support optional SSL passphrase for Axis2/C connection
[strongswan.git] / src / libcharon / plugins / tnc_ifmap / tnc_ifmap_soap.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap_soap.h"
17
18 #include <debug.h>
19
20 #include <axis2_util.h>
21 #include <axis2_client.h>
22 #include <axis2_http_transport.h>
23 #include <axis2_http_transport_sender.h>
24 #include <axiom_soap.h>
25
26 #define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
27 #define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
28 #define IFMAP_LOGFILE "strongswan_ifmap.log"
29 #define IFMAP_SERVER "https://localhost:8443/"
30
31 typedef struct private_tnc_ifmap_soap_t private_tnc_ifmap_soap_t;
32
33 /**
34 * Private data of an tnc_ifmap_soap_t object.
35 */
36 struct private_tnc_ifmap_soap_t {
37
38 /**
39 * Public tnc_ifmap_soap_t interface.
40 */
41 tnc_ifmap_soap_t public;
42
43 /**
44 * Axis2/C environment
45 */
46 axutil_env_t *env;
47
48 /**
49 * Axis2 service client
50 */
51 axis2_svc_client_t* svc_client;
52
53 /**
54 * SOAP Session ID
55 */
56 char *session_id;
57
58 /**
59 * IF-MAP Publisher ID
60 */
61 char *ifmap_publisher_id;
62
63 /**
64 * PEP and PDP device name
65 */
66 char *device_name;
67
68 };
69
70 /**
71 * Send request and receive result via SOAP
72 */
73 static bool send_receive(private_tnc_ifmap_soap_t *this,
74 char *request_qname, axiom_node_t *request,
75 char *receipt_qname, axiom_node_t **result)
76
77 {
78 axiom_node_t *parent, *node;
79 axiom_element_t *el;
80 axutil_qname_t *qname;
81 bool success = FALSE;
82
83 /* send request and receive result */
84 DBG2(DBG_TNC, "sending ifmap %s", request_qname);
85
86 parent = axis2_svc_client_send_receive(this->svc_client, this->env, request);
87 if (!parent)
88 {
89 DBG1(DBG_TNC, "no ifmap %s received from MAP server", receipt_qname);
90 return FALSE;
91 }
92
93 /* pre-process result */
94 node = axiom_node_get_first_child(parent, this->env);
95 if (node && axiom_node_get_node_type(node, this->env) == AXIOM_ELEMENT)
96 {
97 el = (axiom_element_t *)axiom_node_get_data_element(node, this->env);
98
99 qname = axiom_element_get_qname(el, this->env, node);
100 success = streq(receipt_qname, axutil_qname_to_string(qname, this->env));
101 if (success)
102 {
103 DBG2(DBG_TNC, "received ifmap %s", receipt_qname);
104 if (result)
105 {
106 *result = parent;
107 }
108 else
109 {
110 /* no further processing requested */
111 axiom_node_free_tree(parent, this->env);
112 }
113 return TRUE;
114 }
115 /* TODO proper error handling */
116 DBG1(DBG_TNC, "%s", axiom_element_to_string(el, this->env, node));
117 }
118
119 /* free parent in the error case */
120 axiom_node_free_tree(parent, this->env);
121
122 return FALSE;
123 }
124
125 METHOD(tnc_ifmap_soap_t, newSession, bool,
126 private_tnc_ifmap_soap_t *this)
127 {
128 axiom_node_t *request, *result, *node;
129 axiom_element_t *el;
130 axiom_namespace_t *ns;
131 axis2_char_t *value;
132
133
134 /* build newSession request */
135 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
136 el = axiom_element_create(this->env, NULL, "newSession", ns, &request);
137
138 /* send newSession request and receive newSessionResult */
139 if (!send_receive(this, "newSession", request, "newSessionResult", &result))
140 {
141 return FALSE;
142 }
143
144 /* process newSessionResult */
145 node = axiom_node_get_first_child(result, this->env);
146 el = (axiom_element_t *)axiom_node_get_data_element(node, this->env);
147
148 /* get session-id */
149 value = axiom_element_get_attribute_value_by_name(el, this->env,
150 "session-id");
151 this->session_id = strdup(value);
