8a90e05af7c76dd80aa11b834df0f0ccfb2e4c2d
[strongswan.git] / src / pluto / builder.c
1 /* Pluto certificate/CRL/AC builder hooks.
2 * Copyright (C) 2002-2009 Andreas Steffen
3 * Copyright (C) 2009 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "builder.h"
18
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include <unistd.h>
23 #include <time.h>
24
25 #include <freeswan.h>
26
27 #include <library.h>
28 #include <credentials/certificates/certificate.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "log.h"
33 #include "id.h"
34 #include "certs.h"
35 #include "ac.h"
36 #include "crl.h"
37
38 /**
39 * Load a certificate
40 */
41 static cert_t *builder_load_cert(certificate_type_t type, va_list args)
42 {
43 chunk_t blob = chunk_empty;
44 bool pgp = FALSE;
45
46 while (TRUE)
47 {
48 switch (va_arg(args, builder_part_t))
49 {
50 case BUILD_BLOB_PGP:
51 pgp = TRUE;
52 /* FALL */
53 case BUILD_BLOB_ASN1_DER:
54 blob = va_arg(args, chunk_t);
55 continue;
56 case BUILD_END:
57 break;
58 default:
59 return NULL;
60 }
61 break;
62 }
63 if (blob.ptr)
64 {
65 if (pgp)
66 {
67 pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
68 *pgpcert = pgpcert_empty;
69 if (parse_pgp(chunk_clone(blob), pgpcert))
70 {
71 cert_t *cert = malloc_thing(cert_t);
72 *cert = cert_empty;
73 cert->type = CERT_PGP;
74 cert->u.pgp = pgpcert;
75 return cert;
76 }
77 plog(" error in OpenPGP certificate");
78 free_pgpcert(pgpcert);
79 }
80 else
81 {
82 x509cert_t *x509cert = malloc_thing(x509cert_t);
83
84 *x509cert = empty_x509cert;
85 x509cert->cert = lib->creds->create(lib->creds,
86 CRED_CERTIFICATE, CERT_X509,
87 BUILD_BLOB_ASN1_DER, blob,
88 BUILD_END);
89 if (x509cert->cert)
90 {
91 cert_t *cert = malloc_thing(cert_t);
92
93 *cert = cert_empty;
94 cert->type = CERT_X509_SIGNATURE;
95 cert->u.x509 = x509cert;
96 time(&x509cert->installed);
97 return cert;
98 }
99 plog(" error in X.509 certificate");
100 free_x509cert(x509cert);
101 }
102 }
103 return NULL;
104 }
105
106 /**
107 * Load a attribute certificate
108 */
109 static x509acert_t *builder_load_ac(certificate_type_t type, va_list args)
110 {
111 chunk_t blob = chunk_empty;
112 x509acert_t *ac;
113
114 while (TRUE)
115 {
116 switch (va_arg(args, builder_part_t))
117 {
118 case BUILD_BLOB_ASN1_DER:
119 blob = va_arg(args, chunk_t);
120 continue;
121 case BUILD_END:
122 break;
123 default:
124 return NULL;
125 }
126 break;
127 }
128 if (blob.ptr)
129 {
130 ac = malloc_thing(x509acert_t);
131 *ac = empty_ac;
132 if (parse_ac(chunk_clone(blob), ac) &&
133 verify_x509acert(ac, FALSE))
134 {
135 return ac;
136 }
137 plog(" error in X.509 AC");
138 free_acert(ac);
139 }
140 return NULL;
141 }
142
143 /**
144 * Load a CRL
145 */
146 static x509crl_t *builder_load_crl(certificate_type_t type, va_list args)
147 {
148 chunk_t blob = chunk_empty;
149 x509crl_t *crl;
150
151 while (TRUE)
152 {
153 switch (va_arg(args, builder_part_t))
154 {
155 case BUILD_BLOB_ASN1_DER:
156 blob = va_arg(args, chunk_t);
157 continue;
158 case BUILD_END:
159 break;
160 default:
161 return NULL;
162 }
163 break;
164 }
165 if (blob.ptr)
166 {
167 crl = malloc_thing(x509crl_t);
168 *crl = empty_x509crl;
169 crl->distributionPoints = linked_list_create();
170
171 crl->crl = lib->creds->create(lib->creds,
172 CRED_CERTIFICATE, CERT_X509_CRL,
173 BUILD_BLOB_ASN1_DER, blob,
174 BUILD_END);
175 if (crl->crl)
176 {
177 return crl;
178 }
179 plog(" error in X.509 crl");
180 free_crl(crl);
181 }
182 return NULL;
183 }
184
185 void init_builder(void)
186 {
187 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT,
188 (builder_function_t)builder_load_cert);
189 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_AC,
190 (builder_function_t)builder_load_ac);
191 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
192 (builder_function_t)builder_load_crl);
193 }
194
195 void free_builder(void)
196 {
197 lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_cert);
198 lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_ac);
199 lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_crl);
200 }
201