projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
refactoring of tnc-ifmap plugin
[strongswan.git] / src / libcharon / plugins / tnc_ifmap / tnc_ifmap_soap.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap_soap.h"
17
18 #include <debug.h>
19
20 #include <axis2_util.h>
21 #include <axis2_client.h>
22 #include <axiom_soap.h>
23
24 #define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
25 #define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
26 #define IFMAP_LOGFILE "strongswan_ifmap.log"
27 #define IFMAP_SERVER "https://localhost:8443/"
28
29 typedef struct private_tnc_ifmap_soap_t private_tnc_ifmap_soap_t;
30
31 /**
32 * Private data of an tnc_ifmap_soap_t object.
33 */
34 struct private_tnc_ifmap_soap_t {
35
36 /**
37 * Public tnc_ifmap_soap_t interface.
38 */
39 tnc_ifmap_soap_t public;
40
41 /**
42 * Axis2/C environment
43 */
44 axutil_env_t *env;
45
46 /**
47 * Axis2 service client
48 */
49 axis2_svc_client_t* svc_client;
50
51 /**
52 * SOAP Session ID
53 */
54 char *session_id;
55
56 /**
57 * IF-MAP Publisher ID
58 */
59 char *ifmap_publisher_id;
60
61 /**
62 * PEP and PDP device name
63 */
64 char *device_name;
65
66 };
67
68 /**
69 * Send request and receive result via SOAP
70 */
71 static bool send_receive(private_tnc_ifmap_soap_t *this,
72 char *request_qname, axiom_node_t *request,
73 char *receipt_qname, axiom_node_t **result)
74
75 {
76 axiom_node_t *parent, *node;
77 axiom_element_t *el;
78 axutil_qname_t *qname;
79 bool success = FALSE;
80
81 /* send request and receive result */
82 DBG2(DBG_TNC, "sending ifmap %s", request_qname);
83
84 parent = axis2_svc_client_send_receive(this->svc_client, this->env, request);
85 if (!parent)
86 {
87 DBG1(DBG_TNC, "no ifmap %s received from MAP server", receipt_qname);
88 return FALSE;
89 }
90
91 /* pre-process result */
92 node = axiom_node_get_first_child(parent, this->env);
93 if (node && axiom_node_get_node_type(node, this->env) == AXIOM_ELEMENT)
94 {
95 el = (axiom_element_t *)axiom_node_get_data_element(node, this->env);
96
97 qname = axiom_element_get_qname(el, this->env, node);
98 success = streq(receipt_qname, axutil_qname_to_string(qname, this->env));
99 if (success)
100 {
101 DBG2(DBG_TNC, "received ifmap %s", receipt_qname);
102 if (result)
103 {
104 *result = parent;
105 }
106 else
107 {
108 /* no further processing requested */
109 axiom_node_free_tree(parent, this->env);
110 }
111 return TRUE;
112 }
113 /* TODO proper error handling */
114 DBG1(DBG_TNC, "%s", axiom_element_to_string(el, this->env, node));
115 }
116
117 /* free parent in the error case */
118 axiom_node_free_tree(parent, this->env);
119
120 return FALSE;
121 }
122
123 METHOD(tnc_ifmap_soap_t, newSession, bool,
124 private_tnc_ifmap_soap_t *this)
125 {
126 axiom_node_t *request, *result, *node;
127 axiom_element_t *el;
128 axiom_namespace_t *ns;
129 axis2_char_t *value;
130
131
132 /* build newSession request */
133 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
134 el = axiom_element_create(this->env, NULL, "newSession", ns, &request);
135
136 /* send newSession request and receive newSessionResult */
137 if (!send_receive(this, "newSession", request, "newSessionResult", &result))
138 {
139 return FALSE;
140 }
141
142 /* process newSessionResult */
143 node = axiom_node_get_first_child(result, this->env);
144 el = (axiom_element_t *)axiom_node_get_data_element(node, this->env);
145
146 /* get session-id */
147 value = axiom_element_get_attribute_value_by_name(el, this->env,
148 "session-id");
149 this->session_id = strdup(value);
150
151 /* get ifmap-publisher-id */
152 value = axiom_element_get_attribute_value_by_name(el, this->env,
153 "ifmap-publisher-id");
154 this->ifmap_publisher_id = strdup(value);
155
156 DBG1(DBG_TNC, "session-id: %s, ifmap-publisher-id: %s",
157 this->session_id, this->ifmap_publisher_id);
