projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use name from initialization to access settings in libcharon.
[strongswan.git] / src / libcharon / plugins / tnc_ifmap / tnc_ifmap_soap.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap_soap.h"
17
18 #include <debug.h>
19
20 #include <axis2_util.h>
21 #include <axis2_client.h>
22 #include <axis2_http_transport.h>
23 #include <axis2_http_transport_sender.h>
24 #include <axiom_soap.h>
25
26 #define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
27 #define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
28 #define IFMAP_LOGFILE "strongswan_ifmap.log"
29 #define IFMAP_SERVER "https://localhost:8443/"
30
31 typedef struct private_tnc_ifmap_soap_t private_tnc_ifmap_soap_t;
32
33 /**
34 * Private data of an tnc_ifmap_soap_t object.
35 */
36 struct private_tnc_ifmap_soap_t {
37
38 /**
39 * Public tnc_ifmap_soap_t interface.
40 */
41 tnc_ifmap_soap_t public;
42
43 /**
44 * Axis2/C environment
45 */
46 axutil_env_t *env;
47
48 /**
49 * Axis2 service client
50 */
51 axis2_svc_client_t* svc_client;
52
53 /**
54 * SOAP Session ID
55 */
56 char *session_id;
57
58 /**
59 * IF-MAP Publisher ID
60 */
61 char *ifmap_publisher_id;
62
63 /**
64 * PEP and PDP device name
65 */
66 char *device_name;
67
68 };
69
70 /**
71 * Send request and receive result via SOAP
72 */
73 static axiom_element_t* send_receive(private_tnc_ifmap_soap_t *this,
74 char *request_qname, axiom_node_t *request,
75 char *receipt_qname, axiom_node_t **result)
76
77 {
78 axiom_node_t *parent, *node;
79 axiom_element_t *parent_el, *el;
80 axutil_qname_t *qname;
81
82 /* send request and receive result */
83 DBG2(DBG_TNC, "sending ifmap %s", request_qname);
84
85 parent = axis2_svc_client_send_receive(this->svc_client, this->env, request);
86 if (!parent)
87 {
88 DBG1(DBG_TNC, "no ifmap %s received from MAP server", receipt_qname);
89 return NULL;
90 }
91 DBG2(DBG_TNC, "received ifmap %s", receipt_qname);
92
93 /* extract the parent element */
94 parent_el = (axiom_element_t*)axiom_node_get_data_element(parent, this->env);
95
96 /* look for a child node with the given receipt qname */
97 qname = axutil_qname_create_from_string(this->env, strdup(receipt_qname));
98 el = axiom_element_get_first_child_with_qname(parent_el, this->env, qname,
99 parent, &node);
100 axutil_qname_free(qname, this->env);
101
102 if (el)
103 {
104 if (result)
105 {
106 *result = parent;
107 }
108 else
109 {
110 /* no further processing requested */
111 axiom_node_free_tree(parent, this->env);
112 }
113 return el;
114 }
115 DBG1(DBG_TNC, "child node with qname '%s' not found", receipt_qname);
116
117 /* free parent in the error case */
118 axiom_node_free_tree(parent, this->env);
119
120 return NULL;
121 }
122
123 METHOD(tnc_ifmap_soap_t, newSession, bool,
124 private_tnc_ifmap_soap_t *this)
125 {
126 axiom_node_t *request, *result;
127 axiom_element_t *el;
128 axiom_namespace_t *ns;
129 axis2_char_t *value;
130
131
132 /* build newSession request */
133 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
134 el = axiom_element_create(this->env, NULL, "newSession", ns, &request);
135
136 /* send newSession request and receive newSessionResult */
137 el = send_receive(this, "newSession", request, "newSessionResult", &result);
138 if (!el)
139 {
140 return FALSE;
141 }
142
143 /* get session-id */
144 value = axiom_element_get_attribute_value_by_name(el, this->env,
145 "session-id");
146 this->session_id = strdup(value);
147
148 /* get ifmap-publisher-id */
149 value = axiom_element_get_attribute_value_by_name(el, this->env,
150 "ifmap-publisher-id");
