#include "nm_service.h"
#include <daemon.h>
-#include <asn1/pem.h>
#include <utils/host.h>
#include <utils/identification.h>
#include <config/peer_cfg.h>
str = nm_setting_vpn_get_data_item(vpn, "userkey");
if (!agent && str)
{
- chunk_t secret, chunk;
- bool pgp = FALSE;
+ chunk_t secret;
secret.ptr = (char*)nm_setting_vpn_get_secret(vpn, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp))
- {
- private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
- KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
- free(chunk.ptr);
- }
+ private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+ KEY_RSA, BUILD_FROM_FILE, str,
+ BUILD_PASSPHRASE, secret, BUILD_END);
if (!private)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR,
{
NMSettingVPN *settings;
const char *method, *path;
- chunk_t secret = chunk_empty, key;
- bool pgp = FALSE;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
NM_TYPE_SETTING_VPN));
path = nm_setting_vpn_get_data_item(settings, "userkey");
if (path)
{
+ private_key_t *key;
+ chunk_t secret;
+
secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file((char*)path, &secret, &key, &pgp))
+ /* try to load/decrypt the private key */
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+ KEY_RSA, BUILD_FROM_FILE, path,
+ BUILD_PASSPHRASE, secret, BUILD_END);
+ if (key)
{
- free(key.ptr);
+ key->destroy(key);
return FALSE;
}
}
#include <utils/linked_list.h>
#include <utils/lexparser.h>
#include <utils/mutex.h>
-#include <asn1/pem.h>
#include <daemon.h>
/* configuration directories and files */
if (!(x509->get_flags(x509) & X509_CA))
{
+ DBG1(DBG_CFG, " ca certificate '%Y' misses ca basic constraint, "
+ "discarded", cert->get_subject(cert));
cert->destroy(cert);
- DBG1(DBG_CFG, " ca certificate must have ca basic constraint set, "
- "discarded");
return NULL;
}
return (certificate_t*)add_cert(this, cert);
if (cert)
{
cert = add_cert(this, cert);
+ DBG1(DBG_CFG, " loaded certificate '%Y' from "
+ "file '%s'", cert->get_subject(cert), filename);
return cert->get_ref(cert);
}
+ DBG1(DBG_CFG, " loading certificate from file "
+ "'%s' failed", filename);
return NULL;
}
if (!(x509->get_flags(x509) & X509_CA))
{
- DBG1(DBG_CFG, " ca certificate must have ca "
- "basic constraint set, discarded");
+ DBG1(DBG_CFG, " ca certificate '%Y' misses "
+ "ca basic constraint, discarded",
+ cert->get_subject(cert));
cert->destroy(cert);
cert = NULL;
}
+ else
+ {
+ DBG1(DBG_CFG, " loaded CA certificate '%Y' from "
+ "file '%s'", cert->get_subject(cert), file);
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading CA certificate from file "
+ "'%s' failed", file);
}
}
else
CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, file,
BUILD_X509_FLAG, flag, BUILD_END);
+ if (cert)
+ {
+ DBG1(DBG_CFG, " loaded certificate '%Y' from "
+ "file '%s'", cert->get_subject(cert), file);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading certificate from file "
+ "'%s' failed", file);
+ }
}
if (cert)
{
if (cert)
{
add_crl(this, (crl_t*)cert);
+ DBG1(DBG_CFG, " loaded crl from file '%s'", file);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading crl from file '%s' failed", file);
}
break;
case CERT_X509_AC:
if (cert)
{
add_ac(this, (ac_t*)cert);
+ DBG1(DBG_CFG, " loaded attribute certificate from "
+ "file '%s'", file);
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading attribute certificate from "
+ "file '%s' failed", file);
}
break;
default:
- break;
+ break;
}
}
enumerator->destroy(enumerator);
chunk_t filename;
chunk_t secret = chunk_empty;
private_key_t *key;
- bool pgp = FALSE;
- chunk_t chunk = chunk_empty;
key_type_t key_type = match("RSA", &token) ? KEY_RSA : KEY_ECDSA;
err_t ugh = extract_value(&filename, &line);
goto error;
}
}
-
- if (pem_asn1_load_file(path, &secret, &chunk, &pgp))
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
+ BUILD_FROM_FILE, path,
+ BUILD_PASSPHRASE, secret,BUILD_END);
+ if (key)
{
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
- BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
- free(chunk.ptr);
- if (key)
- {
- DBG1(DBG_CFG, " loaded private key file '%s'", path);
- this->private->insert_last(this->private, key);
- }
+ DBG1(DBG_CFG, " loaded %N private key file '%s'",
+ key_type_names, key->get_type(key), path);
+ this->private->insert_last(this->private, key);
}
chunk_clear(&secret);
}
return &this->public;
}
-/*
- * Described in header.
