
125
126 enumerator = settings->create_key_value_enumerator(settings, "certs.untrusted");
127 while (enumerator->enumerate(enumerator, &key, &value))
128 {
129 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
130 BUILD_FROM_FILE, value, BUILD_END);
131 if (!cert)
132 {
133 fprintf(stderr, "loading untrusted certificate "
134 "'%s' from '%s' failed\n", key, value);
135 enumerator->destroy(enumerator);
136 return FALSE;
137 }
138 conftest->creds->add_cert(conftest->creds, FALSE, cert);
139 }
140 enumerator->destroy(enumerator);
141
142 if (chdir(wd) != 0)
143 {
144 fprintf(stderr, "opening directory '%s' failed: %s\n",
145 wd, strerror(errno));
146 return FALSE;
147 }
148 return TRUE;
149 }
150
151 /**
152 * Load private keys from the confiuguration file
153 */
154 static bool load_keys(settings_t *settings, char *dir)
155 {
156 enumerator_t *enumerator;
157 char *type, *value, wd[PATH_MAX];
158 private_key_t *key;
159 key_type_t key_type;
160
161 if (getcwd(wd, sizeof(wd)) == NULL)
162 {
163 fprintf(stderr, "getting cwd failed: %s\n", strerror(errno));
164 return FALSE;
165 }
166 if (chdir(dir) != 0)
167 {
168 fprintf(stderr, "opening directory '%s' failed: %s\n",
169 dir, strerror(errno));
170 return FALSE;
171 }
172
173 enumerator = settings->create_key_value_enumerator(settings, "keys");
174 while (enumerator->enumerate(enumerator, &type, &value))
175 {
176 if (strcaseeq(type, "ecdsa"))
177 {
178 key_type = KEY_ECDSA;
179 }
180 else if (strcaseeq(type, "rsa"))
181 {
182 key_type = KEY_RSA;
183 }
184 else
185 {
186 fprintf(stderr, "unkown key type: '%s'\n", type);
187 enumerator->destroy(enumerator);
188 return FALSE;
189 }
190 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
191 BUILD_FROM_FILE, value, BUILD_END);
192 if (!key)
193 {
194 fprintf(stderr, "loading %s key from '%s' failed\n", type, value);
195 enumerator->destroy(enumerator);
196 return FALSE;
197 }
198 conftest->creds->add_key(conftest->creds, key);
199 }
200 enumerator->destroy(enumerator);
201
202 if (chdir(wd) != 0)
203 {
204 fprintf(stderr, "opening directory '%s' failed: %s\n",
205 wd, strerror(errno));
206 return FALSE;
207 }
208 return TRUE;
209 }
210
211 /**
212 * Load configured hooks
213 */
214 static bool load_hooks()
215 {
216 enumerator_t *enumerator;
217 char *name, buf[64];
218 hook_t *(*create)(void);
219 hook_t *hook;
220
221 enumerator = conftest->test->create_section_enumerator(conftest->test,
222 "hooks");
223 while (enumerator->enumerate(enumerator, &name))
224 {
225 snprintf(buf, sizeof(buf), "%s_hook_create", name);
226 create = dlsym(RTLD_DEFAULT, buf);
227 if (create)
228 {
229 hook = create();
230 if (hook)
231 {
232 conftest->hooks->insert_last(conftest->hooks, hook);
233 charon->bus->add_listener(charon->bus, &hook->listener);
234 }
235 }
236 else
237 {
238 fprintf(stderr, "dlsym() for hook '%s' failed: %s\n", name, dlerror());
239 enumerator->destroy(enumerator);
240 return FALSE;
241 }
242 }
243 enumerator->destroy(enumerator);
244 return TRUE;
245 }
246
247 /**
248 * atexit() cleanup handler
249 */
250 static void cleanup()
251 {
252 hook_t *hook;
253
254 DESTROY_IF(conftest->suite);
255 DESTROY_IF(conftest->test);
256 lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
257 conftest->creds->destroy(conftest->creds);
258 while (conftest->hooks->remove_last(conftest->hooks,
259 (void**)&hook) == SUCCESS)
260 {
261 charon->bus->remove_listener(charon->bus, &hook->listener);
262 hook->destroy(hook);
263 }
264 conftest->hooks->destroy(conftest->hooks);
265 if (conftest->config)
266 {
267 charon->backends->remove_backend(charon->backends,
268 &conftest->config->backend);
269 conftest->config->destroy(conftest->config);
270 }
271 free(conftest->suite_dir);
272 free(conftest->test_dir);
273 free(conftest);
274 libcharon_deinit();
275 libhydra_deinit();
276 library_deinit();
277 }
278
279 /**
280 * Main function, starts the conftest daemon.
