projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
implemented http basic authentication
[strongswan.git] / src / libcharon / plugins / tnc_ifmap2 / tnc_ifmap2_soap.c
1 /*
2 * Copyright (C) 2011-2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "tnc_ifmap2_soap.h"
17 #include "tnc_ifmap2_soap_msg.h"
18
19 #include <utils/debug.h>
20 #include <credentials/sets/mem_cred.h>
21 #include <daemon.h>
22
23 #include <tls_socket.h>
24
25 #include <errno.h>
26 #include <unistd.h>
27 #include <sys/types.h>
28 #include <sys/socket.h>
29
30 #define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
31 #define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
32 #define IFMAP_URI "https://localhost:8444/imap"
33 #define IFMAP_NO_FD -1
34
35 typedef struct private_tnc_ifmap2_soap_t private_tnc_ifmap2_soap_t;
36
37 /**
38 * Private data of an tnc_ifmap2_soap_t object.
39 */
40 struct private_tnc_ifmap2_soap_t {
41
42 /**
43 * Public tnc_ifmap2_soap_t interface.
44 */
45 tnc_ifmap2_soap_t public;
46
47 /**
48 * SOAP Session ID
49 */
50 xmlChar *session_id;
51
52 /**
53 * IF-MAP Publisher ID
54 */
55 xmlChar *ifmap_publisher_id;
56
57 /**
58 * IF-MAP namespace
59 */
60 xmlNsPtr ns;
61
62 /**
63 * IF-MAP metadata namespace
64 */
65 xmlNsPtr ns_meta;
66
67 /**
68 * PEP and PDP device name
69 */
70 char *device_name;
71
72 /**
73 * HTTPS Server URI with https:// prefix removed
74 */
75 char *uri;
76
77 /**
78 * Optional base64-encoded username:password for HTTP Basic Authentication
79 */
80 chunk_t user_pass;
81
82 /**
83 * IF-MAP Server (IP address and port)
84 */
85 host_t *host;
86
87 /**
88 * TLS socket
89 */
90 tls_socket_t *tls;
91
92 /**
93 * File descriptor for secure TCP socket
94 */
95 int fd;
96
97 /**
98 * In memory credential set
99 */
100 mem_cred_t *creds;
101
102 };
103
104 METHOD(tnc_ifmap2_soap_t, newSession, bool,
105 private_tnc_ifmap2_soap_t *this)
106 {
107 tnc_ifmap2_soap_msg_t *soap_msg;
108 xmlNodePtr request, result;
109
110 /*build newSession request */
111 request = xmlNewNode(NULL, "newSession");
112 this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
113 xmlSetNs(request, this->ns);
114
115 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
116 if (!soap_msg->post(soap_msg, request, "newSessionResult", &result))
117 {
118 soap_msg->destroy(soap_msg);
119 return FALSE;
120 }
121
122 /* get session-id and ifmap-publisher-id properties */
123 this->session_id = xmlGetProp(result, "session-id");
124 this->ifmap_publisher_id = xmlGetProp(result, "ifmap-publisher-id");
125 soap_msg->destroy(soap_msg);
126
127 DBG1(DBG_TNC, "session-id: %s, ifmap-publisher-id: %s",
128 this->session_id, this->ifmap_publisher_id);
129
130 /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */
131 this->device_name = lib->settings->get_str(lib->settings,
132 "%s.plugins.tnc-ifmap2.device_name",
133 this->ifmap_publisher_id, charon->name);
134 this->device_name = strdup(this->device_name);
135
136 return this->session_id && this->ifmap_publisher_id;
137 }
138
139 METHOD(tnc_ifmap2_soap_t, purgePublisher, bool,
140 private_tnc_ifmap2_soap_t *this)
141 {
142 tnc_ifmap2_soap_msg_t *soap_msg;
143 xmlNodePtr request;
144 bool success;
145
146 /* build purgePublisher request */
147 request = xmlNewNode(NULL, "purgePublisher");
148 this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
149 xmlSetNs(request, this->ns);
150 xmlNewProp(request, "session-id", this->session_id);
151 xmlNewProp(request, "ifmap-publisher-id", this->ifmap_publisher_id);
