Android specific credential set also provides user credentials
[strongswan.git] / src / frontends / android / jni / libandroidbridge / backend / android_creds.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "android_creds.h"
17 #include "../charonservice.h"
18
19 #include <daemon.h>
20 #include <library.h>
21 #include <credentials/sets/mem_cred.h>
22 #include <threading/rwlock.h>
23
24 typedef struct private_android_creds_t private_android_creds_t;
25
26 /**
27 * Private data of an android_creds_t object
28 */
29 struct private_android_creds_t {
30
31 /**
32 * Public interface
33 */
34 android_creds_t public;
35
36 /**
37 * Credential set storing trusted certificates and user credentials
38 */
39 mem_cred_t *creds;
40
41 /**
42 * read/write lock to make sure certificates are only loaded once
43 */
44 rwlock_t *lock;
45
46 /**
47 * TRUE if certificates have been loaded via JNI
48 */
49 bool loaded;
50 };
51
52 /**
53 * Load trusted certificates via charonservice (JNI).
54 */
55 static void load_trusted_certificates(private_android_creds_t *this)
56 {
57 linked_list_t *certs;
58 certificate_t *cert;
59 chunk_t *current;
60
61 certs = charonservice->get_trusted_certificates(charonservice);
62 if (certs)
63 {
64 while (certs->remove_first(certs, (void**)&current) == SUCCESS)
65 {
66 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
67 BUILD_BLOB_ASN1_DER, *current, BUILD_END);
68 if (cert)
69 {
70 DBG2(DBG_CFG, "loaded CA certificate '%Y'",
71 cert->get_subject(cert));
72 this->creds->add_cert(this->creds, TRUE, cert);
73 }
74 chunk_free(current);
75 free(current);
76 }
77 certs->destroy(certs);
78 }
79 }
80
81 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
82 private_android_creds_t *this, certificate_type_t cert, key_type_t key,
83 identification_t *id, bool trusted)
84 {
85 enumerator_t *enumerator;
86
87 if (!trusted || (cert != CERT_ANY && cert != CERT_X509))
88 {
89 return NULL;
90 }
91 this->lock->read_lock(this->lock);
92 if (!this->loaded)
93 {
94 this->lock->unlock(this->lock);
95 this->lock->write_lock(this->lock);
96 /* check again after acquiring the write lock */
97 if (!this->loaded)
98 {
99 load_trusted_certificates(this);
100 this->loaded = TRUE;
101 }
102 this->lock->unlock(this->lock);
103 this->lock->read_lock(this->lock);
104 }
105 enumerator = this->creds->set.create_cert_enumerator(&this->creds->set,
106 cert, key, id, trusted);
107 return enumerator_create_cleaner(enumerator, (void*)this->lock->unlock,
108 this->lock);
109 }
110
111 METHOD(android_creds_t, add_username_password, void,
112 private_android_creds_t *this, char *username, char *password)
113 {
114 shared_key_t *shared_key;
115 identification_t *id;
116 chunk_t secret;
117
118 secret = chunk_create(password, strlen(password));
119 shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
120 id = identification_create_from_string(username);
121
122 this->creds->add_shared(this->creds, shared_key, id, NULL);
123 }
124
125 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
126 private_android_creds_t *this, shared_key_type_t type,
127 identification_t *me, identification_t *other)
128 {
129 return this->creds->set.create_shared_enumerator(&this->creds->set,
130 type, me, other);
131 }
132
133 METHOD(android_creds_t, clear, void,
134 private_android_creds_t *this)
135 {
136 this->lock->write_lock(this->lock);
137 this->creds->clear(this->creds);
138 this->loaded = FALSE;
139 this->lock->unlock(this->lock);
140 }
141
142 METHOD(android_creds_t, destroy, void,
143 private_android_creds_t *this)
144 {
145 clear(this);
146 this->creds->destroy(this->creds);
147 this->lock->destroy(this->lock);
148 free(this);
149 }
150
151 /**
152 * Described in header.
153 */
154 android_creds_t *android_creds_create()
155 {
156 private_android_creds_t *this;
157
158 INIT(this,
159 .public = {
160 .set = {
161 .create_cert_enumerator = _create_cert_enumerator,
162 .create_shared_enumerator = _create_shared_enumerator,
163 .create_private_enumerator = (void*)return_null,
164 .create_cdp_enumerator = (void*)return_null,
165 .cache_cert = (void*)nop,
166 },
167 .add_username_password = _add_username_password,
168 .clear = _clear,
169 .destroy = _destroy,
170 },
171 .creds = mem_cred_create(),
172 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
173 );
174
175 return &this->public;
176 }