streamlined file loading labels
[strongswan.git] / src / pluto / certs.c
index b004a50..129b58c 100644 (file)
 
 #include "library.h"
 #include "asn1/asn1.h"
+#include "credentials/certificates/certificate.h"
 
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
 #include "id.h"
-#include "pem.h"
 #include "certs.h"
 #include "whack.h"
+#include "builder.h"
 
 /**
  * used for initializatin of certs
@@ -68,72 +69,6 @@ public_key_t* cert_get_public_key(const cert_t cert)
        }
 }
 
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool load_coded_file(char *filename, prompt_pass_t *pass, const char *type,
-                                        chunk_t *blob, bool *pgp)
-{
-       err_t ugh = NULL;
-
-       FILE *fd = fopen(filename, "r");
-
-       if (fd)
-       {
-               int bytes;
-               fseek(fd, 0, SEEK_END );
-               blob->len = ftell(fd);
-               rewind(fd);
-               blob->ptr = malloc(blob->len);
-               bytes = fread(blob->ptr, 1, blob->len, fd);
-               fclose(fd);
-               plog("  loaded %s file '%s' (%d bytes)", type, filename, bytes);
-
-               *pgp = FALSE;
-
-               /* try DER format */
-               if (is_asn1(*blob))
-               {
-                       DBG(DBG_PARSING,
-                               DBG_log("  file coded in DER format");
-                       )
-                       return TRUE;
-               }
-
-               /* try PEM format */
-               ugh = pemtobin(blob, pass, filename, pgp);
-
-               if (ugh == NULL)
-               {
-                       if (*pgp)
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in armored PGP format");
-                               )
-                               return TRUE;
-                       }
-                       if (is_asn1(*blob))
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in PEM format");
-                               )
-                               return TRUE;
-                       }
-                       ugh = "file coded in unknown format, discarded";
-               }
-
-               /* a conversion error has occured */
-               plog("  %s", ugh);
-               free(blob->ptr);
-               *blob = chunk_empty;
-       }
-       else
-       {
-               plog("  could not open %s file '%s'", type, filename);
-       }
-       return FALSE;
-}
-
 /**
  * Passphrase callback to read from whack fd
  */
@@ -207,121 +142,32 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
                                                                 BUILD_FROM_FILE, path, BUILD_END);
                
        }
-       if (key == NULL)
+       if (key)
        {
-               plog("  syntax error in private key file");
+               plog("  loaded private key from '%s'", filename);
        }
-       return key;
-}
-
-/**
- * currently building cert_t
- */
-static cert_t *cert_builder_cert;
-
-/**
- * builder add function
- */
-static void add(builder_t *this, builder_part_t part, ...)
-{
-       chunk_t blob;
-       va_list args;
-
-       va_start(args, part);
-       blob = va_arg(args, chunk_t);
-       va_end(args);
-
-       switch (part)
-       {
-               case BUILD_BLOB_PGP:
-               {
-                       pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
-                       *pgpcert = pgpcert_empty;
-                       if (parse_pgp(blob, pgpcert))
-                       {
-                               cert_builder_cert->type = CERT_PGP;
-                               cert_builder_cert->u.pgp = pgpcert;
-                       }
-                       else
-                       {
-                               plog("  error in OpenPGP certificate");
-                               free_pgpcert(pgpcert);
-                       }
-                       break;
-               }
-               case BUILD_BLOB_ASN1_DER:
-               {
-                       x509cert_t *x509cert = malloc_thing(x509cert_t);
-                       *x509cert = empty_x509cert;
-                       if (parse_x509cert(blob, 0, x509cert))
-                       {
-                               cert_builder_cert->type = CERT_X509_SIGNATURE;
-                               cert_builder_cert->u.x509 = x509cert;
-                       }
-                       else
-                       {
-                               plog("  error in X.509 certificate");
-                               free_x509cert(x509cert);
-                       }
-                       break;
-               }
-               default:
-                       builder_cancel(this);
-                       break;
-       }
-}
-
-/**
- * builder build function
- */
-static void *build(builder_t *this)
-{
-       free(this);
-       if (cert_builder_cert->type == CERT_NONE)
-       {
-               return NULL;
-       }
-       return cert_builder_cert;
-}
-
-/**
- * certificate builder in cert_t format.
- */
-static builder_t *cert_builder(credential_type_t type, int subtype)
-{
-       builder_t *this;
-       
-       if (subtype != 1)
+       else
        {
-               return NULL;
+               plog("  syntax error in private key file");
        }
-       this = malloc_thing(builder_t);
-       this->add = add;
-       this->build = build;
-
-       return this;
+       return key;
 }
 
 /**
  *  Loads a X.509 or OpenPGP certificate
  */
-bool load_cert(char *filename, const char *label, cert_t *cert)
+bool load_cert(char *filename, const char *label, cert_t *out)
 {
-       cert_builder_cert = cert;
-       
-       cert->type = CERT_NONE;
-       cert->u.x509 = NULL;
-       cert->u.pgp = NULL;
+       cert_t *cert;
 
-       /* hook in builder functions to build pluto specific certificate format */
-       lib->creds->add_builder(lib->creds, CRED_PLUTO_CERT, 1,
-                                                       (builder_constructor_t)cert_builder);
-       cert = lib->creds->create(lib->creds, CRED_PLUTO_CERT, 1,
+       cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT,
                                                          BUILD_FROM_FILE, filename, BUILD_END);
-       lib->creds->remove_builder(lib->creds,
-                                                       (builder_constructor_t)cert_builder);
        if (cert)
        {
+               /* the API passes an empty cert_t, we move over and free the built one */
+               plog("  loaded %s certificate from '%s'", label, filename);
+               *out = *cert;
+               free(cert);
                return TRUE;
        }
        return FALSE;
@@ -334,7 +180,7 @@ bool load_host_cert(char *filename, cert_t *cert)
 {
        char *path = concatenate_paths(HOST_CERT_PATH, filename);
 
-       return load_cert(path, "host cert", cert);
+       return load_cert(path, "host", cert);
 }
 
 /**
@@ -344,7 +190,7 @@ bool load_ca_cert(char *filename, cert_t *cert)
 {
        char *path = concatenate_paths(CA_CERT_PATH, filename);
 
-       return load_cert(path, "CA cert", cert);
+       return load_cert(path, "CA", cert);
 }
 
 /**