152
153 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
154 success = soap_msg->post(soap_msg, request, "purgePublisherReceived", NULL);
155 soap_msg->destroy(soap_msg);
156
157 return success;
158 }
159
160 /**
161 * Create an access-request based on device_name and ike_sa_id
162 */
163 static xmlNodePtr create_access_request(private_tnc_ifmap2_soap_t *this,
164 u_int32_t id)
165 {
166 xmlNodePtr node;
167 char buf[BUF_LEN];
168
169 node = xmlNewNode(NULL, "access-request");
170
171 snprintf(buf, BUF_LEN, "%s:%d", this->device_name, id);
172 xmlNewProp(node, "name", buf);
173
174 return node;
175 }
176
177 /**
178 * Create an identity
179 */
180 static xmlNodePtr create_identity(private_tnc_ifmap2_soap_t *this,
181 identification_t *id, bool is_user)
182 {
183 xmlNodePtr node;
184 char buf[BUF_LEN], *id_type;
185
186 node = xmlNewNode(NULL, "identity");
187
188 snprintf(buf, BUF_LEN, "%Y", id);
189 xmlNewProp(node, "name", buf);
190
191 switch (id->get_type(id))
192 {
193 case ID_IPV4_ADDR:
194 id_type = "other";
195 xmlNewProp(node, "other-type-definition", "36906:ipv4-address");
196 break;
197 case ID_FQDN:
198 id_type = is_user ? "username" : "dns-name";
199 break;
200 case ID_RFC822_ADDR:
201 id_type = "email-address";
202 break;
203 case ID_IPV6_ADDR:
204 id_type = "other";
205 xmlNewProp(node, "other-type-definition", "36906:ipv6-address");
206 break;
207 case ID_DER_ASN1_DN:
208 id_type = "distinguished-name";
209 break;
210 case ID_KEY_ID:
211 id_type = "other";
212 xmlNewProp(node, "other-type-definition", "36906:key-id");
213 break;
214 default:
215 id_type = "other";
216 xmlNewProp(node, "other-type-definition", "36906:other");
217 }
218 xmlNewProp(node, "type", id_type);
219
220 return node;
221 }
222
223 /**
224 * Create enforcement-report metadata
225 */
226 static xmlNodePtr create_enforcement_report(private_tnc_ifmap2_soap_t *this,
227 xmlChar *action, xmlChar *reason)
228 {
229 xmlNodePtr node, node2, node3;
230
231 node = xmlNewNode(NULL, "metadata");
232 node2 = xmlNewNode(this->ns_meta, "enforcement-report");
233 xmlAddChild(node, node2);
234 xmlNewProp(node2, "ifmap-cardinality", "multiValue");
235
236 node3 = xmlNewNode(NULL, "enforcement-action");
237 xmlAddChild(node2, node3);
238 xmlNodeAddContent(node3, action);
239
240 node3 = xmlNewNode(NULL, "enforcement-reason");
241 xmlAddChild(node2, node3);
242 xmlNodeAddContent(node3, reason);
243
244 return node;
245 }
246
247 /**
248 * Create delete filter
249 */
250 static xmlNodePtr create_delete_filter(private_tnc_ifmap2_soap_t *this,
251 char *metadata)
252 {
253 xmlNodePtr node;
254 char buf[BUF_LEN];
255
256 node = xmlNewNode(NULL, "delete");
257
258 snprintf(buf, BUF_LEN, "meta:%s[@ifmap-publisher-id='%s']",
259 metadata, this->ifmap_publisher_id);
260 xmlNewProp(node, "filter", buf);
261
262 return node;
263 }
264
265 /**
266 * Create a publish request
267 */
268 static xmlNodePtr create_publish_request(private_tnc_ifmap2_soap_t *this)
269 {
270 xmlNodePtr request;
271
272 request = xmlNewNode(NULL, "publish");
273 this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
274 xmlSetNs(request, this->ns);
275 this->ns_meta = xmlNewNs(request, IFMAP_META_NS, "meta");
276 xmlNewProp(request, "session-id", this->session_id);
277
278 return request;
279 }
280
281 /**
282 * Create a device
283 */
284 static xmlNodePtr create_device(private_tnc_ifmap2_soap_t *this)
285 {
286 xmlNodePtr node, node2;
287
288 node = xmlNewNode(NULL, "device");
