projects / strongswan.git / blob
? search:


3f1c98316166acc09f33b59ac53b5aaa56a85528
[strongswan.git] / src / libcharon / plugins / load_tester / load_tester_creds.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "load_tester_creds.h"
17
18 #include <time.h>
19 #include <sys/stat.h>
20
21 #include <daemon.h>
22 #include <credentials/keys/shared_key.h>
23 #include <credentials/certificates/x509.h>
24 #include <utils/identification.h>
25
26 typedef struct private_load_tester_creds_t private_load_tester_creds_t;
27
28 /**
29 * Private data of an load_tester_creds_t object
30 */
31 struct private_load_tester_creds_t {
32 /**
33 * Public part
34 */
35 load_tester_creds_t public;
36
37 /**
38 * Private key to create signatures
39 */
40 private_key_t *private;
41
42 /**
43 * CA certificate, to issue/verify peer certificates
44 */
45 certificate_t *ca;
46
47 /**
48 * Trusted CA certificates, including issuer CA
49 */
50 linked_list_t *cas;
51
52 /**
53 * Digest algorithm to issue certificates
54 */
55 hash_algorithm_t digest;
56
57 /**
58 * serial number to issue certificates
59 */
60 u_int32_t serial;
61
62 /**
63 * Preshared key for IKE
64 */
65 shared_key_t *psk;
66
67 /**
68 * Password for EAP
69 */
70 shared_key_t *pwd;
71 };
72
73 /**
74 * 1024-bit RSA key:
75 -----BEGIN RSA PRIVATE KEY-----
76 MIICXQIBAAKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8EVRLx
77 JEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZqBUEC
78 7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQIDAQAB
79 AoGACVACtkxJf7VY2jWTPXwaQoy/uIqYfX3zhwI9i6eTbDlxCE+JDi/xzpKaWjLa
80 99RmjvP0OPArWQB239ck03x7gAm2obutosGbqbKzJZS5cyIayzyW9djZDHBdt9Ho
81 quKB39aspWit3xPzkrr+QeIkiggtmBKALTBxTwxAU+P6euECQQD4IPdrzKbCrO79
82 LKvoPrQQtTjL6ogag9rI9n2ZuoK3/XVybh2byOXT8tA5G5jSz9Ac8XeVOsnH9gT5
83 3WXeaLOFAkEA1vrm/hVSEasp5eATgQ7ig9CF+GGKqhTwXp/uOSl/h3IRmStu5J0C
84 9AkYyx0bn3j5R8iUEX/C00KSE1kQNh4NOQJAVOsLYlRG2idPH0xThQc4nuM2jes1
85 K0Xm8ZISSDNhm1BeCoyPC4rExTW7d1/vfG5svgsRrvvQpOOYrl7MB0Lz9QJBALhg
86 AWJiyLsskEd90Vx7dpvUaEHo7jMGuEx/X6GYzK5Oj3dNP9NEMfc4IhJ5SWqRJ0KA
87 bTVA3MexLXT4iqXPSkkCQQDSjLhBwvEnSuW4ElIMzBwLbu7573z2gzU82Mj6trrw
88 Osoox/vmcepT1Wjy4AvPZHgxp7vEXNSeS+M5L29QNTp8
89 -----END RSA PRIVATE KEY-----
90 */
91 static char private[] = {
92 0x30,0x82,0x02,0x5d,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xd0,0x5e,0xbe,0xe9,0xa0,
93 0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,0xa4,0xf4,0x77,
94 0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,0x55,0x12,0xf1,
95 0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,0xda,0xee,0xa4,
96 0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,0x90,0xea,0x4e,
97 0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,0x05,0x41,0x02,
98 0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,0x06,0xb8,0x94,
99 0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,0xe4,0xc4,0x07,
100 0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,0x01,0x00,0x01,
101 0x02,0x81,0x80,0x09,0x50,0x02,0xb6,0x4c,0x49,0x7f,0xb5,0x58,0xda,0x35,0x93,0x3d,
102 0x7c,0x1a,0x42,0x8c,0xbf,0xb8,0x8a,0x98,0x7d,0x7d,0xf3,0x87,0x02,0x3d,0x8b,0xa7,
103 0x93,0x6c,0x39,0x71,0x08,0x4f,0x89,0x0e,0x2f,0xf1,0xce,0x92,0x9a,0x5a,0x32,0xda,
104 0xf7,0xd4,0x66,0x8e,0xf3,0xf4,0x38,0xf0,0x2b,0x59,0x00,0x76,0xdf,0xd7,0x24,0xd3,
105 0x7c,0x7b,0x80,0x09,0xb6,0xa1,0xbb,0xad,0xa2,0xc1,0x9b,0xa9,0xb2,0xb3,0x25,0x94,