151 this->ifmap_publisher_id = strdup(value);
152
153 DBG1(DBG_TNC, "session-id: %s, ifmap-publisher-id: %s",
154 this->session_id, this->ifmap_publisher_id);
155
156 /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
157 this->device_name = lib->settings->get_str(lib->settings,
158 "%s.plugins.tnc-ifmap.device_name",
159 this->ifmap_publisher_id, charon->name);
160 this->device_name = strdup(this->device_name);
161
162 /* free result */
163 axiom_node_free_tree(result, this->env);
164
165 return this->session_id && this->ifmap_publisher_id;
166 }
167
168 METHOD(tnc_ifmap_soap_t, purgePublisher, bool,
169 private_tnc_ifmap_soap_t *this)
170 {
171 axiom_node_t *request;
172 axiom_element_t *el;
173 axiom_namespace_t *ns;
174 axiom_attribute_t *attr;
175
176 /* build purgePublisher request */
177 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
178 el = axiom_element_create(this->env, NULL, "purgePublisher", ns, &request);
179 attr = axiom_attribute_create(this->env, "session-id",
180 this->session_id, NULL);
181 axiom_element_add_attribute(el, this->env, attr, request);
182 attr = axiom_attribute_create(this->env, "ifmap-publisher-id",
183 this->ifmap_publisher_id, NULL);
184 axiom_element_add_attribute(el, this->env, attr, request);
185
186 /* send purgePublisher request and receive purgePublisherReceived */
187 return send_receive(this, "purgePublisher", request,
188 "purgePublisherReceived", NULL);
189 }
190
191 /**
192 * Create an access-request based on device_name and ike_sa_id
193 */
194 static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this,
195 u_int32_t id)
196 {
197 axiom_element_t *el;
198 axiom_node_t *node;
199 axiom_attribute_t *attr;
200 char buf[BUF_LEN];
201
202 el = axiom_element_create(this->env, NULL, "access-request", NULL, &node);
203
204 snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id);
205 attr = axiom_attribute_create(this->env, "name", buf, NULL);
206 axiom_element_add_attribute(el, this->env, attr, node);
207
208 return node;
209 }
210
211 /**
212 * Create an identity
213 */
214 static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
215 identification_t *id, bool is_user)
216 {
217 axiom_element_t *el;
218 axiom_node_t *node;
219 axiom_attribute_t *attr;
220 char buf[BUF_LEN], *id_type;
221
222 el = axiom_element_create(this->env, NULL, "identity", NULL, &node);
223
224 snprintf(buf, BUF_LEN, "%Y", id);
225 attr = axiom_attribute_create(this->env, "name", buf, NULL);
226 axiom_element_add_attribute(el, this->env, attr, node);
227
228 switch (id->get_type(id))
229 {
230 case ID_IPV4_ADDR:
231 id_type = "other";
232 attr = axiom_attribute_create(this->env, "other-type-definition",
233 "36906:ipv4-address", NULL);
234 axiom_element_add_attribute(el, this->env, attr, node);
235 break;
236 case ID_FQDN:
237 id_type = is_user ? "username" : "dns-name";
238 break;
239 case ID_RFC822_ADDR:
240 id_type = "email-address";
241 break;
242 case ID_IPV6_ADDR:
243 id_type = "other";
244 attr = axiom_attribute_create(this->env, "other-type-definition",
245 "36906:ipv6-address", NULL);
246 axiom_element_add_attribute(el, this->env, attr, node);
247 break;
248 case ID_DER_ASN1_DN:
249 id_type = "distinguished-name";
250 break;
251 case ID_KEY_ID:
252 id_type = "other";
253 attr = axiom_attribute_create(this->env, "other-type-definition",
254 "36906:key-id", NULL);
255 axiom_element_add_attribute(el, this->env, attr, node);
256 break;
257 default:
258 id_type = "other";
259 attr = axiom_attribute_create(this->env, "other-type-definition",
260 "36906:other", NULL);