152
153 /* get ifmap-publisher-id */
154 value = axiom_element_get_attribute_value_by_name(el, this->env,
155 "ifmap-publisher-id");
156 this->ifmap_publisher_id = strdup(value);
157
158 DBG1(DBG_TNC, "session-id: %s, ifmap-publisher-id: %s",
159 this->session_id, this->ifmap_publisher_id);
160
161 /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
162 this->device_name = lib->settings->get_str(lib->settings,
163 "charon.plugins.tnc-ifmap.device_name",
164 this->ifmap_publisher_id);
165 this->device_name = strdup(this->device_name);
166
167 /* free result */
168 axiom_node_free_tree(result, this->env);
169
170 return this->session_id && this->ifmap_publisher_id;
171 }
172
173 METHOD(tnc_ifmap_soap_t, purgePublisher, bool,
174 private_tnc_ifmap_soap_t *this)
175 {
176 axiom_node_t *request;
177 axiom_element_t *el;
178 axiom_namespace_t *ns;
179 axiom_attribute_t *attr;
180
181 /* build purgePublisher request */
182 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
183 el = axiom_element_create(this->env, NULL, "purgePublisher", ns, &request);
184 attr = axiom_attribute_create(this->env, "session-id",
185 this->session_id, NULL);
186 axiom_element_add_attribute(el, this->env, attr, request);
187 attr = axiom_attribute_create(this->env, "ifmap-publisher-id",
188 this->ifmap_publisher_id, NULL);
189 axiom_element_add_attribute(el, this->env, attr, request);
190
191 /* send purgePublisher request and receive purgePublisherReceived */
192 return send_receive(this, "purgePublisher", request,
193 "purgePublisherReceived", NULL);
194 }
195
196 /**
197 * Create an access-request based on device_name and ike_sa_id
198 */
199 static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this,
200 u_int32_t id)
201 {
202 axiom_element_t *el;
203 axiom_node_t *node;
204 axiom_attribute_t *attr;
205 char buf[BUF_LEN];
206
207 el = axiom_element_create(this->env, NULL, "access-request", NULL, &node);
208
209 snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id);
210 attr = axiom_attribute_create(this->env, "name", buf, NULL);
211 axiom_element_add_attribute(el, this->env, attr, node);
212
213 return node;
214 }
215
216 /**
217 * Create an identity
218 */
219 static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
220 identification_t *id, bool is_user)
221 {
222 axiom_element_t *el;
223 axiom_node_t *node;
224 axiom_attribute_t *attr;
225 char buf[BUF_LEN], *id_type;
226
227 el = axiom_element_create(this->env, NULL, "identity", NULL, &node);
228
229 snprintf(buf, BUF_LEN, "%Y", id);
230 attr = axiom_attribute_create(this->env, "name", buf, NULL);
231 axiom_element_add_attribute(el, this->env, attr, node);
232
233 switch (id->get_type(id))
234 {
235 case ID_IPV4_ADDR:
236 id_type = "other";
237 attr = axiom_attribute_create(this->env, "other-type-definition",
238 "36906:ipv4-address", NULL);
239 axiom_element_add_attribute(el, this->env, attr, node);
240 break;
241 case ID_FQDN:
242 id_type = is_user ? "username" : "dns-name";
243 break;
244 case ID_RFC822_ADDR:
245 id_type = "email-address";
246 break;
247 case ID_IPV6_ADDR:
248 id_type = "other";
249 attr = axiom_attribute_create(this->env, "other-type-definition",
250 "36906:ipv6-address", NULL);
251 axiom_element_add_attribute(el, this->env, attr, node);
252 break;
253 case ID_DER_ASN1_DN:
254 id_type = "distinguished-name";
255 break;
256 case ID_KEY_ID:
257 id_type = "other";
258 attr = axiom_attribute_create(this->env, "other-type-definition",
259 "36906:key-id", NULL);
260 axiom_element_add_attribute(el, this->env, attr, node);
261 break;
262 default:
263 id_type = "other";