106 0xb9,0x73,0x22,0x1a,0xcb,0x3c,0x96,0xf5,0xd8,0xd9,0x0c,0x70,0x5d,0xb7,0xd1,0xe8,
107 0xaa,0xe2,0x81,0xdf,0xd6,0xac,0xa5,0x68,0xad,0xdf,0x13,0xf3,0x92,0xba,0xfe,0x41,
108 0xe2,0x24,0x8a,0x08,0x2d,0x98,0x12,0x80,0x2d,0x30,0x71,0x4f,0x0c,0x40,0x53,0xe3,
109 0xfa,0x7a,0xe1,0x02,0x41,0x00,0xf8,0x20,0xf7,0x6b,0xcc,0xa6,0xc2,0xac,0xee,0xfd,
110 0x2c,0xab,0xe8,0x3e,0xb4,0x10,0xb5,0x38,0xcb,0xea,0x88,0x1a,0x83,0xda,0xc8,0xf6,
111 0x7d,0x99,0xba,0x82,0xb7,0xfd,0x75,0x72,0x6e,0x1d,0x9b,0xc8,0xe5,0xd3,0xf2,0xd0,
112 0x39,0x1b,0x98,0xd2,0xcf,0xd0,0x1c,0xf1,0x77,0x95,0x3a,0xc9,0xc7,0xf6,0x04,0xf9,
113 0xdd,0x65,0xde,0x68,0xb3,0x85,0x02,0x41,0x00,0xd6,0xfa,0xe6,0xfe,0x15,0x52,0x11,
114 0xab,0x29,0xe5,0xe0,0x13,0x81,0x0e,0xe2,0x83,0xd0,0x85,0xf8,0x61,0x8a,0xaa,0x14,
115 0xf0,0x5e,0x9f,0xee,0x39,0x29,0x7f,0x87,0x72,0x11,0x99,0x2b,0x6e,0xe4,0x9d,0x02,
116 0xf4,0x09,0x18,0xcb,0x1d,0x1b,0x9f,0x78,0xf9,0x47,0xc8,0x94,0x11,0x7f,0xc2,0xd3,
117 0x42,0x92,0x13,0x59,0x10,0x36,0x1e,0x0d,0x39,0x02,0x40,0x54,0xeb,0x0b,0x62,0x54,
118 0x46,0xda,0x27,0x4f,0x1f,0x4c,0x53,0x85,0x07,0x38,0x9e,0xe3,0x36,0x8d,0xeb,0x35,
119 0x2b,0x45,0xe6,0xf1,0x92,0x12,0x48,0x33,0x61,0x9b,0x50,0x5e,0x0a,0x8c,0x8f,0x0b,
120 0x8a,0xc4,0xc5,0x35,0xbb,0x77,0x5f,0xef,0x7c,0x6e,0x6c,0xbe,0x0b,0x11,0xae,0xfb,
121 0xd0,0xa4,0xe3,0x98,0xae,0x5e,0xcc,0x07,0x42,0xf3,0xf5,0x02,0x41,0x00,0xb8,0x60,
122 0x01,0x62,0x62,0xc8,0xbb,0x2c,0x90,0x47,0x7d,0xd1,0x5c,0x7b,0x76,0x9b,0xd4,0x68,
123 0x41,0xe8,0xee,0x33,0x06,0xb8,0x4c,0x7f,0x5f,0xa1,0x98,0xcc,0xae,0x4e,0x8f,0x77,
124 0x4d,0x3f,0xd3,0x44,0x31,0xf7,0x38,0x22,0x12,0x79,0x49,0x6a,0x91,0x27,0x42,0x80,
125 0x6d,0x35,0x40,0xdc,0xc7,0xb1,0x2d,0x74,0xf8,0x8a,0xa5,0xcf,0x4a,0x49,0x02,0x41,
126 0x00,0xd2,0x8c,0xb8,0x41,0xc2,0xf1,0x27,0x4a,0xe5,0xb8,0x12,0x52,0x0c,0xcc,0x1c,
127 0x0b,0x6e,0xee,0xf9,0xef,0x7c,0xf6,0x83,0x35,0x3c,0xd8,0xc8,0xfa,0xb6,0xba,0xf0,
128 0x3a,0xca,0x28,0xc7,0xfb,0xe6,0x71,0xea,0x53,0xd5,0x68,0xf2,0xe0,0x0b,0xcf,0x64,
129 0x78,0x31,0xa7,0xbb,0xc4,0x5c,0xd4,0x9e,0x4b,0xe3,0x39,0x2f,0x6f,0x50,0x35,0x3a,
130 0x7c,
131 };
132
133 /**
134 * And an associated self-signed certificate
135 -----BEGIN CERTIFICATE-----
136 MIIB9DCCAV2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA3MQwwCgYDVQQDEwNzcnYx
137 EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0wODEy
138 MDgxODU4NDhaFw0xODEyMDYxODU4NDhaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
139 CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
140 AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
141 VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
142 BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
143 AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF39Xedyk2wj
144 qOcaaZ7ypb8RDlLvS0uaJMVtLtIhtb2weMMlgdmOnKXEYrJL2/mbp14Fhe+XYME9
145 nZLAnmUnX8bQWCsQlajb7YGE8w6QDMwXUVgSXTMhRl+PRX2CMIUzU21h1EIx65Po
146 CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf
147 -----END CERTIFICATE-----
148
149 */
150 static char cert[] = {
151 0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
152 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,
153 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
154 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
155 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
156 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x32,