289 node2 = xmlNewNode(NULL, "name");
290 xmlAddChild(node, node2);
291 xmlNodeAddContent(node2, this->device_name);
292
293 return node;
294 }
295
296 /**
297 * Create an ip-address
298 */
299 static xmlNodePtr create_ip_address(private_tnc_ifmap2_soap_t *this,
300 host_t *host)
301 {
302 xmlNodePtr node;
303 char buf[BUF_LEN];
304
305 node = xmlNewNode(NULL, "ip-address");
306
307 if (host->get_family(host) == AF_INET6)
308 {
309 chunk_t address;
310 int len, written, i;
311 char *pos;
312 bool first = TRUE;
313
314 /* output IPv6 address in canonical IF-MAP 2.0 format */
315 address = host->get_address(host);
316 pos = buf;
317 len = sizeof(buf);
318
319 for (i = 0; i < address.len; i = i + 2)
320 {
321 written = snprintf(pos, len, "%s%x", first ? "" : ":",
322 256*address.ptr[i] + address.ptr[i+1]);
323 if (written < 0 || written >= len)
324 {
325 break;
326 }
327 pos += written;
328 len -= written;
329 first = FALSE;
330 }
331 }
332 else
333 {
334 snprintf(buf, BUF_LEN, "%H", host);
335 }
336
337 xmlNewProp(node, "value", buf);
338 xmlNewProp(node, "type", host->get_family(host) == AF_INET ? "IPv4" : "IPv6");
339
340 return node;
341 }
342
343 /**
344 * Create metadata
345 */
346 static xmlNodePtr create_metadata(private_tnc_ifmap2_soap_t *this,
347 xmlChar *metadata)
348 {
349 xmlNodePtr node, node2;
350
351 node = xmlNewNode(NULL, "metadata");
352 node2 = xmlNewNode(this->ns_meta, metadata);
353 xmlAddChild(node, node2);
354 xmlNewProp(node2, "ifmap-cardinality", "singleValue");
355
356 return node;
357 }
358
359 /**
360 * Create capability metadata
361 */
362 static xmlNodePtr create_capability(private_tnc_ifmap2_soap_t *this,
363 identification_t *name)
364 {
365 xmlNodePtr node, node2;
366 char buf[BUF_LEN];
367
368 node = xmlNewNode(this->ns_meta, "capability");
369 xmlNewProp(node, "ifmap-cardinality", "multiValue");
370
371 node2 = xmlNewNode(NULL, "name");
372 xmlAddChild(node, node2);
373 snprintf(buf, BUF_LEN, "%Y", name);
374 xmlNodeAddContent(node2, this->device_name);
375
376 node2 = xmlNewNode(NULL, "administrative-domain");
377 xmlNodeAddContent(node2, "strongswan");
378
379 return node;
380 }
381
382 METHOD(tnc_ifmap2_soap_t, publish_ike_sa, bool,
383 private_tnc_ifmap2_soap_t *this, ike_sa_t *ike_sa, bool up)
384 {
385 tnc_ifmap2_soap_msg_t *soap_msg;
386 xmlNodePtr request, node, node2 = NULL;
387 enumerator_t *e1, *e2;
388 auth_rule_t type;
389 identification_t *id, *eap_id, *group;
390 host_t *host;
391 auth_cfg_t *auth;
392 u_int32_t ike_sa_id;
393 bool is_user = FALSE, first = TRUE, success;
394
395 /* extract relevant data from IKE_SA*/
396 ike_sa_id = ike_sa->get_unique_id(ike_sa);
397 id = ike_sa->get_other_id(ike_sa);
398 eap_id = ike_sa->get_other_eap_id(ike_sa);
399 host = ike_sa->get_other_host(ike_sa);
400
401 /* in the presence of an EAP Identity, treat it as a username */
402 if (!id->equals(id, eap_id))
403 {
404 is_user = TRUE;
405 id = eap_id;
406 }
407
408 /* build publish request */
409 request = create_publish_request(this);
410
411 /* delete any existing enforcement reports */
412 if (up)
413 {
414 node = create_delete_filter(this, "enforcement-report");
415 xmlAddChild(request, node);
416 xmlAddChild(node, create_ip_address(this, host));
417 xmlAddChild(node, create_device(this));
418 }
419
420 /**
421 * update or delete authenticated-as metadata
422 */
423 if (up)
424 {
425 node = xmlNewNode(NULL, "update");
426 }
427 else
428 {
429 node = create_delete_filter(this, "authenticated-as");