264 attr = axiom_attribute_create(this->env, "other-type-definition",
265 "36906:other", NULL);
266 axiom_element_add_attribute(el, this->env, attr, node);
267 }
268 attr = axiom_attribute_create(this->env, "type", id_type, NULL);
269 axiom_element_add_attribute(el, this->env, attr, node);
270
271 return node;
272 }
273
274 /**
275 * Create an ip-address
276 */
277 static axiom_node_t* create_ip_address(private_tnc_ifmap_soap_t *this,
278 host_t *host)
279 {
280 axiom_element_t *el;
281 axiom_node_t *node;
282 axiom_attribute_t *attr;
283 char buf[BUF_LEN];
284
285 el = axiom_element_create(this->env, NULL, "ip-address", NULL, &node);
286
287 if (host->get_family(host) == AF_INET6)
288 {
289 chunk_t address;
290 int len, written, i;
291 char *pos;
292 bool first = TRUE;
293
294 /* output IPv6 address in canonical IF-MAP 2.0 format */
295 address = host->get_address(host);
296 pos = buf;
297 len = sizeof(buf);
298
299 for (i = 0; i < address.len; i = i + 2)
300 {
301 written = snprintf(pos, len, "%s%x", first ? "" : ":",
302 256*address.ptr[i] + address.ptr[i+1]);
303 if (written < 0 || written > len)
304 {
305 break;
306 }
307 pos += written;
308 len -= written;
309 first = FALSE;
310 }
311 }
312 else
313 {
314 snprintf(buf, BUF_LEN, "%H", host);
315 }
316 attr = axiom_attribute_create(this->env, "value", buf, NULL);
317 axiom_element_add_attribute(el, this->env, attr, node);
318
319 attr = axiom_attribute_create(this->env, "type",
320 host->get_family(host) == AF_INET ? "IPv4" : "IPv6", NULL);
321 axiom_element_add_attribute(el, this->env, attr, node);
322
323 return node;
324 }
325
326 /**
327 * Create a device
328 */
329 static axiom_node_t* create_device(private_tnc_ifmap_soap_t *this)
330 {
331 axiom_element_t *el;
332 axiom_node_t *node, *node2, *node3;
333 axiom_text_t *text;
334
335 el = axiom_element_create(this->env, NULL, "device", NULL, &node);
336 el = axiom_element_create(this->env, NULL, "name", NULL, &node2);
337 axiom_node_add_child(node, this->env, node2);
338 text = axiom_text_create(this->env, node2, this->device_name, &node3);
339
340 return node;
341 }
342
343 /**
344 * Create metadata
345 */
346 static axiom_node_t* create_metadata(private_tnc_ifmap_soap_t *this,
347 char *metadata)
348 {
349 axiom_element_t *el;
350 axiom_node_t *node, *node2;
351 axiom_attribute_t *attr;
352 axiom_namespace_t *ns_meta;
353
354 el = axiom_element_create(this->env, NULL, "metadata", NULL, &node);
355 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
356
357 el = axiom_element_create(this->env, NULL, metadata, ns_meta, &node2);
358 axiom_node_add_child(node, this->env, node2);
359 attr = axiom_attribute_create(this->env, "ifmap-cardinality", "singleValue",
360 NULL);
361 axiom_element_add_attribute(el, this->env, attr, node2);
362
363 return node;
364 }
365
366 /**
367 * Create capability metadata
368 */
369 static axiom_node_t* create_capability(private_tnc_ifmap_soap_t *this,
370 identification_t *name)
371 {
372 axiom_element_t *el;
373 axiom_node_t *node, *node2, *node3;
374 axiom_namespace_t *ns_meta;
375 axiom_attribute_t *attr;
376 axiom_text_t *text;
377 char buf[BUF_LEN];
378
379 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
380 el = axiom_element_create(this->env, NULL, "capability", ns_meta, &node);
381 attr = axiom_attribute_create(this->env, "ifmap-cardinality", "multiValue",
382 NULL);
383 axiom_element_add_attribute(el, this->env, attr, node);
384
385 el = axiom_element_create(this->env, NULL, "name", NULL, &node2);
386 axiom_node_add_child(node, this->env, node2);
387 snprintf(buf, BUF_LEN, "%Y", name);