261 axiom_element_add_attribute(el, this->env, attr, node);
262 }
263 attr = axiom_attribute_create(this->env, "type", id_type, NULL);
264 axiom_element_add_attribute(el, this->env, attr, node);
265
266 return node;
267 }
268
269 /**
270 * Create an ip-address
271 */
272 static axiom_node_t* create_ip_address(private_tnc_ifmap_soap_t *this,
273 host_t *host)
274 {
275 axiom_element_t *el;
276 axiom_node_t *node;
277 axiom_attribute_t *attr;
278 char buf[BUF_LEN];
279
280 el = axiom_element_create(this->env, NULL, "ip-address", NULL, &node);
281
282 if (host->get_family(host) == AF_INET6)
283 {
284 chunk_t address;
285 int len, written, i;
286 char *pos;
287 bool first = TRUE;
288
289 /* output IPv6 address in canonical IF-MAP 2.0 format */
290 address = host->get_address(host);
291 pos = buf;
292 len = sizeof(buf);
293
294 for (i = 0; i < address.len; i = i + 2)
295 {
296 written = snprintf(pos, len, "%s%x", first ? "" : ":",
297 256*address.ptr[i] + address.ptr[i+1]);
298 if (written < 0 || written > len)
299 {
300 break;
301 }
302 pos += written;
303 len -= written;
304 first = FALSE;
305 }
306 }
307 else
308 {
309 snprintf(buf, BUF_LEN, "%H", host);
310 }
311 attr = axiom_attribute_create(this->env, "value", buf, NULL);
312 axiom_element_add_attribute(el, this->env, attr, node);
313
314 attr = axiom_attribute_create(this->env, "type",
315 host->get_family(host) == AF_INET ? "IPv4" : "IPv6", NULL);
316 axiom_element_add_attribute(el, this->env, attr, node);
317
318 return node;
319 }
320
321 /**
322 * Create a device
323 */
324 static axiom_node_t* create_device(private_tnc_ifmap_soap_t *this)
325 {
326 axiom_element_t *el;
327 axiom_node_t *node, *node2, *node3;
328 axiom_text_t *text;
329
330 el = axiom_element_create(this->env, NULL, "device", NULL, &node);
331 el = axiom_element_create(this->env, NULL, "name", NULL, &node2);
332 axiom_node_add_child(node, this->env, node2);
333 text = axiom_text_create(this->env, node2, this->device_name, &node3);
334
335 return node;
336 }
337
338 /**
339 * Create metadata
340 */
341 static axiom_node_t* create_metadata(private_tnc_ifmap_soap_t *this,
342 char *metadata)
343 {
344 axiom_element_t *el;
345 axiom_node_t *node, *node2;
346 axiom_attribute_t *attr;
347 axiom_namespace_t *ns_meta;
348
349 el = axiom_element_create(this->env, NULL, "metadata", NULL, &node);
350 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
351
352 el = axiom_element_create(this->env, NULL, metadata, ns_meta, &node2);
353 axiom_node_add_child(node, this->env, node2);
354 attr = axiom_attribute_create(this->env, "ifmap-cardinality", "singleValue",
355 NULL);
356 axiom_element_add_attribute(el, this->env, attr, node2);
357
358 return node;
359 }
360
361 /**
362 * Create capability metadata
363 */
364 static axiom_node_t* create_capability(private_tnc_ifmap_soap_t *this,
365 identification_t *name)
366 {
367 axiom_element_t *el;
368 axiom_node_t *node, *node2, *node3;
369 axiom_namespace_t *ns_meta;
370 axiom_attribute_t *attr;
371 axiom_text_t *text;
372 char buf[BUF_LEN];
373
374 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
375 el = axiom_element_create(this->env, NULL, "capability", ns_meta, &node);
376 attr = axiom_attribute_create(this->env, "ifmap-cardinality", "multiValue",
377 NULL);
378 axiom_element_add_attribute(el, this->env, attr, node);
379
380 el = axiom_element_create(this->env, NULL, "name", NULL, &node2);
381 axiom_node_add_child(node, this->env, node2);
382 snprintf(buf, BUF_LEN, "%Y", name);
383 text = axiom_text_create(this->env, node2, buf, &node3);
384
385 el = axiom_element_create(this->env, NULL, "administrative-domain", NULL, &node2);