158
159 /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
160 this->device_name = lib->settings->get_str(lib->settings,
161 "charon.plugins.tnc-ifmap.device_name",
162 this->ifmap_publisher_id);
163 this->device_name = strdup(this->device_name);
164
165 /* free result */
166 axiom_node_free_tree(result, this->env);
167
168 return this->session_id && this->ifmap_publisher_id;
169 }
170
171 METHOD(tnc_ifmap_soap_t, purgePublisher, bool,
172 private_tnc_ifmap_soap_t *this)
173 {
174 axiom_node_t *request;
175 axiom_element_t *el;
176 axiom_namespace_t *ns;
177 axiom_attribute_t *attr;
178
179 /* build purgePublisher request */
180 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
181 el = axiom_element_create(this->env, NULL, "purgePublisher", ns, &request);
182 attr = axiom_attribute_create(this->env, "session-id",
183 this->session_id, NULL);
184 axiom_element_add_attribute(el, this->env, attr, request);
185 attr = axiom_attribute_create(this->env, "ifmap-publisher-id",
186 this->ifmap_publisher_id, NULL);
187 axiom_element_add_attribute(el, this->env, attr, request);
188
189 /* send purgePublisher request and receive purgePublisherReceived */
190 return send_receive(this, "purgePublisher", request,
191 "purgePublisherReceived", NULL);
192 }
193
194 /**
195 * Create an access-request based on device_name and ike_sa_id
196 */
197 static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this,
198 u_int32_t id)
199 {
200 axiom_element_t *el;
201 axiom_node_t *node;
202 axiom_attribute_t *attr;
203 char buf[BUF_LEN];
204
205 el = axiom_element_create(this->env, NULL, "access-request", NULL, &node);
206
207 snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id);
208 attr = axiom_attribute_create(this->env, "name", buf, NULL);
209 axiom_element_add_attribute(el, this->env, attr, node);
210
211 return node;
212 }
213
214 /**
215 * Create an identity
216 */
217 static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
218 identification_t *id)
219 {
220 axiom_element_t *el;
221 axiom_node_t *node;
222 axiom_attribute_t *attr;
223 char buf[BUF_LEN], *id_type;
224
225 el = axiom_element_create(this->env, NULL, "identity", NULL, &node);
226
227 snprintf(buf, BUF_LEN, "%Y", id);
228 attr = axiom_attribute_create(this->env, "name", buf, NULL);
229 axiom_element_add_attribute(el, this->env, attr, node);
230
231 switch (id->get_type(id))
232 {
233 case ID_FQDN:
234 id_type = "dns-name";
235 break;
236 case ID_RFC822_ADDR:
237 id_type = "email-address";
238 break;
239 case ID_DER_ASN1_DN:
240 id_type = "distinguished-name";
241 break;
242 default:
243 id_type = "other";
244 }
245 attr = axiom_attribute_create(this->env, "type", id_type, NULL);
246 axiom_element_add_attribute(el, this->env, attr, node);
247
248 return node;
249 }
250
251 /**
252 * Create an ip-address
253 */
254 static axiom_node_t* create_ip_address(private_tnc_ifmap_soap_t *this,
255 host_t *host)
256 {
257 axiom_element_t *el;
258 axiom_node_t *node;
259 axiom_attribute_t *attr;
260 char buf[BUF_LEN];
261
262 el = axiom_element_create(this->env, NULL, "ip-address", NULL, &node);
263
264 snprintf(buf, BUF_LEN, "%H", host);
265 attr = axiom_attribute_create(this->env, "value", buf, NULL);
266 axiom_element_add_attribute(el, this->env, attr, node);
267
268 attr = axiom_attribute_create(this->env, "type",
269 host->get_family(host) == AF_INET ? "IPv4" : "IPv6", NULL);
270 axiom_element_add_attribute(el, this->env, attr, node);
271
272 return node;
273 }
274
275 /**
276 * Create a device
277 */
278 static axiom_node_t* create_device(private_tnc_ifmap_soap_t *this)
279 {
280 axiom_element_t *el;
281 axiom_node_t *node, *node2, *node3;
282 axiom_text_t *text;
283
284 el = axiom_element_create(this->env, NULL, "device", NULL, &node);
285 el = axiom_element_create(this->env, NULL, "name", NULL, &node2);