388 text = axiom_text_create(this->env, node2, buf, &node3);
389
390 el = axiom_element_create(this->env, NULL, "administrative-domain", NULL, &node2);
391 axiom_node_add_child(node, this->env, node2);
392 text = axiom_text_create(this->env, node2, "strongswan", &node3);
393
394 return node;
395 }
396
397 /**
398 * Create enforcement-report metadata
399 */
400 static axiom_node_t* create_enforcement_report(private_tnc_ifmap_soap_t *this,
401 char *action, char *reason)
402 {
403 axiom_element_t *el;
404 axiom_node_t *node, *node2, *node3, *node4;
405 axiom_namespace_t *ns_meta;
406 axiom_attribute_t *attr;
407 axiom_text_t *text;
408
409 el = axiom_element_create(this->env, NULL, "metadata", NULL, &node);
410
411 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
412 el = axiom_element_create(this->env, NULL, "enforcement-report", ns_meta,
413 &node2);
414 attr = axiom_attribute_create(this->env, "ifmap-cardinality",
415 "multiValue", NULL);
416 axiom_element_add_attribute(el, this->env, attr, node2);
417 axiom_node_add_child(node, this->env, node2);
418
419 el = axiom_element_create(this->env, NULL, "enforcement-action", NULL,
420 &node3);
421 axiom_node_add_child(node2, this->env, node3);
422 text = axiom_text_create(this->env, node3, action, &node4);
423
424 el = axiom_element_create(this->env, NULL, "enforcement-reason", NULL,
425 &node3);
426 axiom_node_add_child(node2, this->env, node3);
427 text = axiom_text_create(this->env, node3, reason, &node4);
428
429 return node;
430 }
431
432 /**
433 * Create delete filter
434 */
435 static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this,
436 char *metadata)
437 {
438 axiom_element_t *el;
439 axiom_node_t *node;
440 axiom_attribute_t *attr;
441 char buf[BUF_LEN];
442
443 el = axiom_element_create(this->env, NULL, "delete", NULL, &node);
444
445 snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']",
446 metadata, this->ifmap_publisher_id);
447 attr = axiom_attribute_create(this->env, "filter", buf, NULL);
448 axiom_element_add_attribute(el, this->env, attr, node);
449
450 return node;
451 }
452
453 /**
454 * Create a publish request
455 */
456 static axiom_node_t* create_publish_request(private_tnc_ifmap_soap_t *this)
457 {
458 axiom_element_t *el;
459 axiom_node_t *request;
460 axiom_namespace_t *ns, *ns_meta;
461 axiom_attribute_t *attr;
462
463 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
464 el = axiom_element_create(this->env, NULL, "publish", ns, &request);
465 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
466 axiom_element_declare_namespace(el, this->env, request, ns_meta);
467 attr = axiom_attribute_create(this->env, "session-id", this->session_id,
468 NULL);
469 axiom_element_add_attribute(el, this->env, attr, request);
470
471 return request;
472 }
473
474 METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
475 private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool up)
476 {
477 axiom_node_t *request, *node, *node2;
478 axiom_element_t *el;
479
480 enumerator_t *e1, *e2;
481 auth_rule_t type;
482 identification_t *id, *eap_id, *group;
483 host_t *host;
484 auth_cfg_t *auth;
485 u_int32_t ike_sa_id;
486 bool is_user = FALSE, first = TRUE;
487
488 /* extract relevant data from IKE_SA*/
489 ike_sa_id = ike_sa->get_unique_id(ike_sa);
490 id = ike_sa->get_other_id(ike_sa);
491 eap_id = ike_sa->get_other_eap_id(ike_sa);
492 host = ike_sa->get_other_host(ike_sa);
493
494 /* in the presence of an EAP Identity, treat it as a username */
495 if (!id->equals(id, eap_id))
496 {
497 is_user = TRUE;
498 id = eap_id;
499 }
500
501 /* build publish request */