386 axiom_node_add_child(node, this->env, node2);
387 text = axiom_text_create(this->env, node2, "strongswan", &node3);
388
389 return node;
390 }
391
392 /**
393 * Create enforcement-report metadata
394 */
395 static axiom_node_t* create_enforcement_report(private_tnc_ifmap_soap_t *this,
396 char *action, char *reason)
397 {
398 axiom_element_t *el;
399 axiom_node_t *node, *node2, *node3, *node4;
400 axiom_namespace_t *ns_meta;
401 axiom_attribute_t *attr;
402 axiom_text_t *text;
403
404 el = axiom_element_create(this->env, NULL, "metadata", NULL, &node);
405
406 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
407 el = axiom_element_create(this->env, NULL, "enforcement-report", ns_meta,
408 &node2);
409 attr = axiom_attribute_create(this->env, "ifmap-cardinality",
410 "multiValue", NULL);
411 axiom_element_add_attribute(el, this->env, attr, node2);
412 axiom_node_add_child(node, this->env, node2);
413
414 el = axiom_element_create(this->env, NULL, "enforcement-action", NULL,
415 &node3);
416 axiom_node_add_child(node2, this->env, node3);
417 text = axiom_text_create(this->env, node3, action, &node4);
418
419 el = axiom_element_create(this->env, NULL, "enforcement-reason", NULL,
420 &node3);
421 axiom_node_add_child(node2, this->env, node3);
422 text = axiom_text_create(this->env, node3, reason, &node4);
423
424 return node;
425 }
426
427 /**
428 * Create delete filter
429 */
430 static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this,
431 char *metadata)
432 {
433 axiom_element_t *el;
434 axiom_node_t *node;
435 axiom_attribute_t *attr;
436 char buf[BUF_LEN];
437
438 el = axiom_element_create(this->env, NULL, "delete", NULL, &node);
439
440 snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']",
441 metadata, this->ifmap_publisher_id);
442 attr = axiom_attribute_create(this->env, "filter", buf, NULL);
443 axiom_element_add_attribute(el, this->env, attr, node);
444
445 return node;
446 }
447
448 /**
449 * Create a publish request
450 */
451 static axiom_node_t* create_publish_request(private_tnc_ifmap_soap_t *this)
452 {
453 axiom_element_t *el;
454 axiom_node_t *request;
455 axiom_namespace_t *ns, *ns_meta;
456 axiom_attribute_t *attr;
457
458 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
459 el = axiom_element_create(this->env, NULL, "publish", ns, &request);
460 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
461 axiom_element_declare_namespace(el, this->env, request, ns_meta);
462 attr = axiom_attribute_create(this->env, "session-id", this->session_id,
463 NULL);
464 axiom_element_add_attribute(el, this->env, attr, request);
465
466 return request;
467 }
468
469 METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
470 private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool up)
471 {
472 axiom_node_t *request, *node, *node2;
473 axiom_element_t *el;
474
475 enumerator_t *e1, *e2;
476 auth_rule_t type;
477 identification_t *id, *eap_id, *group;
478 host_t *host;
479 auth_cfg_t *auth;
480 u_int32_t ike_sa_id;
481 bool is_user = FALSE, first = TRUE;
482
483 /* extract relevant data from IKE_SA*/
484 ike_sa_id = ike_sa->get_unique_id(ike_sa);
485 id = ike_sa->get_other_id(ike_sa);
486 eap_id = ike_sa->get_other_eap_id(ike_sa);
487 host = ike_sa->get_other_host(ike_sa);
488
489 /* in the presence of an EAP Identity, treat it as a username */
490 if (!id->equals(id, eap_id))
491 {
492 is_user = TRUE;
493 id = eap_id;
494 }
495
496 /* build publish request */
497 request = create_publish_request(this);
498
499 /* delete any existing enforcement reports */
500 if (up)
501 {
