streamlined file loading labels
[strongswan.git] / src / pluto / certs.c
index fcc9ec5..129b58c 100644 (file)
 
 #include "library.h"
 #include "asn1/asn1.h"
+#include "credentials/certificates/certificate.h"
 
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
 #include "id.h"
-#include "pem.h"
 #include "certs.h"
 #include "whack.h"
+#include "builder.h"
 
 /**
  * used for initializatin of certs
@@ -68,72 +69,6 @@ public_key_t* cert_get_public_key(const cert_t cert)
        }
 }
 
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool load_coded_file(char *filename, prompt_pass_t *pass, const char *type,
-                                        chunk_t *blob, bool *pgp)
-{
-       err_t ugh = NULL;
-
-       FILE *fd = fopen(filename, "r");
-
-       if (fd)
-       {
-               int bytes;
-               fseek(fd, 0, SEEK_END );
-               blob->len = ftell(fd);
-               rewind(fd);
-               blob->ptr = malloc(blob->len);
-               bytes = fread(blob->ptr, 1, blob->len, fd);
-               fclose(fd);
-               plog("  loaded %s file '%s' (%d bytes)", type, filename, bytes);
-
-               *pgp = FALSE;
-
-               /* try DER format */
-               if (is_asn1(*blob))
-               {
-                       DBG(DBG_PARSING,
-                               DBG_log("  file coded in DER format");
-                       )
-                       return TRUE;
-               }
-
-               /* try PEM format */
-               ugh = pemtobin(blob, pass, filename, pgp);
-
-               if (ugh == NULL)
-               {
-                       if (*pgp)
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in armored PGP format");
-                               )
-                               return TRUE;
-                       }
-                       if (is_asn1(*blob))
-                       {
-                               DBG(DBG_PARSING,
-                                       DBG_log("  file coded in PEM format");
-                               )
-                               return TRUE;
-                       }
-                       ugh = "file coded in unknown format, discarded";
-               }
-
-               /* a conversion error has occured */
-               plog("  %s", ugh);
-               free(blob->ptr);
-               *blob = chunk_empty;
-       }
-       else
-       {
-               plog("  could not open %s file '%s'", type, filename);
-       }
-       return FALSE;
-}
-
 /**
  * Passphrase callback to read from whack fd
  */
@@ -207,7 +142,11 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
                                                                 BUILD_FROM_FILE, path, BUILD_END);
                
        }
-       if (key == NULL)
+       if (key)
+       {
+               plog("  loaded private key from '%s'", filename);
+       }
+       else
        {
                plog("  syntax error in private key file");
        }
@@ -217,51 +156,19 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass,
 /**
  *  Loads a X.509 or OpenPGP certificate
  */
-bool load_cert(char *filename, const char *label, cert_t *cert)
+bool load_cert(char *filename, const char *label, cert_t *out)
 {
-       bool pgp = FALSE;
-       chunk_t blob = chunk_empty;
+       cert_t *cert;
 
-       /* initialize cert struct */
-       cert->type = CERT_NONE;
-       cert->u.x509 = NULL;
-
-       if (load_coded_file(filename, NULL, label, &blob, &pgp))
+       cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT,
+                                                         BUILD_FROM_FILE, filename, BUILD_END);
+       if (cert)
        {
-               if (pgp)
-               {
-                       pgpcert_t *pgpcert = malloc_thing(pgpcert_t);
-                       *pgpcert = pgpcert_empty;
-                       if (parse_pgp(blob, pgpcert))
-                       {
-                               cert->type = CERT_PGP;
-                               cert->u.pgp = pgpcert;
-                               return TRUE;
-                       }
-                       else
-                       {
-                               plog("  error in OpenPGP certificate");
-                               free_pgpcert(pgpcert);
-                               return FALSE;
-                       }
-               }
-               else
-               {
-                       x509cert_t *x509cert = malloc_thing(x509cert_t);
-                       *x509cert = empty_x509cert;
-                       if (parse_x509cert(blob, 0, x509cert))
-                       {
-                               cert->type = CERT_X509_SIGNATURE;
-                               cert->u.x509 = x509cert;
-                               return TRUE;
-                       }
-                       else
-                       {
-                               plog("  error in X.509 certificate");
-                               free_x509cert(x509cert);
-                               return FALSE;
-                       }
-               }
+               /* the API passes an empty cert_t, we move over and free the built one */
+               plog("  loaded %s certificate from '%s'", label, filename);
+               *out = *cert;
+               free(cert);
+               return TRUE;
        }
        return FALSE;
 }
@@ -273,7 +180,7 @@ bool load_host_cert(char *filename, cert_t *cert)
 {
        char *path = concatenate_paths(HOST_CERT_PATH, filename);
 
-       return load_cert(path, "host cert", cert);
+       return load_cert(path, "host", cert);
 }
 
 /**
@@ -283,7 +190,7 @@ bool load_ca_cert(char *filename, cert_t *cert)
 {
        char *path = concatenate_paths(CA_CERT_PATH, filename);
 
-       return load_cert(path, "CA cert", cert);
+       return load_cert(path, "CA", cert);
 }
 
 /**