- */
-pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label)
-{
- bool pgp = FALSE;
- chunk_t chunk = chunk_empty;
- char cert_label[BUF_LEN];
- pkcs7_t *pkcs7;
-
- snprintf(cert_label, BUF_LEN, "%s pkcs7", label);
-
- if (!pem_asn1_load_file(filename, NULL, cert_label, &chunk, &pgp))
- {
- return NULL;
- }
-
- pkcs7 = pkcs7_create_from_chunk(chunk, 0);
- free(chunk.ptr);
- return pkcs7;
-}
*/
pkcs7_t *pkcs7_create_from_data(chunk_t data);
-/**
- * Read a X.509 certificate from a DER encoded file.
- *
- * @param filename file containing DER encoded data
- * @param label label describing kind of PKCS#7 file
- * @return created pkcs7_t object, or NULL if invalid.
- */
-pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label);
-
#endif /** PKCS7_H_ @}*/
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
-#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t;
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
-#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
#include <pgp/pgp.h>
#include "pubkey_public_key.h"
#include <debug.h>
-#include <asn1/pem.h>
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
va_end(args);
return;
}
- case BUILD_BLOB_PEM:
- {
- bool pgp;
-
- va_start(args, part);
- blob = va_arg(args, chunk_t);
- blob = chunk_clone(blob);
- if (pem_to_bin(&blob, chunk_empty, &pgp) == SUCCESS)
- {
- this->key = pubkey_public_key_load(chunk_clone(blob));
- }
- free(blob.ptr);
- va_end(args);
- return;
- }
default:
break;
}
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
-#include <asn1/pem.h>
#include <utils/identification.h>
#include <utils/linked_list.h>
#include <credentials/certificates/x509.h>
return NULL;
}
return this;
-}
-
-/**
- * create X.509 crl from a file
- */
-static private_x509_ac_t* create_from_file(char *path)
-{
- bool pgp = FALSE;
- chunk_t chunk;
- private_x509_ac_t *this;
-
- if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
- {
- return NULL;
- }
-
- this = create_from_chunk(chunk);
-
- if (this == NULL)
- {
- DBG1(" could not parse loaded attribute certificate file '%s'", path);
- return NULL;
- }
- DBG1(" loaded attribute certificate file '%s'", path);
- return this;
}
-
+
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for certificate loading
va_start(args, part);
switch (part)
{
- case BUILD_FROM_FILE:
- if (this->ac)
- {
- destroy(this->ac);
- }
- this->ac = create_from_file(va_arg(args, char*));
- break;
case BUILD_BLOB_ASN1_DER:
if (this->ac)
{
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
-#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
#include <credentials/keys/private_key.h>
#include <utils/linked_list.h>
return this;
}
-/**
- * create an X.509 certificate from a file
- */
-static private_x509_cert_t *create_from_file(char *path)
-{
- bool pgp = FALSE;
- chunk_t chunk;
- private_x509_cert_t *this;
-
- if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
- {
- return NULL;
- }
-
- this = create_from_chunk(chunk);
-
- if (this == NULL)
- {
- DBG1(" could not parse loaded certificate file '%s'",path);
- return NULL;
- }
- DBG1(" loaded certificate file '%s'", path);
- return this;
-}
-
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for certificate loading
va_start(args, part);
switch (part)
{
- case BUILD_FROM_FILE:
- this->cert = create_from_file(va_arg(args, char*));
- break;
case BUILD_BLOB_ASN1_DER:
chunk = va_arg(args, chunk_t);
this->cert = create_from_chunk(chunk_clone(chunk));
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
-#include <asn1/pem.h>
#include <credentials/certificates/x509.h>