502 node = create_delete_filter(this, "enforcement-report");
503 axiom_node_add_child(request, this->env, node);
504 axiom_node_add_child(node, this->env,
505 create_ip_address(this, host));
506 axiom_node_add_child(node, this->env,
507 create_device(this));
508 }
509
510 /**
511 * update or delete authenticated-as metadata
512 */
513 if (up)
514 {
515 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
516 }
517 else
518 {
519 node = create_delete_filter(this, "authenticated-as");
520 }
521 axiom_node_add_child(request, this->env, node);
522
523 /* add access-request, identity and [if up] metadata */
524 axiom_node_add_child(node, this->env,
525 create_access_request(this, ike_sa_id));
526 axiom_node_add_child(node, this->env,
527 create_identity(this, id, is_user));
528 if (up)
529 {
530 axiom_node_add_child(node, this->env,
531 create_metadata(this, "authenticated-as"));
532 }
533
534 /**
535 * update or delete access-request-ip metadata
536 */
537 if (up)
538 {
539 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
540 }
541 else
542 {
543 node = create_delete_filter(this, "access-request-ip");
544 }
545 axiom_node_add_child(request, this->env, node);
546
547 /* add access-request, ip-address and [if up] metadata */
548 axiom_node_add_child(node, this->env,
549 create_access_request(this, ike_sa_id));
550 axiom_node_add_child(node, this->env,
551 create_ip_address(this, host));
552 if (up)
553 {
554 axiom_node_add_child(node, this->env,
555 create_metadata(this, "access-request-ip"));
556 }
557
558 /**
559 * update or delete authenticated-by metadata
560 */
561 if (up)
562 {
563 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
564 }
565 else
566 {
567 node = create_delete_filter(this, "authenticated-by");
568 }
569 axiom_node_add_child(request, this->env, node);
570
571 /* add access-request, device and [if up] metadata */
572 axiom_node_add_child(node, this->env,
573 create_access_request(this, ike_sa_id));
574 axiom_node_add_child(node, this->env,
575 create_device(this));
576 if (up)
577 {
578 axiom_node_add_child(node, this->env,
579 create_metadata(this, "authenticated-by"));
580 }
581
582 /**
583 * update or delete capability metadata
584 */
585 e1 = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
586 while (e1->enumerate(e1, &auth))
587 {
588 e2 = auth->create_enumerator(auth);
589 while (e2->enumerate(e2, &type, &group))
590 {
591 /* look for group memberships */
592 if (type == AUTH_RULE_GROUP)
593 {
594 if (first)
595 {
596 first = FALSE;
597
598 if (up)
599 {
600 el = axiom_element_create(this->env, NULL, "update",
601 NULL, &node);
602 }
603 else
604 {
605 node = create_delete_filter(this, "capability");
606 }
607 axiom_node_add_child(request, this->env, node);
608
609 /* add access-request */
610 axiom_node_add_child(node, this->env,
611 create_access_request(this, ike_sa_id));
612 if (!up)
613 {
614 break;
615 }
616 el = axiom_element_create(this->env, NULL, "metadata", NULL,
617 &node2);
618 axiom_node_add_child(node, this->env, node2);
619 }
620 axiom_node_add_child(node2, this->env,
621 create_capability(this, group));
622 }
623 if (!first && !up)
624 {
625 break;
626 }
627 }
628 e2->destroy(e2);
629 }
630 e1->destroy(e1);
631
632 /* send publish request and receive publishReceived */
633 return send_receive(this, "publish", request, "publishReceived", NULL);
634 }
635
636 METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
637 private_tnc_ifmap_soap_t *this, host_t *host)
638 {
639 axiom_node_t *request, *node;
640 axiom_element_t *el;
641
642 /* build publish update request */
643 request = create_publish_request(this);