502 request = create_publish_request(this);
503
504 /* delete any existing enforcement reports */
505 if (up)
506 {
507 node = create_delete_filter(this, "enforcement-report");
508 axiom_node_add_child(request, this->env, node);
509 axiom_node_add_child(node, this->env,
510 create_ip_address(this, host));
511 axiom_node_add_child(node, this->env,
512 create_device(this));
513 }
514
515 /**
516 * update or delete authenticated-as metadata
517 */
518 if (up)
519 {
520 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
521 }
522 else
523 {
524 node = create_delete_filter(this, "authenticated-as");
525 }
526 axiom_node_add_child(request, this->env, node);
527
528 /* add access-request, identity and [if up] metadata */
529 axiom_node_add_child(node, this->env,
530 create_access_request(this, ike_sa_id));
531 axiom_node_add_child(node, this->env,
532 create_identity(this, id, is_user));
533 if (up)
534 {
535 axiom_node_add_child(node, this->env,
536 create_metadata(this, "authenticated-as"));
537 }
538
539 /**
540 * update or delete access-request-ip metadata
541 */
542 if (up)
543 {
544 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
545 }
546 else
547 {
548 node = create_delete_filter(this, "access-request-ip");
549 }
550 axiom_node_add_child(request, this->env, node);
551
552 /* add access-request, ip-address and [if up] metadata */
553 axiom_node_add_child(node, this->env,
554 create_access_request(this, ike_sa_id));
555 axiom_node_add_child(node, this->env,
556 create_ip_address(this, host));
557 if (up)
558 {
559 axiom_node_add_child(node, this->env,
560 create_metadata(this, "access-request-ip"));
561 }
562
563 /**
564 * update or delete authenticated-by metadata
565 */
566 if (up)
567 {
568 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
569 }
570 else
571 {
572 node = create_delete_filter(this, "authenticated-by");
573 }
574 axiom_node_add_child(request, this->env, node);
575
576 /* add access-request, device and [if up] metadata */
577 axiom_node_add_child(node, this->env,
578 create_access_request(this, ike_sa_id));
579 axiom_node_add_child(node, this->env,
580 create_device(this));
581 if (up)
582 {
583 axiom_node_add_child(node, this->env,
584 create_metadata(this, "authenticated-by"));
585 }
586
587 /**
588 * update or delete capability metadata
589 */
590 e1 = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
591 while (e1->enumerate(e1, &auth))
592 {
593 e2 = auth->create_enumerator(auth);
594 while (e2->enumerate(e2, &type, &group))
595 {
596 /* look for group memberships */
597 if (type == AUTH_RULE_GROUP)
598 {
599 if (first)
600 {
601 first = FALSE;
602
603 if (up)
604 {
605 el = axiom_element_create(this->env, NULL, "update",
606 NULL, &node);
607 }
608 else
609 {
610 node = create_delete_filter(this, "capability");
611 }
612 axiom_node_add_child(request, this->env, node);
613
614 /* add access-request */
615 axiom_node_add_child(node, this->env,
616 create_access_request(this, ike_sa_id));
617 if (!up)
618 {
619 break;
620 }
621 el = axiom_element_create(this->env, NULL, "metadata", NULL,
622 &node2);
623 axiom_node_add_child(node, this->env, node2);
624 }
625 axiom_node_add_child(node2, this->env,
626 create_capability(this, group));
627 }
628 if (!first && !up)
629 {
630 break;
631 }
632 }
633 e2->destroy(e2);
634 }
635 e1->destroy(e1);
636
637 /* send publish request and receive publishReceived */
638 return send_receive(this, "publish", request, "publishReceived", NULL);
639 }
640
641 METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
642 private_tnc_ifmap_soap_t *this, host_t *host)
643 {
644 axiom_node_t *request, *node;