430 }
431 xmlAddChild(request, node);
432
433 /* add access-request, identity and [if up] metadata */
434 xmlAddChild(node, create_access_request(this, ike_sa_id));
435 xmlAddChild(node, create_identity(this, id, is_user));
436 if (up)
437 {
438 xmlAddChild(node, create_metadata(this, "authenticated-as"));
439 }
440
441 /**
442 * update or delete access-request-ip metadata
443 */
444 if (up)
445 {
446 node = xmlNewNode(NULL, "update");
447 }
448 else
449 {
450 node = create_delete_filter(this, "access-request-ip");
451 }
452 xmlAddChild(request, node);
453
454 /* add access-request, ip-address and [if up] metadata */
455 xmlAddChild(node, create_access_request(this, ike_sa_id));
456 xmlAddChild(node, create_ip_address(this, host));
457 if (up)
458 {
459 xmlAddChild(node, create_metadata(this, "access-request-ip"));
460 }
461
462 /**
463 * update or delete authenticated-by metadata
464 */
465 if (up)
466 {
467 node = xmlNewNode(NULL, "update");
468 }
469 else
470 {
471 node = create_delete_filter(this, "authenticated-by");
472 }
473 xmlAddChild(request, node);
474
475 /* add access-request, device and [if up] metadata */
476 xmlAddChild(node, create_access_request(this, ike_sa_id));
477 xmlAddChild(node, create_device(this));
478 if (up)
479 {
480 xmlAddChild(node, create_metadata(this, "authenticated-by"));
481 }
482
483 /**
484 * update or delete capability metadata
485 */
486 e1 = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
487 while (e1->enumerate(e1, &auth) && (first || up))
488 {
489 e2 = auth->create_enumerator(auth);
490 while (e2->enumerate(e2, &type, &group))
491 {
492 /* look for group memberships */
493 if (type == AUTH_RULE_GROUP)
494 {
495 if (first)
496 {
497 first = FALSE;
498
499 if (up)
500 {
501 node = xmlNewNode(NULL, "update");
502 }
503 else
504 {
505 node = create_delete_filter(this, "capability");
506 }
507 xmlAddChild(request, node);
508
509 /* add access-request */
510 xmlAddChild(node, create_access_request(this, ike_sa_id));
511 if (!up)
512 {
513 break;
514 }
515 node2 = xmlNewNode(NULL, "metadata");
516 xmlAddChild(node, node2);
517 }
518 xmlAddChild(node2, create_capability(this, group));
519 }
520 }
521 e2->destroy(e2);
522 }
523 e1->destroy(e1);
524
525 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
526 success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
527 soap_msg->destroy(soap_msg);
528
529 return success;
530 }
531
532 METHOD(tnc_ifmap2_soap_t, publish_device_ip, bool,
533 private_tnc_ifmap2_soap_t *this, host_t *host)
534 {
535 tnc_ifmap2_soap_msg_t *soap_msg;
536 xmlNodePtr request, update;
537 bool success;
538
539 /* build publish update request */
540 request = create_publish_request(this);
541 update = xmlNewNode(NULL, "update");
542 xmlAddChild(request, update);
543
544 /* add device, ip-address and metadata */
545 xmlAddChild(update, create_device(this));
546 xmlAddChild(update, create_ip_address(this, host));
547 xmlAddChild(update, create_metadata(this, "device-ip"));
548
549 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
550 success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
551 soap_msg->destroy(soap_msg);
552
553 return success;
554 }
555
556 METHOD(tnc_ifmap2_soap_t, publish_enforcement_report, bool,
557 private_tnc_ifmap2_soap_t *this, host_t *host, char *action, char *reason)
558 {
559 tnc_ifmap2_soap_msg_t *soap_msg;
560 xmlNodePtr request, update;
561 bool success;
562
563 /* build publish update request */
