fixed sleep command in ikev1/esp-ah-tunnel scenario
[strongswan.git] / src / conftest / config.c
index 1e70025..9521412 100644 (file)
@@ -101,9 +101,12 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
        proposal_t *proposal;
        char *token;
 
-       ike_cfg = ike_cfg_create(TRUE, FALSE,
-               settings->get_str(settings, "configs.%s.lhost", "%any", config), 500,
-               settings->get_str(settings, "configs.%s.rhost", "%any", config), 500);
+       ike_cfg = ike_cfg_create(TRUE,
+               settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config),
+               settings->get_str(settings, "configs.%s.lhost", "%any", config),
+               settings->get_int(settings, "configs.%s.lport", 500, config),
+               settings->get_str(settings, "configs.%s.rhost", "%any", config),
+               settings->get_int(settings, "configs.%s.rport", 500, config));
        token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
        if (token)
        {
@@ -139,14 +142,22 @@ static child_cfg_t *load_child_config(private_config_t *this,
        enumerator_t *enumerator;
        proposal_t *proposal;
        traffic_selector_t *ts;
+       ipsec_mode_t mode = MODE_TUNNEL;
        host_t *net;
        char *token;
        int bits;
+       u_int32_t tfc;
 
-       child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE,
-                                               settings->get_bool(settings, "configs.%s.%s.transport",
-                                                                                  FALSE, config, child),
-                                               ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL);
+       if (settings->get_bool(settings, "configs.%s.%s.transport",
+                                                  FALSE, config, child))
+       {
+               mode = MODE_TRANSPORT;
+       }
+       tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding",
+                                                       0, config, child);
+       child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE, mode,
+                                                                ACTION_NONE, ACTION_NONE, ACTION_NONE,
+                                                                FALSE, 0, 0, NULL, NULL, tfc);
 
        token = settings->get_str(settings, "configs.%s.%s.proposal",
                                                          NULL, config, child);
@@ -236,11 +247,12 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
        child_cfg_t *child_cfg;
        enumerator_t *enumerator;
        identification_t *lid, *rid;
-       char *child;
+       char *child, *policy;
+       uintptr_t strength;
 
        ike_cfg = load_ike_config(this, settings, config);
        peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND,
-                                                          UNIQUE_NO, 1, 0, 0, 0, 0, TRUE, 0,
+                                                          UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0,
                                                           NULL, NULL, FALSE, NULL, NULL);
 
        auth = auth_cfg_create();
@@ -254,6 +266,21 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
        rid = identification_create_from_string(
                                settings->get_str(settings, "configs.%s.rid", "%any", config));
+       strength = settings->get_int(settings, "configs.%s.rsa_strength", 0);
+       if (strength)
+       {
+               auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength);
+       }
+       strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0);
+       if (strength)
+       {
+               auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
+       }
+       policy = settings->get_str(settings, "configs.%s.cert_policy", NULL, config);
+       if (policy)
+       {
+               auth->add(auth, AUTH_RULE_CERT_POLICY, strdup(policy));
+       }
        auth->add(auth, AUTH_RULE_IDENTITY, rid);
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);