Implemented support for preinstalled PGP certificates in charon
authorMartin Willi <martin@strongswan.org>
Mon, 14 Sep 2009 18:04:48 +0000 (20:04 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 15 Sep 2009 06:23:48 +0000 (08:23 +0200)
src/charon/plugins/stroke/stroke_cred.c
src/libstrongswan/plugins/pem/pem_builder.c
src/libstrongswan/plugins/pgp/pgp_cert.c
src/libstrongswan/plugins/pgp/pgp_cert.h
src/libstrongswan/plugins/pgp/pgp_plugin.c

index 9133a13..5f322c5 100644 (file)
@@ -240,8 +240,8 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
                                        (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter,
                                        data, (void*)id_data_destroy);
        }
-       if (cert != CERT_X509 && cert != CERT_ANY)
-       {       /* we only have X509 certificates. TODO: ACs? */
+       if (cert != CERT_X509 && cert != CERT_GPG && cert != CERT_ANY)
+       {       /* we have X509/PGP certificates. TODO: ACs? */
                return NULL;
        }
        data = malloc_thing(id_data_t);
@@ -484,9 +484,8 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
        }
 
        cert = lib->creds->create(lib->creds,
-                                                         CRED_CERTIFICATE, CERT_X509,
+                                                         CRED_CERTIFICATE, CERT_ANY,
                                                          BUILD_FROM_FILE, path,
-                                                         BUILD_X509_FLAG, 0,
                                                          BUILD_END);
        if (cert)
        {
index c53e1e9..eb3d300 100644 (file)
@@ -375,6 +375,11 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
                         * RSA for PGP keys, which is actually wrong. */
                        subtype = KEY_ANY;
                }
+               /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */
+               if (type == CRED_CERTIFICATE && subtype == CERT_ANY)
+               {
+                       subtype = pgp ? CERT_GPG : CERT_X509;
+               }
        }
        cred = lib->creds->create(lib->creds, type, subtype,
                                                          pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
index f9a2ff3..d289a3b 100644 (file)
@@ -347,7 +347,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
 /**
  * See header.
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args)
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
 {
        chunk_t packet, blob = chunk_empty;
        pgp_packet_tag_t tag;
index b641155..7845e8f 100644 (file)
@@ -43,6 +43,6 @@ struct pgp_cert_t {
  * @param args         builder_part_t argument list
  * @return                     builder instance
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args);
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args);
 
 #endif /* PGP_CERT_ @}*/
index 198b58c..eabb369 100644 (file)
@@ -18,6 +18,7 @@
 #include <library.h>
 #include "pgp_builder.h"
 #include "pgp_encoder.h"
+#include "pgp_cert.h"
 
 typedef struct private_pgp_plugin_t private_pgp_plugin_t;
 
@@ -42,6 +43,9 @@ static void destroy(private_pgp_plugin_t *this)
        lib->creds->remove_builder(lib->creds,
                                                        (builder_function_t)pgp_private_key_load);
 
+       lib->creds->remove_builder(lib->creds,
+                                                       (builder_function_t)pgp_cert_load);
+
        lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode);
 
        free(this);
@@ -65,6 +69,9 @@ plugin_t *plugin_create()
        lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
                                                        (builder_function_t)pgp_private_key_load);
 
+       lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+                                                       (builder_function_t)pgp_cert_load);
+
        lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
 
        return &this->public.plugin;