286 axiom_node_add_child(node, this->env, node2);
287 text = axiom_text_create(this->env, node2, this->device_name, &node3);
288
289 return node;
290 }
291
292 /**
293 * Create metadata
294 */
295 static axiom_node_t* create_metadata(private_tnc_ifmap_soap_t *this,
296 char *metadata)
297 {
298 axiom_element_t *el;
299 axiom_node_t *node, *node2;
300 axiom_attribute_t *attr;
301 axiom_namespace_t *ns_meta;
302
303 el = axiom_element_create(this->env, NULL, "metadata", NULL, &node);
304 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
305
306 el = axiom_element_create(this->env, NULL, metadata, ns_meta, &node2);
307 axiom_node_add_child(node, this->env, node2);
308 attr = axiom_attribute_create(this->env, "ifmap-cardinality", "singleValue",
309 NULL);
310 axiom_element_add_attribute(el, this->env, attr, node2);
311
312 return node;
313 }
314
315 /**
316 * Create delete filter
317 */
318 static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this,
319 char *metadata)
320 {
321 axiom_element_t *el;
322 axiom_node_t *node;
323 axiom_attribute_t *attr;
324 char buf[BUF_LEN];
325
326 el = axiom_element_create(this->env, NULL, "delete", NULL, &node);
327
328 snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']",
329 metadata, this->ifmap_publisher_id);
330 attr = axiom_attribute_create(this->env, "filter", buf, NULL);
331 axiom_element_add_attribute(el, this->env, attr, node);
332
333 return node;
334 }
335
336 METHOD(tnc_ifmap_soap_t, publish, bool,
337 private_tnc_ifmap_soap_t *this, u_int32_t ike_sa_id, identification_t *id,
338 host_t *host, bool up)
339 {
340 axiom_node_t *request, *node;
341 axiom_element_t *el;
342 axiom_namespace_t *ns, *ns_meta;
343 axiom_attribute_t *attr;
344
345 /* build publish request */
346 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
347 el = axiom_element_create(this->env, NULL, "publish", ns, &request);
348 ns_meta = axiom_namespace_create(this->env, IFMAP_META_NS, "meta");
349 axiom_element_declare_namespace(el, this->env, request, ns_meta);
350 attr = axiom_attribute_create(this->env, "session-id", this->session_id,
351 NULL);
352 axiom_element_add_attribute(el, this->env, attr, request);
353
354 /**
355 * update or delete authenticated-as metadata
356 */
357 if (up)
358 {
359 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
360 }
361 else
362 {
363 node = create_delete_filter(this, "authenticated-as");
364 }
365 axiom_node_add_child(request, this->env, node);
366
367 /* add access-request, identity and [if up] metadata */
368 axiom_node_add_child(node, this->env,
369 create_access_request(this, ike_sa_id));
370 axiom_node_add_child(node, this->env,
371 create_identity(this, id));
372 if (up)
373 {
374 axiom_node_add_child(node, this->env,
375 create_metadata(this, "authenticated-as"));
376 }
377
378 /**
379 * update or delete access-request-ip metadata
380 */
381 if (up)
382 {
383 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
384 }
385 else
386 {
387 node = create_delete_filter(this, "access-request-ip");
388 }
389 axiom_node_add_child(request, this->env, node);
390
391 /* add access-request, ip-address and [if up] metadata */
392 axiom_node_add_child(node, this->env,
393 create_access_request(this, ike_sa_id));
394 axiom_node_add_child(node, this->env,
395 create_ip_address(this, host));
396 if (up)
397 {
398 axiom_node_add_child(node, this->env,
399 create_metadata(this, "access-request-ip"));
400 }
401
402 /**
403 * update or delete authenticated-by metadata
404 */
405 if (up)
406 {
407 el = axiom_element_create(this->env, NULL, "update", NULL, &node);
408 }
409 else
410 {
411 node = create_delete_filter(this, "authenticated-by");
412 }
413 axiom_node_add_child(request, this->env, node);
414
415 /* add access-request, device and [if up] metadata */
416 axiom_node_add_child(node, this->env,
417 create_access_request(this, ike_sa_id));
