load-tester: Add a crl option to include a CRL uri in generated certificates
[strongswan.git] / src / libcharon / plugins / load_tester / load_tester_creds.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "load_tester_creds.h"
17
18 #include <time.h>
19 #include <sys/stat.h>
20
21 #include <daemon.h>
22 #include <credentials/keys/shared_key.h>
23 #include <credentials/certificates/x509.h>
24 #include <utils/identification.h>
25
26 typedef struct private_load_tester_creds_t private_load_tester_creds_t;
27
28 /**
29 * Private data of an load_tester_creds_t object
30 */
31 struct private_load_tester_creds_t {
32 /**
33 * Public part
34 */
35 load_tester_creds_t public;
36
37 /**
38 * Private key to create signatures
39 */
40 private_key_t *private;
41
42 /**
43 * CA certificate, to issue/verify peer certificates
44 */
45 certificate_t *ca;
46
47 /**
48 * Trusted CA certificates, including issuer CA
49 */
50 linked_list_t *cas;
51
52 /**
53 * Digest algorithm to issue certificates
54 */
55 hash_algorithm_t digest;
56
57 /**
58 * serial number to issue certificates
59 */
60 u_int32_t serial;
61
62 /**
63 * Preshared key for IKE
64 */
65 shared_key_t *psk;
66
67 /**
68 * Password for EAP
69 */
70 shared_key_t *pwd;
71
72 /**
73 * List of certificate distribution points to include in generated certs
74 */
75 linked_list_t *cdps;
76 };
77
78 /**
79 * 1024-bit RSA key:
80 -----BEGIN RSA PRIVATE KEY-----
81 MIICXQIBAAKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8EVRLx
82 JEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZqBUEC
83 7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQIDAQAB
84 AoGACVACtkxJf7VY2jWTPXwaQoy/uIqYfX3zhwI9i6eTbDlxCE+JDi/xzpKaWjLa
85 99RmjvP0OPArWQB239ck03x7gAm2obutosGbqbKzJZS5cyIayzyW9djZDHBdt9Ho
86 quKB39aspWit3xPzkrr+QeIkiggtmBKALTBxTwxAU+P6euECQQD4IPdrzKbCrO79
87 LKvoPrQQtTjL6ogag9rI9n2ZuoK3/XVybh2byOXT8tA5G5jSz9Ac8XeVOsnH9gT5
88 3WXeaLOFAkEA1vrm/hVSEasp5eATgQ7ig9CF+GGKqhTwXp/uOSl/h3IRmStu5J0C
89 9AkYyx0bn3j5R8iUEX/C00KSE1kQNh4NOQJAVOsLYlRG2idPH0xThQc4nuM2jes1
90 K0Xm8ZISSDNhm1BeCoyPC4rExTW7d1/vfG5svgsRrvvQpOOYrl7MB0Lz9QJBALhg
91 AWJiyLsskEd90Vx7dpvUaEHo7jMGuEx/X6GYzK5Oj3dNP9NEMfc4IhJ5SWqRJ0KA
92 bTVA3MexLXT4iqXPSkkCQQDSjLhBwvEnSuW4ElIMzBwLbu7573z2gzU82Mj6trrw
93 Osoox/vmcepT1Wjy4AvPZHgxp7vEXNSeS+M5L29QNTp8
94 -----END RSA PRIVATE KEY-----
95 */
96 static char private[] = {
97 0x30,0x82,0x02,0x5d,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xd0,0x5e,0xbe,0xe9,0xa0,
98 0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,0xa4,0xf4,0x77,
99 0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,0x55,0x12,0xf1,
100 0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,0xda,0xee,0xa4,
101 0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,0x90,0xea,0x4e,
102 0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,0x05,0x41,0x02,
103 0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,0x06,0xb8,0x94,
104 0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,0xe4,0xc4,0x07,
105 0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,0x01,0x00,0x01,
106 0x02,0x81,0x80,0x09,0x50,0x02,0xb6,0x4c,0x49,0x7f,0xb5,0x58,0xda,0x35,0x93,0x3d,
107 0x7c,0x1a,0x42,0x8c,0xbf,0xb8,0x8a,0x98,0x7d,0x7d,0xf3,0x87,0x02,0x3d,0x8b,0xa7,
108 0x93,0x6c,0x39,0x71,0x08,0x4f,0x89,0x0e,0x2f,0xf1,0xce,0x92,0x9a,0x5a,0x32,0xda,
109 0xf7,0xd4,0x66,0x8e,0xf3,0xf4,0x38,0xf0,0x2b,0x59,0x00,0x76,0xdf,0xd7,0x24,0xd3,