157 0x30,0x38,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x17,0x0d,0x31,0x38,0x31,0x32,0x30,
158 0x36,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
159 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
160 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
161 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
162 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
163 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
164 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
165 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
166 0x55,0x12,0xf1,0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,
167 0xda,0xee,0xa4,0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,
168 0x90,0xea,0x4e,0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,
169 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
170 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
171 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
172 0x01,0x00,0x01,0xa3,0x10,0x30,0x0e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x04,0x05,
173 0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
174 0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x5d,0xfd,0x5d,0xe7,0x72,0x93,0x6c,0x23,
175 0xa8,0xe7,0x1a,0x69,0x9e,0xf2,0xa5,0xbf,0x11,0x0e,0x52,0xef,0x4b,0x4b,0x9a,0x24,
176 0xc5,0x6d,0x2e,0xd2,0x21,0xb5,0xbd,0xb0,0x78,0xc3,0x25,0x81,0xd9,0x8e,0x9c,0xa5,
177 0xc4,0x62,0xb2,0x4b,0xdb,0xf9,0x9b,0xa7,0x5e,0x05,0x85,0xef,0x97,0x60,0xc1,0x3d,
178 0x9d,0x92,0xc0,0x9e,0x65,0x27,0x5f,0xc6,0xd0,0x58,0x2b,0x10,0x95,0xa8,0xdb,0xed,
179 0x81,0x84,0xf3,0x0e,0x90,0x0c,0xcc,0x17,0x51,0x58,0x12,0x5d,0x33,0x21,0x46,0x5f,
180 0x8f,0x45,0x7d,0x82,0x30,0x85,0x33,0x53,0x6d,0x61,0xd4,0x42,0x31,0xeb,0x93,0xe8,
181 0x0b,0x03,0x0b,0x6c,0x9e,0xef,0x42,0xac,0x0f,0x1d,0x74,0x62,0xb4,0x39,0x8d,0x90,
182 0x43,0x8a,0xf4,0x7f,0xaf,0x46,0x70,0xdf,
183 };
184
185
186 /**
187 * Default IKE preshared key
188 */
189 static char *default_psk = "default-psk";
190
191 /**
192 * Default EAP password for EAP
193 */
194 static char *default_pwd = "default-pwd";
195
196
197 /**
198 * Load the private key, hard-coded or from a file
199 */
200 static private_key_t *load_issuer_key(private_load_tester_creds_t *this)
201 {
202 char *path;
203
204 path = lib->settings->get_str(lib->settings,
205 "%s.plugins.load-tester.issuer_key", NULL, charon->name);
206 if (!path)
207 {
208 return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
209 BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
210 BUILD_END);
211 }
212 DBG1(DBG_CFG, "loading load-tester private key from '%s'", path);
213 return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
214 BUILD_FROM_FILE, path, BUILD_END);
215 }
216
217 /**
218 * Load the issuing certificate, hard-coded or from a file
219 */
220 static certificate_t *load_issuer_cert(private_load_tester_creds_t *this)
221 {
222 char *path;
223
224 path = lib->settings->get_str(lib->settings,
225 "%s.plugins.load-tester.issuer_cert", NULL, charon->name);
226 if (!path)
227 {
228 return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
229 BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)),
230 BUILD_X509_FLAG, X509_CA,
231 BUILD_END);
232 }
233 DBG1(DBG_CFG, "loading load-tester issuer cert from '%s'", path);
234 return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