418 axiom_node_add_child(node, this->env,
419 create_device(this));
420 if (up)
421 {
422 axiom_node_add_child(node, this->env,
423 create_metadata(this, "authenticated-by"));
424 }
425
426 /* send publish request and receive publishReceived */
427 return send_receive(this, "publish", request, "publishReceived", NULL);
428 }
429
430 METHOD(tnc_ifmap_soap_t, endSession, bool,
431 private_tnc_ifmap_soap_t *this)
432 {
433 axiom_node_t *request;
434 axiom_element_t *el;
435 axiom_namespace_t *ns;
436 axiom_attribute_t *attr;
437
438 /* build endSession request */
439 ns = axiom_namespace_create(this->env, IFMAP_NS, "ifmap");
440 el = axiom_element_create(this->env, NULL, "endSession", ns, &request);
441 attr = axiom_attribute_create(this->env, "session-id", this->session_id, NULL);
442 axiom_element_add_attribute(el, this->env, attr, request);
443
444 /* send endSession request and receive end SessionResult */
445 return send_receive(this, "endSession", request, "endSessionResult", NULL);
446 }
447
448 METHOD(tnc_ifmap_soap_t, destroy, void,
449 private_tnc_ifmap_soap_t *this)
450 {
451 if (this->session_id)
452 {
453 endSession(this);
454 free(this->session_id);
455 free(this->ifmap_publisher_id);
456 free(this->device_name);
457 }
458 if (this->svc_client)
459 {
460 axis2_svc_client_free(this->svc_client, this->env);
461 }
462 if (this->env)
463 {
464 axutil_env_free(this->env);
465 }
466 free(this);
467 }
468
469 /**
470 * See header
471 */
472 tnc_ifmap_soap_t *tnc_ifmap_soap_create()
473 {
474 private_tnc_ifmap_soap_t *this;
475 axis2_char_t *server, *client_home, *username, *password, *auth_type;
476 axis2_endpoint_ref_t* endpoint_ref = NULL;
477 axis2_options_t *options = NULL;
478
479 client_home = lib->settings->get_str(lib->settings,
480 "charon.plugins.tnc-ifmap.client_home",
481 AXIS2_GETENV("AXIS2C_HOME"));
482 server = lib->settings->get_str(lib->settings,
483 "charon.plugins.tnc-ifmap.server", IFMAP_SERVER);
484 auth_type = lib->settings->get_str(lib->settings,
485 "charon.plugins.tnc-ifmap.auth_type", "Basic");
486 username = lib->settings->get_str(lib->settings,
487 "charon.plugins.tnc-ifmap.username", NULL);
488 password = lib->settings->get_str(lib->settings,
489 "charon.plugins.tnc-ifmap.password", NULL);
490
491 if (!username || !password)
492 {
493 DBG1(DBG_TNC, "MAP client %s%s%s not defined",
494 (!username) ? "username" : "",
495 (!username && ! password) ? " and " : "",
496 (!password) ? "password" : "");
497 return NULL;
498 }
499
500 INIT(this,
501 .public = {
502 .newSession = _newSession,
503 .purgePublisher = _purgePublisher,
504 .publish = _publish,
505 .endSession = _endSession,
506 .destroy = _destroy,
507 },
508 );
509
510 /* Create Axis2/C environment and options */
511 this->env = axutil_env_create_all(IFMAP_LOGFILE, AXIS2_LOG_LEVEL_TRACE);
512 options = axis2_options_create(this->env);
513
514 /* Define the IF-MAP server as the to endpoint reference */
515 endpoint_ref = axis2_endpoint_ref_create(this->env, server);
516 axis2_options_set_to(options, this->env, endpoint_ref);
517
518 /* Create the axis2 service client */
519 this->svc_client = axis2_svc_client_create(this->env, client_home);
520 if (!this->svc_client)
521 {
522 DBG1(DBG_TNC, "could not create axis2 service client");
523 AXIS2_LOG_ERROR(this->env->log, AXIS2_LOG_SI,
524 "Stub invoke FAILED: Error code: %d :: %s",
525 this->env->error->error_number,
526 AXIS2_ERROR_GET_MESSAGE(this->env->error));
527 destroy(this);
528 return NULL;
529 }
530
531 axis2_svc_client_set_options(this->svc_client, this->env, options);
532 axis2_options_set_http_auth_info(options, this->env, username, password,
533 auth_type);
534 DBG1(DBG_TNC, "connecting as MAP client '%s' to MAP server at '%s'",
535 username, server);
536
537 return &this->public;
538 }
539
strongSwan - IPsec VPN