110 0x7c,0x7b,0x80,0x09,0xb6,0xa1,0xbb,0xad,0xa2,0xc1,0x9b,0xa9,0xb2,0xb3,0x25,0x94,
111 0xb9,0x73,0x22,0x1a,0xcb,0x3c,0x96,0xf5,0xd8,0xd9,0x0c,0x70,0x5d,0xb7,0xd1,0xe8,
112 0xaa,0xe2,0x81,0xdf,0xd6,0xac,0xa5,0x68,0xad,0xdf,0x13,0xf3,0x92,0xba,0xfe,0x41,
113 0xe2,0x24,0x8a,0x08,0x2d,0x98,0x12,0x80,0x2d,0x30,0x71,0x4f,0x0c,0x40,0x53,0xe3,
114 0xfa,0x7a,0xe1,0x02,0x41,0x00,0xf8,0x20,0xf7,0x6b,0xcc,0xa6,0xc2,0xac,0xee,0xfd,
115 0x2c,0xab,0xe8,0x3e,0xb4,0x10,0xb5,0x38,0xcb,0xea,0x88,0x1a,0x83,0xda,0xc8,0xf6,
116 0x7d,0x99,0xba,0x82,0xb7,0xfd,0x75,0x72,0x6e,0x1d,0x9b,0xc8,0xe5,0xd3,0xf2,0xd0,
117 0x39,0x1b,0x98,0xd2,0xcf,0xd0,0x1c,0xf1,0x77,0x95,0x3a,0xc9,0xc7,0xf6,0x04,0xf9,
118 0xdd,0x65,0xde,0x68,0xb3,0x85,0x02,0x41,0x00,0xd6,0xfa,0xe6,0xfe,0x15,0x52,0x11,
119 0xab,0x29,0xe5,0xe0,0x13,0x81,0x0e,0xe2,0x83,0xd0,0x85,0xf8,0x61,0x8a,0xaa,0x14,
120 0xf0,0x5e,0x9f,0xee,0x39,0x29,0x7f,0x87,0x72,0x11,0x99,0x2b,0x6e,0xe4,0x9d,0x02,
121 0xf4,0x09,0x18,0xcb,0x1d,0x1b,0x9f,0x78,0xf9,0x47,0xc8,0x94,0x11,0x7f,0xc2,0xd3,
122 0x42,0x92,0x13,0x59,0x10,0x36,0x1e,0x0d,0x39,0x02,0x40,0x54,0xeb,0x0b,0x62,0x54,
123 0x46,0xda,0x27,0x4f,0x1f,0x4c,0x53,0x85,0x07,0x38,0x9e,0xe3,0x36,0x8d,0xeb,0x35,
124 0x2b,0x45,0xe6,0xf1,0x92,0x12,0x48,0x33,0x61,0x9b,0x50,0x5e,0x0a,0x8c,0x8f,0x0b,
125 0x8a,0xc4,0xc5,0x35,0xbb,0x77,0x5f,0xef,0x7c,0x6e,0x6c,0xbe,0x0b,0x11,0xae,0xfb,
126 0xd0,0xa4,0xe3,0x98,0xae,0x5e,0xcc,0x07,0x42,0xf3,0xf5,0x02,0x41,0x00,0xb8,0x60,
127 0x01,0x62,0x62,0xc8,0xbb,0x2c,0x90,0x47,0x7d,0xd1,0x5c,0x7b,0x76,0x9b,0xd4,0x68,
128 0x41,0xe8,0xee,0x33,0x06,0xb8,0x4c,0x7f,0x5f,0xa1,0x98,0xcc,0xae,0x4e,0x8f,0x77,
129 0x4d,0x3f,0xd3,0x44,0x31,0xf7,0x38,0x22,0x12,0x79,0x49,0x6a,0x91,0x27,0x42,0x80,
130 0x6d,0x35,0x40,0xdc,0xc7,0xb1,0x2d,0x74,0xf8,0x8a,0xa5,0xcf,0x4a,0x49,0x02,0x41,
131 0x00,0xd2,0x8c,0xb8,0x41,0xc2,0xf1,0x27,0x4a,0xe5,0xb8,0x12,0x52,0x0c,0xcc,0x1c,
132 0x0b,0x6e,0xee,0xf9,0xef,0x7c,0xf6,0x83,0x35,0x3c,0xd8,0xc8,0xfa,0xb6,0xba,0xf0,
133 0x3a,0xca,0x28,0xc7,0xfb,0xe6,0x71,0xea,0x53,0xd5,0x68,0xf2,0xe0,0x0b,0xcf,0x64,
134 0x78,0x31,0xa7,0xbb,0xc4,0x5c,0xd4,0x9e,0x4b,0xe3,0x39,0x2f,0x6f,0x50,0x35,0x3a,
135 0x7c,
136 };
137
138 /**
139 * And an associated self-signed certificate
140 -----BEGIN CERTIFICATE-----
141 MIIB9DCCAV2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA3MQwwCgYDVQQDEwNzcnYx
142 EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0wODEy
143 MDgxODU4NDhaFw0xODEyMDYxODU4NDhaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
144 CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
145 AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
146 VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
147 BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
148 AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF39Xedyk2wj
149 qOcaaZ7ypb8RDlLvS0uaJMVtLtIhtb2weMMlgdmOnKXEYrJL2/mbp14Fhe+XYME9
150 nZLAnmUnX8bQWCsQlajb7YGE8w6QDMwXUVgSXTMhRl+PRX2CMIUzU21h1EIx65Po
151 CwMLbJ7vQqwPHXRitDmNkEOK9H+vRnDf
152 -----END CERTIFICATE-----
153
154 */
155 static char cert[] = {
156 0x30,0x82,0x01,0xf4,0x30,0x82,0x01,0x5d,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
157 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,
158 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
159 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
160 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
161 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x30,0x38,0x31,0x32,