564 request = create_publish_request(this);
565 update = xmlNewNode(NULL, "update");
566 xmlAddChild(request, update);
567
568 /* add ip-address and metadata */
569 xmlAddChild(update, create_ip_address(this, host));
570 xmlAddChild(update, create_device(this));
571 xmlAddChild(update, create_enforcement_report(this, action, reason));
572
573 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
574 success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
575 soap_msg->destroy(soap_msg);
576
577 return success;
578 }
579
580 METHOD(tnc_ifmap2_soap_t, endSession, bool,
581 private_tnc_ifmap2_soap_t *this)
582 {
583 tnc_ifmap2_soap_msg_t *soap_msg;
584 xmlNodePtr request;
585 bool success;
586
587 /* build endSession request */
588 request = xmlNewNode(NULL, "endSession");
589 this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
590 xmlSetNs(request, this->ns);
591 xmlNewProp(request, "session-id", this->session_id);
592
593 soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->user_pass, this->tls);
594 success = soap_msg->post(soap_msg, request, "endSessionResult", NULL);
595 soap_msg->destroy(soap_msg);
596
597 return success;
598 }
599
600 METHOD(tnc_ifmap2_soap_t, destroy, void,
601 private_tnc_ifmap2_soap_t *this)
602 {
603 if (this->session_id)
604 {
605 endSession(this);
606 xmlFree(this->session_id);
607 xmlFree(this->ifmap_publisher_id);
608 free(this->device_name);
609 }
610 DESTROY_IF(this->tls);
611 DESTROY_IF(this->host);
612
613 if (this->fd != IFMAP_NO_FD)
614 {
615 close(this->fd);
616 }
617 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
618 this->creds->destroy(this->creds);
619 free(this->user_pass.ptr);
620 free(this);
621 }
622
623 static bool soap_init(private_tnc_ifmap2_soap_t *this)
624 {
625 char *server_uri, *server_str, *port_str, *uri_str;
626 char *server_cert, *client_cert, *client_key, *user_pass;
627 int port;
628 certificate_t *cert;
629 private_key_t *key;
630 identification_t *server_id, *client_id = NULL;
631
632 /* getting configuration parameters from strongswan.conf */
633 server_uri = lib->settings->get_str(lib->settings,
634 "%s.plugins.tnc-ifmap2.server_uri", IFMAP_URI, charon->name);
635 server_cert = lib->settings->get_str(lib->settings,
636 "%s.plugins.tnc-ifmap2.server_cert", NULL, charon->name);
637 client_cert = lib->settings->get_str(lib->settings,
638 "%s.plugins.tnc-ifmap2.client_cert", NULL, charon->name);
639 client_key = lib->settings->get_str(lib->settings,
640 "%s.plugins.tnc-ifmap2.client_key", NULL, charon->name);
641 user_pass = lib->settings->get_str(lib->settings,
642 "%s.plugins.tnc-ifmap2.username_password", NULL, charon->name);
643
644 /* load [self-signed] MAP server certificate */
645 if (!server_cert)
646 {
647 DBG1(DBG_TNC, "MAP server certificate not defined");
648 return FALSE;
649 }
650 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
651 BUILD_FROM_FILE, server_cert, BUILD_END);
652 if (!cert)
653 {
654 DBG1(DBG_TNC, "loading MAP server certificate from '%s' failed",
655 server_cert);
656 return FALSE;
657 }
658 DBG1(DBG_TNC, "loaded MAP server certificate from '%s'", server_cert);
659 server_id = cert->get_subject(cert);
660 this->creds->add_cert(this->creds, TRUE, cert);
661
662 /* check availability of client credentials */
663 if (!((client_cert && client_key) || user_pass))
664 {
665 DBG1(DBG_TNC, "neither MAP client certificate and private key "
666 "nor username:password defined");
667 return FALSE;
668 }
669
670 if (client_cert)