645 axiom_element_t *el;
646
647 /* build publish update request */
648 request = create_publish_request(this);
649 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
650 axiom_node_add_child(request, this->env, node);
651
652 /* add device, ip-address and metadata */
653 axiom_node_add_child(node, this->env,
654 create_device(this));
655 axiom_node_add_child(node, this->env,
656 create_ip_address(this, host));
657 axiom_node_add_child(node, this->env,
658 create_metadata(this, "device-ip"));
659
660 /* send publish request and receive publishReceived */
661 return send_receive(this, "publish", request, "publishReceived", NULL);
662 }
663
664 METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool,
665 private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason)
666 {
667 axiom_node_t *request, *node;
668 axiom_element_t *el;
669
670 /* build publish update request */
671 request = create_publish_request(this);
672 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
673 axiom_node_add_child(request, this->env, node);
674
675 /* add ip-address and metadata */
676 axiom_node_add_child(node, this->env,
677 create_ip_address(this, host));
678 axiom_node_add_child(node, this->env,
679 create_device(this));
680 axiom_node_add_child(node, this->env,
681 create_enforcement_report(this, action, reason));
682
683 /* send publish request and receive publishReceived */
684 return send_receive(this, "publish", request, "publishReceived", NULL);
685 }
686
687 METHOD(tnc_ifmap_soap_t, endSession, bool,
688 private_tnc_ifmap_soap_t *this)
689 {
690 axiom_node_t *request;
691 axiom_element_t *el;
692 axiom_namespace_t *ns;
693 axiom_attribute_t *attr;
694
695 /* build endSession request */
696 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
697 el = axiom_element_create(this->env, NULL, "endSession", ns, &request);
698 attr = axiom_attribute_create(this->env, "session-id", this->session_id, NULL);
699 axiom_element_add_attribute(el, this->env, attr, request);
700
701 /* send endSession request and receive end SessionResult */
702 return send_receive(this, "endSession", request, "endSessionResult", NULL);
703 }
704
705 METHOD(tnc_ifmap_soap_t, destroy, void,
706 private_tnc_ifmap_soap_t *this)
707 {
708 if (this->session_id)
709 {
710 endSession(this);
711 free(this->session_id);
712 free(this->ifmap_publisher_id);
713 free(this->device_name);
714 }
715 if (this->svc_client)
716 {
717 axis2_svc_client_free(this->svc_client, this->env);
718 }
719 if (this->env)
720 {
721 axutil_env_free(this->env);
722 }
723 free(this);
724 }
725
726 static bool axis2c_init(private_tnc_ifmap_soap_t *this)
727 {
728 axis2_char_t *server, *server_cert, *key_file, *client_home;
729 axis2_char_t *ssl_passphrase, *username, *password;
730 axis2_endpoint_ref_t* endpoint_ref = NULL;
731 axis2_options_t *options = NULL;
732 axis2_transport_in_desc_t *transport_in;
733 axis2_transport_out_desc_t *transport_out;
734 axis2_transport_sender_t *transport_sender;
735 axutil_property_t* property;
736
737 /* Getting configuration parameters from strongswan.conf */
738 client_home = lib->settings->get_str(lib->settings,
739 "charon.plugins.tnc-ifmap.client_home",
740 AXIS2_GETENV("AXIS2C_HOME"));
741 server = lib->settings->get_str(lib->settings,
742 "charon.plugins.tnc-ifmap.server", IFMAP_SERVER);
743 server_cert = lib->settings->get_str(lib->settings,
744 "charon.plugins.tnc-ifmap.server_cert", NULL);
745 key_file = lib->settings->get_str(lib->settings,
746 "charon.plugins.tnc-ifmap.key_file", NULL);
747 ssl_passphrase = lib->settings->get_str(lib->settings,