162 0x30,0x38,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x17,0x0d,0x31,0x38,0x31,0x32,0x30,
163 0x36,0x31,0x38,0x35,0x38,0x34,0x38,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
164 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
165 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
166 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
167 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
168 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
169 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
170 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
171 0x55,0x12,0xf1,0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,
172 0xda,0xee,0xa4,0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,
173 0x90,0xea,0x4e,0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,
174 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
175 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
176 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
177 0x01,0x00,0x01,0xa3,0x10,0x30,0x0e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x04,0x05,
178 0x30,0x03,0x01,0x01,0xff,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
179 0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x5d,0xfd,0x5d,0xe7,0x72,0x93,0x6c,0x23,
180 0xa8,0xe7,0x1a,0x69,0x9e,0xf2,0xa5,0xbf,0x11,0x0e,0x52,0xef,0x4b,0x4b,0x9a,0x24,
181 0xc5,0x6d,0x2e,0xd2,0x21,0xb5,0xbd,0xb0,0x78,0xc3,0x25,0x81,0xd9,0x8e,0x9c,0xa5,
182 0xc4,0x62,0xb2,0x4b,0xdb,0xf9,0x9b,0xa7,0x5e,0x05,0x85,0xef,0x97,0x60,0xc1,0x3d,
183 0x9d,0x92,0xc0,0x9e,0x65,0x27,0x5f,0xc6,0xd0,0x58,0x2b,0x10,0x95,0xa8,0xdb,0xed,
184 0x81,0x84,0xf3,0x0e,0x90,0x0c,0xcc,0x17,0x51,0x58,0x12,0x5d,0x33,0x21,0x46,0x5f,
185 0x8f,0x45,0x7d,0x82,0x30,0x85,0x33,0x53,0x6d,0x61,0xd4,0x42,0x31,0xeb,0x93,0xe8,
186 0x0b,0x03,0x0b,0x6c,0x9e,0xef,0x42,0xac,0x0f,0x1d,0x74,0x62,0xb4,0x39,0x8d,0x90,
187 0x43,0x8a,0xf4,0x7f,0xaf,0x46,0x70,0xdf,
188 };
189
190
191 /**
192 * Default IKE preshared key
193 */
194 static char *default_psk = "default-psk";
195
196 /**
197 * Default EAP password for EAP
198 */
199 static char *default_pwd = "default-pwd";
200
201
202 /**
203 * Load the private key, hard-coded or from a file
204 */
205 static private_key_t *load_issuer_key()
206 {
207 char *path;
208
209 path = lib->settings->get_str(lib->settings,
210 "%s.plugins.load-tester.issuer_key", NULL, lib->ns);
211 if (!path)
212 {
213 return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
214 BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
215 BUILD_END);
216 }
217 DBG1(DBG_CFG, "loading load-tester private key from '%s'", path);
218 return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
219 BUILD_FROM_FILE, path, BUILD_END);
220 }
221
222 /**
223 * Load the issuing certificate, hard-coded or from a file
224 */
225 static certificate_t *load_issuer_cert()
226 {
227 char *path;
228
229 path = lib->settings->get_str(lib->settings,
230 "%s.plugins.load-tester.issuer_cert", NULL, lib->ns);
231 if (!path)
232 {
233 return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
234 BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)),
235 BUILD_X509_FLAG, X509_CA,
236 BUILD_END);
237 }
238 DBG1(DBG_CFG, "loading load-tester issuer cert from '%s'", path);
239 return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
240 BUILD_FROM_FILE, path, BUILD_END);
241 }
242
243 /**
244 * Load (intermediate) CA certificates, hard-coded or from a file
245 */