644 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
645 axiom_node_add_child(request, this->env, node);
646
647 /* add device, ip-address and metadata */
648 axiom_node_add_child(node, this->env,
649 create_device(this));
650 axiom_node_add_child(node, this->env,
651 create_ip_address(this, host));
652 axiom_node_add_child(node, this->env,
653 create_metadata(this, "device-ip"));
654
655 /* send publish request and receive publishReceived */
656 return send_receive(this, "publish", request, "publishReceived", NULL);
657 }
658
659 METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool,
660 private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason)
661 {
662 axiom_node_t *request, *node;
663 axiom_element_t *el;
664
665 /* build publish update request */
666 request = create_publish_request(this);
667 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
668 axiom_node_add_child(request, this->env, node);
669
670 /* add ip-address and metadata */
671 axiom_node_add_child(node, this->env,
672 create_ip_address(this, host));
673 axiom_node_add_child(node, this->env,
674 create_device(this));
675 axiom_node_add_child(node, this->env,
676 create_enforcement_report(this, action, reason));
677
678 /* send publish request and receive publishReceived */
679 return send_receive(this, "publish", request, "publishReceived", NULL);
680 }
681
682 METHOD(tnc_ifmap_soap_t, endSession, bool,
683 private_tnc_ifmap_soap_t *this)
684 {
685 axiom_node_t *request;
686 axiom_element_t *el;
687 axiom_namespace_t *ns;
688 axiom_attribute_t *attr;
689
690 /* build endSession request */
691 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
692 el = axiom_element_create(this->env, NULL, "endSession", ns, &request);
693 attr = axiom_attribute_create(this->env, "session-id", this->session_id, NULL);
694 axiom_element_add_attribute(el, this->env, attr, request);
695
696 /* send endSession request and receive end SessionResult */
697 return send_receive(this, "endSession", request, "endSessionResult", NULL);
698 }
699
700 METHOD(tnc_ifmap_soap_t, destroy, void,
701 private_tnc_ifmap_soap_t *this)
702 {
703 if (this->session_id)
704 {
705 endSession(this);
706 free(this->session_id);
707 free(this->ifmap_publisher_id);
708 free(this->device_name);
709 }
710 if (this->svc_client)
711 {
712 axis2_svc_client_free(this->svc_client, this->env);
713 }
714 if (this->env)
715 {
716 axutil_env_free(this->env);
717 }
718 free(this);
719 }
720
721 static bool axis2c_init(private_tnc_ifmap_soap_t *this)
722 {
723 axis2_char_t *server, *server_cert, *key_file, *client_home;
724 axis2_char_t *ssl_passphrase, *username, *password;
725 axis2_endpoint_ref_t* endpoint_ref = NULL;
726 axis2_options_t *options = NULL;
727 axis2_transport_in_desc_t *transport_in;
728 axis2_transport_out_desc_t *transport_out;
729 axis2_transport_sender_t *transport_sender;
730 axutil_property_t* property;
731
732 /* Getting configuration parameters from strongswan.conf */
733 client_home = lib->settings->get_str(lib->settings,
734 "%s.plugins.tnc-ifmap.client_home",
735 AXIS2_GETENV("AXIS2C_HOME"), charon->name);
736 server = lib->settings->get_str(lib->settings,
737 "%s.plugins.tnc-ifmap.server", IFMAP_SERVER, charon->name);
738 server_cert = lib->settings->get_str(lib->settings,
739 "%s.plugins.tnc-ifmap.server_cert", NULL, charon->name);
740 key_file = lib->settings->get_str(lib->settings,
741 "%s.plugins.tnc-ifmap.key_file", NULL, charon->name);
742 ssl_passphrase = lib->settings->get_str(lib->settings,
743 "%s.plugins.tnc-ifmap.ssl_passphrase", NULL, charon->name);