748 "charon.plugins.tnc-ifmap.ssl_passphrase", NULL);
749 username = lib->settings->get_str(lib->settings,
750 "charon.plugins.tnc-ifmap.username", NULL);
751 password = lib->settings->get_str(lib->settings,
752 "charon.plugins.tnc-ifmap.password", NULL);
753
754 if (!server_cert)
755 {
756 DBG1(DBG_TNC, "MAP server certificate not defined");
757 return FALSE;
758 }
759
760 if (!key_file && (!username || !password))
761 {
762 DBG1(DBG_TNC, "MAP client keyfile or %s%s%s not defined",
763 (!username) ? "username" : "",
764 (!username && ! password) ? " and " : "",
765 (!password) ? "password" : "");
766 return FALSE;
767 }
768
769 /* Create Axis2/C environment and options */
770 this->env = axutil_env_create_all(IFMAP_LOGFILE, AXIS2_LOG_LEVEL_TRACE);
771 options = axis2_options_create(this->env);
772
773 /* Set path to the MAP server certificate */
774 property =axutil_property_create_with_args(this->env, 0, 0, 0,
775 server_cert);
776 axis2_options_set_property(options, this->env,
777 AXIS2_SSL_SERVER_CERT, property);
778
779 if (key_file)
780 {
781 /* Set path to the MAP client certificate */
782 property =axutil_property_create_with_args(this->env, 0, 0, 0,
783 key_file);
784 axis2_options_set_property(options, this->env,
785 AXIS2_SSL_KEY_FILE, property);
786 if (ssl_passphrase)
787 {
788 /* Provide SSL passphrase */
789 property =axutil_property_create_with_args(this->env, 0, 0, 0,
790 ssl_passphrase);
791 axis2_options_set_property(options, this->env,
792 AXIS2_SSL_PASSPHRASE, property);
793 }
794 }
795 else
796 {
797 /* Set up HTTP Basic MAP client authentication */
798 axis2_options_set_http_auth_info(options, this->env,
799 username, password, "Basic");
800 }
801
802 /* Define the MAP server as the to endpoint reference */
803 endpoint_ref = axis2_endpoint_ref_create(this->env, server);
804 axis2_options_set_to(options, this->env, endpoint_ref);
805
806 /* Set up https transport */
807 transport_in = axis2_transport_in_desc_create(this->env,
808 AXIS2_TRANSPORT_ENUM_HTTPS);
809 transport_out = axis2_transport_out_desc_create(this->env,
810 AXIS2_TRANSPORT_ENUM_HTTPS);
811 transport_sender = axis2_http_transport_sender_create(this->env);
812 axis2_transport_out_desc_set_sender(transport_out, this->env,
813 transport_sender);
814 axis2_options_set_transport_in(options, this->env, transport_in);
815 axis2_options_set_transport_out(options, this->env, transport_out);
816
817 /* Create the axis2 service client */
818 this->svc_client = axis2_svc_client_create(this->env, client_home);
819 if (!this->svc_client)
820 {
821 DBG1(DBG_TNC, "could not create axis2 service client");
822 AXIS2_LOG_ERROR(this->env->log, AXIS2_LOG_SI,
823 "Stub invoke FAILED: Error code: %d :: %s",
824 this->env->error->error_number,
825 AXIS2_ERROR_GET_MESSAGE(this->env->error));
826 destroy(this);
827 return FALSE;
828 }
829
830 axis2_svc_client_set_options(this->svc_client, this->env, options);
831 DBG1(DBG_TNC, "connecting as MAP client '%s' to MAP server at '%s'",
832 username, server);
833
834 return TRUE;
835 }
836
837 /**
838 * See header
839 */
840 tnc_ifmap_soap_t *tnc_ifmap_soap_create()
841 {
842 private_tnc_ifmap_soap_t *this;
843
844 INIT(this,
845 .public = {
846 .newSession = _newSession,
847 .purgePublisher = _purgePublisher,
848 .publish_ike_sa = _publish_ike_sa,
849 .publish_device_ip = _publish_device_ip,
850 .publish_enforcement_report = _publish_enforcement_report,
851 .endSession = _endSession,
852 .destroy = _destroy,
853 },
854 );
855
856 if (!axis2c_init(this))
857 {
858 destroy(this);
859 return NULL;
860 }
861
862 return &this->public;
863 }
864