#include <utils/linked_list.h>
return this;
}
-/**
- * create an X.509 crl from a chunk
- */
-static private_x509_crl_t* create_from_chunk(chunk_t chunk)
-{
- private_x509_crl_t *this = create_empty();
-
- this->encoding = chunk;
- if (!parse(this))
- {
- destroy(this);
- return NULL;
- }
- return this;
-}
-
-/**
- * create an X.509 crl from a file
- */
-static private_x509_crl_t* create_from_file(char *path)
-{
- bool pgp = FALSE;
- chunk_t chunk;
- private_x509_crl_t *this;
-
- if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
- {
- return NULL;
- }
-
- this = create_from_chunk(chunk);
-
- if (this == NULL)
- {
- DBG1(" could not parse loaded crl file '%s'",path);
- return NULL;
- }
- DBG1(" loaded crl file '%s'", path);
- return this;
-}
-
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for certificate loading
struct private_builder_t {
/** implements the builder interface */
builder_t public;
- /** loaded CRL */
- private_x509_crl_t *crl;
+ /** CRL chunk to build from */
+ chunk_t blob;
};
/**
*/
static private_x509_crl_t *build(private_builder_t *this)
{
- private_x509_crl_t *crl = this->crl;
+ private_x509_crl_t *crl = NULL;
+ if (this->blob.len && this->blob.ptr)
+ {
+ crl = create_empty();
+ crl->encoding = chunk_clone(this->blob);
+ if (!parse(crl))
+ {
+ destroy(crl);
+ crl = NULL;
+ }
+ }
free(this);
return crl;
}
*/
static void add(private_builder_t *this, builder_part_t part, ...)
{
- if (!this->crl)
- {
- va_list args;
- chunk_t chunk;
+ va_list args;
- switch (part)
+ switch (part)
+ {
+ case BUILD_BLOB_ASN1_DER:
{
- case BUILD_FROM_FILE:
- {
- va_start(args, part);
- this->crl = create_from_file(va_arg(args, char*));
- va_end(args);
- return;
- }
- case BUILD_BLOB_ASN1_DER:
- {
- va_start(args, part);
- chunk = va_arg(args, chunk_t);
- this->crl = create_from_chunk(chunk_clone(chunk));
- va_end(args);
- return;
- }
- default:
- break;
+ va_start(args, part);
+ this->blob = va_arg(args, chunk_t);
+ va_end(args);
+ return;
}
- }
- if (this->crl)
- {
- destroy(this->crl);
+ default:
+ break;
}
builder_cancel(&this->public);
}
{
return NULL;
}
-
this = malloc_thing(private_builder_t);
- this->crl = NULL;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
+ this->blob = chunk_empty;
+
return &this->public;
}
#include <library.h>
#include <debug.h>
#include <asn1/asn1.h>
-#include <asn1/pem.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/ac.h>
#include <credentials/keys/private_key.h>
}
/**
- * Load and parse a private key file
- */
-static private_key_t* private_key_create_from_file(char *path, chunk_t *secret)
-{
- bool pgp = FALSE;
- chunk_t chunk = chunk_empty;
- private_key_t *key = NULL;
-
- if (!pem_asn1_load_file(path, secret, &chunk, &pgp))
- {
- DBG1(" could not load private key file '%s'", path);
- return NULL;
- }
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
- free(chunk.ptr);
- if (key == NULL)
- {
- DBG1(" could not parse loaded private key file '%s'", path);
- return NULL;
- }
- DBG1(" loaded private key file '%s'", path);
- return key;
-}
-
-/**
* global variables accessible by both main() and build.c
*/
/* load the signer's RSA private key */
if (keyfile != NULL)
{
- signerKey = private_key_create_from_file(keyfile, &passphrase);
-
+ signerKey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ BUILD_FROM_FILE, keyfile,
+ BUILD_PASSPHRASE, passphrase,
+ BUILD_END);
if (signerKey == NULL)
{
goto end;
}
+ DBG1(" loaded private key file '%s'", keyfile);
}
/* load the signer's X.509 certificate */
projects / strongswan.git / commitdiff