235 BUILD_FROM_FILE, path, BUILD_END);
236 }
237
238 /**
239 * Load (intermediate) CA certificates, hard-coded or from a file
240 */
241 static void load_ca_certs(private_load_tester_creds_t *this)
242 {
243 enumerator_t *enumerator;
244 certificate_t *cert;
245 struct stat st;
246 char *path;
247
248 path = lib->settings->get_str(lib->settings,
249 "%s.plugins.load-tester.ca_dir", NULL, charon->name);
250 if (path)
251 {
252 enumerator = enumerator_create_directory(path);
253 if (enumerator)
254 {
255 while (enumerator->enumerate(enumerator, NULL, &path, &st))
256 {
257 if (S_ISREG(st.st_mode))
258 {
259 DBG1(DBG_CFG, "loading load-tester CA cert from '%s'", path);
260 cert = lib->creds->create(lib->creds,
261 CRED_CERTIFICATE, CERT_X509,
262 BUILD_FROM_FILE, path, BUILD_END);
263 if (cert)
264 {
265 this->cas->insert_last(this->cas, cert);
266 }
267 }
268 }
269 enumerator->destroy(enumerator);
270 }
271 }
272 }
273
274 METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
275 private_load_tester_creds_t *this, key_type_t type, identification_t *id)
276 {
277 if (this->private == NULL)
278 {
279 return NULL;
280 }
281 if (type != KEY_ANY && type != KEY_RSA)
282 {
283 return NULL;
284 }
285 if (id)
286 {
287 if (!this->private->has_fingerprint(this->private, id->get_encoding(id)))
288 {
289 return NULL;
290 }
291 }
292 return enumerator_create_single(this->private, NULL);
293 }
294
295 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
296 private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key,
297 identification_t *id, bool trusted)
298 {
299 enumerator_t *enumerator;
300 certificate_t *peer_cert, *ca_cert;
301 public_key_t *peer_key, *ca_key;
302 identification_t *dn = NULL;
303 linked_list_t *sans;
304 char buf[128];
305 u_int32_t serial;
306 time_t now;
307
308 if (this->ca == NULL)
309 {
310 return NULL;
311 }
312 if (cert != CERT_ANY && cert != CERT_X509)
313 {
314 return NULL;
315 }
316 if (key != KEY_ANY && key != KEY_RSA)
317 {
318 return NULL;
319 }
320 if (!id)
321 {
322 return this->cas->create_enumerator(this->cas);
323 }
324 ca_key = this->ca->get_public_key(this->ca);
325 if (ca_key)
326 {
327 if (ca_key->has_fingerprint(ca_key, id->get_encoding(id)))
328 {
329 ca_key->destroy(ca_key);
330 return enumerator_create_single(this->ca, NULL);
331 }
332 ca_key->destroy(ca_key);
333 }
334 enumerator = this->cas->create_enumerator(this->cas);
335 while (enumerator->enumerate(enumerator, &ca_cert))
336 {
337 if (ca_cert->has_subject(ca_cert, id))
338 {
339 enumerator->destroy(enumerator);
340 return enumerator_create_single(ca_cert, NULL);
341 }
342 }
343 enumerator->destroy(enumerator);
344
345 if (!trusted)
346 {
347 /* peer certificate, generate on demand */
348 serial = htonl(++this->serial);
349 now = time(NULL);
350 sans = linked_list_create();
351
352 switch (id->get_type(id))
353 {
354 case ID_DER_ASN1_DN:
355 break;
356 case ID_FQDN:
357 case ID_RFC822_ADDR:
358 case ID_IPV4_ADDR:
359 case ID_IPV6_ADDR:
360 /* encode as subjectAltName, construct a sane DN */
361 sans->insert_last(sans, id);
362 snprintf(buf, sizeof(buf), "CN=%Y", id);
363 dn = identification_create_from_string(buf);
364 break;
365 default:
366 sans->destroy(sans);
367 return NULL;
368 }
369 peer_key = this->private->get_public_key(this->private);
