src/frontends/android/jni/libandroidbridge/backend/android_creds.c

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "android_creds.h"
  17 #include "../charonservice.h"
  18
  19 #include <daemon.h>
  20 #include <library.h>
  21 #include <credentials/sets/mem_cred.h>
  22 #include <threading/rwlock.h>
  23
  24 typedef struct private_android_creds_t private_android_creds_t;
  25
  26 /**
  27  * Private data of an android_creds_t object
  28  */
  29 struct private_android_creds_t {
  30
  31         /**
  32          * Public interface
  33          */
  34         android_creds_t public;
  35
  36         /**
  37          * Credential set storing trusted certificates
  38          */
  39         mem_cred_t *creds;
  40
  41         /**
  42          * read/write lock to make sure certificates are only loaded once
  43          */
  44         rwlock_t *lock;
  45
  46         /**
  47          * TRUE if certificates have been loaded via JNI
  48          */
  49         bool loaded;
  50 };
  51
  52 /**
  53  * Load trusted certificates via charonservice (JNI).
  54  */
  55 static void load_trusted_certificates(private_android_creds_t *this)
  56 {
  57         linked_list_t *certs;
  58         certificate_t *cert;
  59         chunk_t *current;
  60
  61         certs = charonservice->get_trusted_certificates(charonservice);
  62         if (certs)
  63         {
  64                 while (certs->remove_first(certs, (void**)&current) == SUCCESS)
  65                 {
  66                         cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
  67                                                                           BUILD_BLOB_ASN1_DER, *current, BUILD_END);
  68                         if (cert)
  69                         {
  70                                 DBG2(DBG_CFG, "loaded CA certificate '%Y'",
  71                                          cert->get_subject(cert));
  72                                 this->creds->add_cert(this->creds, TRUE, cert);
  73                         }
  74                         chunk_free(current);
  75                         free(current);
  76                 }
  77                 certs->destroy(certs);
  78         }
  79 }
  80
  81 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
  82         private_android_creds_t *this, certificate_type_t cert, key_type_t key,
  83         identification_t *id, bool trusted)
  84 {
  85         enumerator_t *enumerator;
  86
  87         if (!trusted || (cert != CERT_ANY && cert != CERT_X509))
  88         {
  89                 return NULL;
  90         }
  91         this->lock->read_lock(this->lock);
  92         if (!this->loaded)
  93         {
  94                 this->lock->unlock(this->lock);
  95                 this->lock->write_lock(this->lock);
  96                 /* check again after acquiring the write lock */
  97                 if (!this->loaded)
  98                 {
  99                         load_trusted_certificates(this);
 100                         this->loaded = TRUE;
 101                 }
 102                 this->lock->unlock(this->lock);
 103                 this->lock->read_lock(this->lock);
 104         }
 105         enumerator = this->creds->set.create_cert_enumerator(&this->creds->set,
 106                                                                                                         cert, key, id, trusted);
 107         return enumerator_create_cleaner(enumerator, (void*)this->lock->unlock,
 108                                                                          this->lock);
 109 }
 110
 111 METHOD(android_creds_t, clear, void,
 112         private_android_creds_t *this)
 113 {
 114         this->lock->write_lock(this->lock);
 115         this->creds->clear(this->creds);
 116         this->loaded = FALSE;
 117         this->lock->unlock(this->lock);
 118 }
 119
 120 METHOD(android_creds_t, destroy, void,
 121         private_android_creds_t *this)
 122 {
 123         clear(this);
 124         this->creds->destroy(this->creds);
 125         this->lock->destroy(this->lock);
 126         free(this);
 127 }
 128
 129 /**
 130  * Described in header.
 131  */
 132 android_creds_t *android_creds_create()
 133 {
 134         private_android_creds_t *this;
 135
 136         INIT(this,
 137                 .public = {
 138                         .set = {
 139                                 .create_cert_enumerator = _create_cert_enumerator,
 140                                 .create_shared_enumerator = (void*)return_null,
 141                                 .create_private_enumerator = (void*)return_null,
 142                                 .create_cdp_enumerator = (void*)return_null,
 143                                 .cache_cert = (void*)nop,
 144                         },
 145                         .clear = _clear,
 146                         .destroy = _destroy,
 147                 },
 148                 .creds = mem_cred_create(),
 149                 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
 150         );
 151
 152         return &this->public;
 153 }