671 {
672 /* load MAP client certificate */
673 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
674 BUILD_FROM_FILE, client_cert, BUILD_END);
675 if (!cert)
676 {
677 DBG1(DBG_TNC, "loading MAP client certificate from '%s' failed",
678 client_cert);
679 return FALSE;
680 }
681 DBG1(DBG_TNC, "loaded MAP client certificate from '%s'", client_cert);
682 this->creds->add_cert(this->creds, TRUE, cert);
683
684 /* load MAP client private key */
685 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
686 BUILD_FROM_FILE, client_key, BUILD_END);
687 if (!key)
688 {
689 DBG1(DBG_TNC, "loading MAP client private key from '%s' failed",
690 client_key);
691 return FALSE;
692 }
693 DBG1(DBG_TNC, "loaded MAP client RSA private key from '%s'", client_key);
694 this->creds->add_key(this->creds, key);
695
696 /* set client ID to certificate distinguished name */
697 client_id = cert->get_subject(cert);
698 }
699 else
700 {
701 /* set base64-encoded username:password for HTTP Basic Authentication */
702 this->user_pass = chunk_to_base64(chunk_from_str(user_pass), NULL);
703 }
704
705 /* remove HTTPS prefix if any */
706 if (strlen(server_uri) >= 8 && strncaseeq(server_uri, "https://", 8))
707 {
708 server_uri += 8;
709 }
710 this->uri = server_uri;
711
712 /* duplicate server string since we are going to manipulate it */
713 server_str = strdup(server_uri);
714
715 /* extract server name and port from server URI */
716 port_str = strchr(server_str, ':');
717 if (port_str)
718 {
719 *port_str++ = '\0';
720 if (sscanf(port_str, "%d", &port) != 1)
721 {
722 DBG1(DBG_TNC, "parsing server port %s failed", port_str);
723 free(server_str);
724 return FALSE;
725 }
726 }
727 else
728 {
729 /* use default https port */
730 port = 443;
731 uri_str = strchr(server_str, '/');
732 if (uri_str)
733 {
734 *uri_str = '\0';
735 }
736 }
737
738 /* open TCP socket and connect to MAP server */
739 this->host = host_create_from_dns(server_str, 0, port);
740 if (!this->host)
741 {
742 DBG1(DBG_TNC, "resolving hostname %s failed", server_str);
743 free(server_str);
744 return FALSE;
745 }
746 free(server_str);
747
748 this->fd = socket(this->host->get_family(this->host), SOCK_STREAM, 0);
749 if (this->fd == IFMAP_NO_FD)
750 {
751 DBG1(DBG_TNC, "opening socket failed: %s", strerror(errno));
752 return FALSE;
753 }
754
755 if (connect(this->fd, this->host->get_sockaddr(this->host),
756 *this->host->get_sockaddr_len(this->host)) == -1)
757 {
758 DBG1(DBG_TNC, "connecting to %#H failed: %s",
759 this->host, strerror(errno));
760 return FALSE;
761 }
762
763 /* open TLS socket */
764 this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
765 if (!this->tls)
766 {
767 DBG1(DBG_TNC, "creating TLS socket failed");
768 return FALSE;
769 }
770
771 return TRUE;
772 }
773
774 /**
775 * See header
776 */
777 tnc_ifmap2_soap_t *tnc_ifmap2_soap_create()
778 {
779 private_tnc_ifmap2_soap_t *this;
780
781 INIT(this,
782 .public = {
783 .newSession = _newSession,
784 .purgePublisher = _purgePublisher,
785 .publish_ike_sa = _publish_ike_sa,
786 .publish_device_ip = _publish_device_ip,
787 .publish_enforcement_report = _publish_enforcement_report,
788 .endSession = _endSession,
789 .destroy = _destroy,
790 },
791 .fd = IFMAP_NO_FD,
792 .creds = mem_cred_create(),
793 );
794
795 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
796
797 if (!soap_init(this))
798 {
799 destroy(this);
800 return NULL;
801 }
802
803 return &this->public;
804 }
805
strongSwan - IPsec VPN