370 peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
371 BUILD_SIGNING_KEY, this->private,
372 BUILD_SIGNING_CERT, this->ca,
373 BUILD_DIGEST_ALG, this->digest,
374 BUILD_PUBLIC_KEY, peer_key,
375 BUILD_SUBJECT, dn ?: id,
376 BUILD_SUBJECT_ALTNAMES, sans,
377 BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
378 BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
379 BUILD_SERIAL, chunk_from_thing(serial),
380 BUILD_END);
381 peer_key->destroy(peer_key);
382 sans->destroy(sans);
383 DESTROY_IF(dn);
384 if (peer_cert)
385 {
386 return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
387 }
388 }
389 return NULL;
390 }
391
392 /**
393 * Filter function for shared keys, returning ID matches
394 */
395 static bool shared_filter(void *null, shared_key_t **in, shared_key_t **out,
396 void **un1, id_match_t *me, void **un2, id_match_t *other)
397 {
398 *out = *in;
399 if (me)
400 {
401 *me = ID_MATCH_ANY;
402 }
403 if (other)
404 {
405 *other = ID_MATCH_ANY;
406 }
407 return TRUE;
408 }
409
410 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
411 private_load_tester_creds_t *this, shared_key_type_t type,
412 identification_t *me, identification_t *other)
413 {
414 shared_key_t *shared;
415
416 switch (type)
417 {
418 case SHARED_IKE:
419 shared = this->psk;
420 break;
421 case SHARED_EAP:
422 shared = this->pwd;
423 break;
424 default:
425 return NULL;
426 }
427 return enumerator_create_filter(enumerator_create_single(shared, NULL),
428 (void*)shared_filter, NULL, NULL);
429 }
430
431 METHOD(load_tester_creds_t, destroy, void,
432 private_load_tester_creds_t *this)
433 {
434 this->cas->destroy_offset(this->cas, offsetof(certificate_t, destroy));
435 DESTROY_IF(this->private);
436 DESTROY_IF(this->ca);
437 this->psk->destroy(this->psk);
438 this->pwd->destroy(this->pwd);
439 free(this);
440 }
441
442 load_tester_creds_t *load_tester_creds_create()
443 {
444 private_load_tester_creds_t *this;
445 char *pwd, *psk, *digest;
446
447 psk = lib->settings->get_str(lib->settings,
448 "%s.plugins.load-tester.preshared_key", default_psk, charon->name);
449 pwd = lib->settings->get_str(lib->settings,
450 "%s.plugins.load-tester.eap_password", default_pwd, charon->name);
451 digest = lib->settings->get_str(lib->settings,
452 "%s.plugins.load-tester.digest", "sha1", charon->name);
453
454 INIT(this,
455 .public = {
456 .credential_set = {
457 .create_shared_enumerator = _create_shared_enumerator,
458 .create_private_enumerator = _create_private_enumerator,
459 .create_cert_enumerator = _create_cert_enumerator,
460 .create_cdp_enumerator = (void*)return_null,
461 .cache_cert = (void*)nop,
462 },
463 .destroy = _destroy,
464 },
465 .private = load_issuer_key(this),
466 .ca = load_issuer_cert(this),
467 .cas = linked_list_create(),
468 .digest = enum_from_name(hash_algorithm_short_names, digest),
469 .psk = shared_key_create(SHARED_IKE,
470 chunk_clone(chunk_create(psk, strlen(psk)))),
471 .pwd = shared_key_create(SHARED_EAP,
472 chunk_clone(chunk_create(pwd, strlen(pwd)))),
473 );
474
475 if (this->ca)
476 {
477 this->cas->insert_last(this->cas, this->ca->get_ref(this->ca));
478 }
479
480 if (this->digest == -1)
481 {
482 DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest);
483 this->digest = HASH_SHA1;
484 }
485
486 load_ca_certs(this);
487
488 return &this->public;
489 }
490
strongSwan - IPsec VPN