246 static void load_ca_certs(private_load_tester_creds_t *this)
247 {
248 enumerator_t *enumerator;
249 certificate_t *cert;
250 struct stat st;
251 char *path;
252
253 path = lib->settings->get_str(lib->settings,
254 "%s.plugins.load-tester.ca_dir", NULL, lib->ns);
255 if (path)
256 {
257 enumerator = enumerator_create_directory(path);
258 if (enumerator)
259 {
260 while (enumerator->enumerate(enumerator, NULL, &path, &st))
261 {
262 if (S_ISREG(st.st_mode))
263 {
264 DBG1(DBG_CFG, "loading load-tester CA cert from '%s'", path);
265 cert = lib->creds->create(lib->creds,
266 CRED_CERTIFICATE, CERT_X509,
267 BUILD_FROM_FILE, path, BUILD_END);
268 if (cert)
269 {
270 this->cas->insert_last(this->cas, cert);
271 }
272 }
273 }
274 enumerator->destroy(enumerator);
275 }
276 }
277 }
278
279 METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
280 private_load_tester_creds_t *this, key_type_t type, identification_t *id)
281 {
282 if (this->private == NULL)
283 {
284 return NULL;
285 }
286 if (type != KEY_ANY && type != KEY_RSA)
287 {
288 return NULL;
289 }
290 if (id)
291 {
292 if (!this->private->has_fingerprint(this->private, id->get_encoding(id)))
293 {
294 return NULL;
295 }
296 }
297 return enumerator_create_single(this->private, NULL);
298 }
299
300 METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
301 private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key,
302 identification_t *id, bool trusted)
303 {
304 enumerator_t *enumerator;
305 certificate_t *peer_cert, *ca_cert;
306 public_key_t *peer_key, *ca_key;
307 identification_t *dn = NULL;
308 linked_list_t *sans;
309 char buf[128];
310 u_int32_t serial;
311 time_t now;
312
313 if (this->ca == NULL)
314 {
315 return NULL;
316 }
317 if (cert != CERT_ANY && cert != CERT_X509)
318 {
319 return NULL;
320 }
321 if (key != KEY_ANY && key != KEY_RSA)
322 {
323 return NULL;
324 }
325 if (!id)
326 {
327 return this->cas->create_enumerator(this->cas);
328 }
329 ca_key = this->ca->get_public_key(this->ca);
330 if (ca_key)
331 {
332 if (ca_key->has_fingerprint(ca_key, id->get_encoding(id)))
333 {
334 ca_key->destroy(ca_key);
335 return enumerator_create_single(this->ca, NULL);
336 }
337 ca_key->destroy(ca_key);
338 }
339 enumerator = this->cas->create_enumerator(this->cas);
340 while (enumerator->enumerate(enumerator, &ca_cert))
341 {
342 if (ca_cert->has_subject(ca_cert, id))
343 {
344 enumerator->destroy(enumerator);
345 return enumerator_create_single(ca_cert, NULL);
346 }
347 }
348 enumerator->destroy(enumerator);
349
350 if (!trusted && this->private)
351 {
352 /* peer certificate, generate on demand */
353 serial = htonl(++this->serial);
354 now = time(NULL);
355 sans = linked_list_create();
356
357 switch (id->get_type(id))
358 {
359 case ID_DER_ASN1_DN:
360 break;
361 case ID_FQDN:
362 case ID_RFC822_ADDR:
363 case ID_IPV4_ADDR:
364 case ID_IPV6_ADDR:
365 /* encode as subjectAltName, construct a sane DN */
366 sans->insert_last(sans, id);
367 snprintf(buf, sizeof(buf), "CN=%Y", id);
368 dn = identification_create_from_string(buf);
369 break;
370 default:
371 sans->destroy(sans);
372 return NULL;
373 }
374 peer_key = this->private->get_public_key(this->private);
375 peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
376 BUILD_SIGNING_KEY, this->private,
377 BUILD_SIGNING_CERT, this->ca,
378 BUILD_DIGEST_ALG, this->digest,
379 BUILD_PUBLIC_KEY, peer_key,
380 BUILD_SUBJECT, dn ?: id,
