Request missing SWID tags in a directed PA-TNC message
[strongswan.git] / src / libimcv / pts / pts_creds.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pts_creds.h"
17
18 #include <utils/debug.h>
19 #include <credentials/certificates/x509.h>
20 #include <credentials/sets/mem_cred.h>
21
22 #include <sys/stat.h>
23
24 typedef struct private_pts_creds_t private_pts_creds_t;
25
26 /**
27 * Private data of a pts_creds_t object.
28 *
29 */
30 struct private_pts_creds_t {
31
32 /**
33 * Public pts_creds_t interface.
34 */
35 pts_creds_t public;
36
37 /**
38 * Credential set
39 */
40 mem_cred_t *creds;
41
42 };
43
44 METHOD(pts_creds_t, get_set, credential_set_t*,
45 private_pts_creds_t *this)
46 {
47 return &this->creds->set;
48 }
49
50
51 METHOD(pts_creds_t, destroy, void,
52 private_pts_creds_t *this)
53 {
54 this->creds->destroy(this->creds);
55 free(this);
56 }
57
58 /**
59 * Load trusted PTS CA certificates from a directory
60 */
61 static void load_cacerts(private_pts_creds_t *this, char *path)
62 {
63 enumerator_t *enumerator;
64 struct stat st;
65 char *file;
66
67 DBG1(DBG_PTS, "loading PTS ca certificates from '%s'", path);
68
69 enumerator = enumerator_create_directory(path);
70 if (!enumerator)
71 {
72 return;
73 }
74
75 while (enumerator->enumerate(enumerator, NULL, &file, &st))
76 {
77 certificate_t *cert;
78
79 if (!S_ISREG(st.st_mode))
80 {
81 /* skip special file */
82 continue;
83 }
84 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
85 BUILD_FROM_FILE, file, BUILD_END);
86 if (cert)
87 {
88 x509_t *x509 = (x509_t*)cert;
89
90 if (!(x509->get_flags(x509) & X509_CA))
91 {
92 DBG1(DBG_PTS, " ca certificate \"%Y\" lacks ca basic constraint"
93 ", discarded", cert->get_subject(cert));
94 cert->destroy(cert);
95 }
96 else
97 {
98 DBG1(DBG_PTS, " loaded ca certificate \"%Y\" from '%s'",
99 cert->get_subject(cert), file);
100 this->creds->add_cert(this->creds, TRUE, cert);
101 }
102 }
103 else
104 {
105 DBG1(DBG_PTS, " loading ca certificate from '%s' failed", file);
106 }
107 }
108 enumerator->destroy(enumerator);
109 }
110
111 /**
112 * See header
113 */
114 pts_creds_t *pts_creds_create(char *path)
115 {
116 private_pts_creds_t *this;
117
118 if (!path)
119 {
120 DBG1(DBG_PTS, "no PTS cacerts directory defined");
121 return NULL;
122 }
123
124 INIT(this,
125 .public = {
126 .get_set = _get_set,
127 .destroy = _destroy,
128 },
129 .creds = mem_cred_create(),
130 );
131
132 load_cacerts(this, path);
133
134 return &this->public;
135 }
136