281 */
282 int main(int argc, char *argv[])
283 {
284 struct sigaction action;
285 int status = 0;
286 sigset_t set;
287 int sig;
288 char *suite_file = "suite.conf", *test_file = NULL;
289 file_logger_t *logger;
290
291 if (!library_init(NULL))
292 {
293 library_deinit();
294 return SS_RC_LIBSTRONGSWAN_INTEGRITY;
295 }
296 if (!libhydra_init("conftest"))
297 {
298 libhydra_deinit();
299 library_deinit();
300 return SS_RC_INITIALIZATION_FAILED;
301 }
302 if (!libcharon_init())
303 {
304 libcharon_deinit();
305 libhydra_deinit();
306 library_deinit();
307 return SS_RC_INITIALIZATION_FAILED;
308 }
309
310 INIT(conftest,
311 .creds = mem_cred_create(),
312 );
313 logger = file_logger_create(stdout, NULL, FALSE);
314 logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
315 charon->bus->add_listener(charon->bus, &logger->listener);
316 charon->file_loggers->insert_last(charon->file_loggers, logger);
317
318 lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
319 conftest->hooks = linked_list_create();
320 conftest->config = config_create();
321
322 atexit(cleanup);
323
324 while (TRUE)
325 {
326 struct option long_opts[] = {
327 { "help", no_argument, NULL, 'h' },
328 { "version", no_argument, NULL, 'v' },
329 { "suite", required_argument, NULL, 's' },
330 { "test", required_argument, NULL, 't' },
331 { 0,0,0,0 }
332 };
333 switch (getopt_long(argc, argv, "", long_opts, NULL))
334 {
335 case EOF:
336 break;
337 case 'h':
338 usage(stdout);
339 return 0;
340 case 'v':
341 printf("strongSwan %s conftest\n", VERSION);
342 return 0;
343 case 's':
344 suite_file = optarg;
345 continue;
346 case 't':
347 test_file = optarg;
348 continue;
349 default:
350 usage(stderr);
351 return 1;
352 }
353 break;
354 }
355
356 if (!load_configs(suite_file, test_file))
357 {
358 return 1;
359 }
360 if (!charon->initialize(charon))
361 {
362 return 1;
363 }
364 if (!load_certs(conftest->suite, suite_file) ||
365 !load_certs(conftest->test, test_file))
366 {
367 return 1;
368 }
369 if (!load_keys(conftest->suite, suite_file) ||
370 !load_keys(conftest->test, test_file))
371 {
372 return 1;
373 }
374 if (!load_hooks())
375 {
376 return 1;
377 }
378 charon->backends->add_backend(charon->backends, &conftest->config->backend);
379 conftest->config->load(conftest->config, conftest->suite);
380 conftest->config->load(conftest->config, conftest->test);
381
382 /* set up thread specific handlers */
383 action.sa_handler = segv_handler;
384 action.sa_flags = 0;
385 sigemptyset(&action.sa_mask);
386 sigaddset(&action.sa_mask, SIGINT);
387 sigaddset(&action.sa_mask, SIGTERM);
388 sigaddset(&action.sa_mask, SIGHUP);
389 sigaction(SIGSEGV, &action, NULL);
390 sigaction(SIGILL, &action, NULL);
391 sigaction(SIGBUS, &action, NULL);
392 action.sa_handler = SIG_IGN;
393 sigaction(SIGPIPE, &action, NULL);
394 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
395
396 /* start thread pool */
397 charon->start(charon);
398
399 /* handle SIGINT/SIGTERM in main thread */
400 sigemptyset(&set);
401 sigaddset(&set, SIGINT);
402 sigaddset(&set, SIGHUP);
403 sigaddset(&set, SIGTERM);
404 sigprocmask(SIG_BLOCK, &set, NULL);
405
406 while (sigwait(&set, &sig) == 0)
407 {
408 switch (sig)
409 {
410 case SIGINT:
411 case SIGTERM:
412 fprintf(stderr, "\nshutting down...\n");
413 break;
414 default:
415 continue;
416 }
417 break;
418 }
419 return status;
420 }
strongSwan - IPsec VPN