android_creds_t public;
/**
- * Credential set storing trusted certificates
+ * Credential set storing trusted certificates and user credentials
*/
mem_cred_t *creds;
};
/**
+ * Free allocated DER encoding
+ */
+static void free_encoding(chunk_t *chunk)
+{
+ chunk_free(chunk);
+ free(chunk);
+}
+
+/**
* Load trusted certificates via charonservice (JNI).
*/
static void load_trusted_certificates(private_android_creds_t *this)
cert->get_subject(cert));
this->creds->add_cert(this->creds, TRUE, cert);
}
- chunk_free(current);
- free(current);
+ free_encoding(current);
}
certs->destroy(certs);
}
{
enumerator_t *enumerator;
- if (!trusted || (cert != CERT_ANY && cert != CERT_X509))
+ if (cert != CERT_ANY && cert != CERT_X509)
{
return NULL;
}
this->lock);
}
+METHOD(android_creds_t, add_username_password, void,
+ private_android_creds_t *this, char *username, char *password)
+{
+ shared_key_t *shared_key;
+ identification_t *id;
+ chunk_t secret;
+
+ secret = chunk_create(password, strlen(password));
+ shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
+ id = identification_create_from_string(username);
+
+ this->creds->add_shared(this->creds, shared_key, id, NULL);
+}
+
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+ private_android_creds_t *this, shared_key_type_t type,
+ identification_t *me, identification_t *other)
+{
+ return this->creds->set.create_shared_enumerator(&this->creds->set,
+ type, me, other);
+}
+
+METHOD(android_creds_t, load_user_certificate, certificate_t*,
+ private_android_creds_t *this)
+{
+ linked_list_t *encodings;
+ certificate_t *cert = NULL, *ca_cert;
+ chunk_t *current;
+
+ encodings = charonservice->get_user_certificate(charonservice);
+ if (!encodings)
+ {
+ return NULL;
+ }
+
+ while (encodings->remove_first(encodings, (void**)¤t) == SUCCESS)
+ {
+ if (!cert)
+ { /* the first element is the user certificate */
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, *current, BUILD_END);
+ if (!cert)
+ {
+ DBG1(DBG_CFG, "failed to load user certificate");
+ free_encoding(current);
+ break;
+ }
+ DBG1(DBG_CFG, "loaded user certificate '%Y' and private key",
+ cert->get_subject(cert));
+ cert = this->creds->add_cert_ref(this->creds, TRUE, cert);
+ free_encoding(current);
+ continue;
+ }
+ /* the rest are CA certificates, we ignore failures */
+ ca_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, *current, BUILD_END);
+ if (ca_cert)
+ {
+ DBG1(DBG_CFG, "loaded CA certificate '%Y'",
+ ca_cert->get_subject(ca_cert));
+ this->creds->add_cert(this->creds, TRUE, ca_cert);
+ }
+ free_encoding(current);
+ }
+ encodings->destroy_function(encodings, (void*)free_encoding);
+
+ if (cert)
+ {
+ private_key_t *key;
+
+ key = charonservice->get_user_key(charonservice,
+ cert->get_public_key(cert));
+ if (key)
+ {
+ this->creds->add_key(this->creds, key);
+ }
+ else
+ {
+ DBG1(DBG_CFG, "failed to load private key");
+ cert->destroy(cert);
+ cert = NULL;
+ }
+ }
+ return cert;
+}
+
+METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
+ private_android_creds_t *this, key_type_t type, identification_t *id)
+{
+ return this->creds->set.create_private_enumerator(&this->creds->set,
+ type, id);
+}
+
METHOD(android_creds_t, clear, void,
private_android_creds_t *this)
{
.public = {
.set = {
.create_cert_enumerator = _create_cert_enumerator,
- .create_shared_enumerator = (void*)return_null,
- .create_private_enumerator = (void*)return_null,
+ .create_shared_enumerator = _create_shared_enumerator,
+ .create_private_enumerator = _create_private_enumerator,
.create_cdp_enumerator = (void*)return_null,
.cache_cert = (void*)nop,
},
+ .add_username_password = _add_username_password,
+ .load_user_certificate = _load_user_certificate,
.clear = _clear,
.destroy = _destroy,
},
projects / strongswan.git / blobdiff