744 username = lib->settings->get_str(lib->settings,
745 "%s.plugins.tnc-ifmap.username", NULL, charon->name);
746 password = lib->settings->get_str(lib->settings,
747 "%s.plugins.tnc-ifmap.password", NULL, charon->name);
748
749 if (!server_cert)
750 {
751 DBG1(DBG_TNC, "MAP server certificate not defined");
752 return FALSE;
753 }
754
755 if (!key_file && (!username || !password))
756 {
757 DBG1(DBG_TNC, "MAP client keyfile or %s%s%s not defined",
758 (!username) ? "username" : "",
759 (!username && ! password) ? " and " : "",
760 (!password) ? "password" : "");
761 return FALSE;
762 }
763
764 /* Create Axis2/C environment and options */
765 this->env = axutil_env_create_all(IFMAP_LOGFILE, AXIS2_LOG_LEVEL_TRACE);
766 options = axis2_options_create(this->env);
767
768 /* Set path to the MAP server certificate */
769 property =axutil_property_create_with_args(this->env, 0, 0, 0,
770 server_cert);
771 axis2_options_set_property(options, this->env,
772 AXIS2_SSL_SERVER_CERT, property);
773
774 if (key_file)
775 {
776 /* Set path to the MAP client certificate */
777 property =axutil_property_create_with_args(this->env, 0, 0, 0,
778 key_file);
779 axis2_options_set_property(options, this->env,
780 AXIS2_SSL_KEY_FILE, property);
781 if (ssl_passphrase)
782 {
783 /* Provide SSL passphrase */
784 property =axutil_property_create_with_args(this->env, 0, 0, 0,
785 ssl_passphrase);
786 axis2_options_set_property(options, this->env,
787 AXIS2_SSL_PASSPHRASE, property);
788 }
789 }
790 else
791 {
792 /* Set up HTTP Basic MAP client authentication */
793 axis2_options_set_http_auth_info(options, this->env,
794 username, password, "Basic");
795 }
796
797 /* Define the MAP server as the to endpoint reference */
798 endpoint_ref = axis2_endpoint_ref_create(this->env, server);
799 axis2_options_set_to(options, this->env, endpoint_ref);
800
801 /* Set up https transport */
802 transport_in = axis2_transport_in_desc_create(this->env,
803 AXIS2_TRANSPORT_ENUM_HTTPS);
804 transport_out = axis2_transport_out_desc_create(this->env,
805 AXIS2_TRANSPORT_ENUM_HTTPS);
806 transport_sender = axis2_http_transport_sender_create(this->env);
807 axis2_transport_out_desc_set_sender(transport_out, this->env,
808 transport_sender);
809 axis2_options_set_transport_in(options, this->env, transport_in);
810 axis2_options_set_transport_out(options, this->env, transport_out);
811
812 /* Create the axis2 service client */
813 this->svc_client = axis2_svc_client_create(this->env, client_home);
814 if (!this->svc_client)
815 {
816 DBG1(DBG_TNC, "could not create axis2 service client");
817 AXIS2_LOG_ERROR(this->env->log, AXIS2_LOG_SI,
818 "Stub invoke FAILED: Error code: %d :: %s",
819 this->env->error->error_number,
820 AXIS2_ERROR_GET_MESSAGE(this->env->error));
821 destroy(this);
822 return FALSE;
823 }
824
825 axis2_svc_client_set_options(this->svc_client, this->env, options);
826 DBG1(DBG_TNC, "connecting as MAP client '%s' to MAP server at '%s'",
827 username, server);
828
829 return TRUE;
830 }
831
832 /**
833 * See header
834 */
835 tnc_ifmap_soap_t *tnc_ifmap_soap_create()
836 {
837 private_tnc_ifmap_soap_t *this;
838
839 INIT(this,
840 .public = {
841 .newSession = _newSession,
842 .purgePublisher = _purgePublisher,
843 .publish_ike_sa = _publish_ike_sa,
844 .publish_device_ip = _publish_device_ip,
845 .publish_enforcement_report = _publish_enforcement_report,
846 .endSession = _endSession,
847 .destroy = _destroy,
848 },
849 );
850
851 if (!axis2c_init(this))
852 {
853 destroy(this);
854 return NULL;
855 }
856
857 return &this->public;
858 }
859
strongSwan - IPsec VPN