381 BUILD_SUBJECT_ALTNAMES, sans,
382 BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
383 BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
384 BUILD_SERIAL, chunk_from_thing(serial),
385 BUILD_CRL_DISTRIBUTION_POINTS, this->cdps,
386 BUILD_END);
387 peer_key->destroy(peer_key);
388 sans->destroy(sans);
389 DESTROY_IF(dn);
390 if (peer_cert)
391 {
392 return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
393 }
394 }
395 return NULL;
396 }
397
398 /**
399 * Filter function for shared keys, returning ID matches
400 */
401 static bool shared_filter(void *null, shared_key_t **in, shared_key_t **out,
402 void **un1, id_match_t *me, void **un2, id_match_t *other)
403 {
404 *out = *in;
405 if (me)
406 {
407 *me = ID_MATCH_ANY;
408 }
409 if (other)
410 {
411 *other = ID_MATCH_ANY;
412 }
413 return TRUE;
414 }
415
416 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
417 private_load_tester_creds_t *this, shared_key_type_t type,
418 identification_t *me, identification_t *other)
419 {
420 shared_key_t *shared;
421
422 switch (type)
423 {
424 case SHARED_IKE:
425 shared = this->psk;
426 break;
427 case SHARED_EAP:
428 shared = this->pwd;
429 break;
430 default:
431 return NULL;
432 }
433 return enumerator_create_filter(enumerator_create_single(shared, NULL),
434 (void*)shared_filter, NULL, NULL);
435 }
436
437 METHOD(load_tester_creds_t, destroy, void,
438 private_load_tester_creds_t *this)
439 {
440 this->cas->destroy_offset(this->cas, offsetof(certificate_t, destroy));
441 DESTROY_IF(this->private);
442 DESTROY_IF(this->ca);
443 this->psk->destroy(this->psk);
444 this->pwd->destroy(this->pwd);
445 this->cdps->destroy_function(this->cdps, free);
446 free(this);
447 }
448
449 load_tester_creds_t *load_tester_creds_create()
450 {
451 private_load_tester_creds_t *this;
452 char *pwd, *psk, *digest, *crl;
453
454 psk = lib->settings->get_str(lib->settings,
455 "%s.plugins.load-tester.preshared_key", default_psk, lib->ns);
456 pwd = lib->settings->get_str(lib->settings,
457 "%s.plugins.load-tester.eap_password", default_pwd, lib->ns);
458 digest = lib->settings->get_str(lib->settings,
459 "%s.plugins.load-tester.digest", "sha1", lib->ns);
460 crl = lib->settings->get_str(lib->settings,
461 "%s.plugins.load-tester.crl", NULL, lib->ns);
462
463 INIT(this,
464 .public = {
465 .credential_set = {
466 .create_shared_enumerator = _create_shared_enumerator,
467 .create_private_enumerator = _create_private_enumerator,
468 .create_cert_enumerator = _create_cert_enumerator,
469 .create_cdp_enumerator = (void*)return_null,
470 .cache_cert = (void*)nop,
471 },
472 .destroy = _destroy,
473 },
474 .private = load_issuer_key(),
475 .ca = load_issuer_cert(),
476 .cas = linked_list_create(),
477 .cdps = linked_list_create(),
478 .psk = shared_key_create(SHARED_IKE,
479 chunk_clone(chunk_create(psk, strlen(psk)))),
480 .pwd = shared_key_create(SHARED_EAP,
481 chunk_clone(chunk_create(pwd, strlen(pwd)))),
482 );
483
484 if (this->ca)
485 {
486 this->cas->insert_last(this->cas, this->ca->get_ref(this->ca));
487 }
488
489 if (!enum_from_name(hash_algorithm_short_names, digest, &this->digest))
490 {
491 DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest);
492 this->digest = HASH_SHA1;
493 }
494
495 if (crl)
496 {
497 x509_cdp_t *cdp;
498
499 INIT(cdp,
500 .uri = crl,
501 );
502 this->cdps->insert_last(this->cdps, cdp);
503 }
504
505 load_ca_certs(this);
506
507 return &this->public;
508 }