keychain: add a stub for a credential plugin using OS X Keychain Services
authorMartin Willi <martin@revosec.ch>
Mon, 29 Apr 2013 09:19:57 +0000 (11:19 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 18 Jul 2013 10:17:54 +0000 (12:17 +0200)
configure.in
src/libstrongswan/Makefile.am
src/libstrongswan/plugins/keychain/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/keychain/keychain_creds.c [new file with mode: 0644]
src/libstrongswan/plugins/keychain/keychain_creds.h [new file with mode: 0644]
src/libstrongswan/plugins/keychain/keychain_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/keychain/keychain_plugin.h [new file with mode: 0644]

index 53d06a3..f1524c2 100644 (file)
@@ -218,6 +218,7 @@ ARG_ENABL_SET([padlock],        [enables VIA Padlock crypto plugin.])
 ARG_ENABL_SET([openssl],        [enables the OpenSSL crypto plugin.])
 ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
 ARG_ENABL_SET([agent],          [enables the ssh-agent signing plugin.])
+ARG_ENABL_SET([keychain],       [enables OS X Keychain Services credential set.])
 ARG_ENABL_SET([pkcs11],         [enables the PKCS11 token support plugin.])
 ARG_ENABL_SET([ctr],            [enables the Counter Mode wrapper crypto plugin.])
 ARG_ENABL_SET([ccm],            [enables the CCM AEAD wrapper crypto plugin.])
@@ -1012,6 +1013,7 @@ ADD_PLUGIN([af-alg],               [s charon openac scepclient pki scripts medsr
 ADD_PLUGIN([fips-prf],             [s charon nm cmd])
 ADD_PLUGIN([gmp],                  [s charon openac scepclient pki scripts manager medsrv attest nm cmd])
 ADD_PLUGIN([agent],                [s charon nm cmd])
+ADD_PLUGIN([keychain],             [s charon cmd])
 ADD_PLUGIN([xcbc],                 [s charon nm cmd])
 ADD_PLUGIN([cmac],                 [s charon nm cmd])
 ADD_PLUGIN([hmac],                 [s charon scripts nm cmd])
@@ -1148,6 +1150,7 @@ AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue)
 AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue)
 AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue)
 AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue)
+AM_CONDITIONAL(USE_KEYCHAIN, test x$keychain = xtrue)
 AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue)
 AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue)
 AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
@@ -1349,6 +1352,7 @@ AC_CONFIG_FILES([
        src/libstrongswan/plugins/openssl/Makefile
        src/libstrongswan/plugins/gcrypt/Makefile
        src/libstrongswan/plugins/agent/Makefile
+       src/libstrongswan/plugins/keychain/Makefile
        src/libstrongswan/plugins/pkcs11/Makefile
        src/libstrongswan/plugins/ctr/Makefile
        src/libstrongswan/plugins/ccm/Makefile
index bde5f71..82d2159 100644 (file)
@@ -423,6 +423,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_KEYCHAIN
+  SUBDIRS += plugins/keychain
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/keychain/libstrongswan-keychain.la
+endif
+endif
+
 if USE_PKCS11
   SUBDIRS += plugins/pkcs11
 if MONOLITHIC
diff --git a/src/libstrongswan/plugins/keychain/Makefile.am b/src/libstrongswan/plugins/keychain/Makefile.am
new file mode 100644 (file)
index 0000000..e0d25b6
--- /dev/null
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-keychain.la
+else
+plugin_LTLIBRARIES = libstrongswan-keychain.la
+endif
+
+libstrongswan_keychain_la_SOURCES = \
+       keychain_plugin.h keychain_plugin.c \
+       keychain_creds.h keychain_creds.c
+
+libstrongswan_keychain_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.c b/src/libstrongswan/plugins/keychain/keychain_creds.c
new file mode 100644 (file)
index 0000000..d3331fa
--- /dev/null
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "keychain_creds.h"
+
+#include <utils/debug.h>
+
+typedef struct private_keychain_creds_t private_keychain_creds_t;
+
+/**
+ * Private data of an keychain_creds_t object.
+ */
+struct private_keychain_creds_t {
+
+       /**
+        * Public keychain_creds_t interface.
+        */
+       keychain_creds_t public;
+};
+
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+       private_keychain_creds_t *this, certificate_type_t cert, key_type_t key,
+       identification_t *id, bool trusted)
+{
+       return enumerator_create_empty();
+}
+
+METHOD(keychain_creds_t, destroy, void,
+       private_keychain_creds_t *this)
+{
+       free(this);
+}
+
+/**
+ * See header
+ */
+keychain_creds_t *keychain_creds_create()
+{
+       private_keychain_creds_t *this;
+
+       INIT(this,
+               .public = {
+                       .set = {
+                               .create_shared_enumerator = (void*)enumerator_create_empty,
+                               .create_private_enumerator = (void*)enumerator_create_empty,
+                               .create_cert_enumerator = _create_cert_enumerator,
+                               .create_cdp_enumerator  = (void*)enumerator_create_empty,
+                               .cache_cert = (void*)nop,
+                       },
+                       .destroy = _destroy,
+               },
+       );
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/keychain/keychain_creds.h b/src/libstrongswan/plugins/keychain/keychain_creds.h
new file mode 100644 (file)
index 0000000..f2ca5d7
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup keychain_creds keychain_creds
+ * @{ @ingroup keychain
+ */
+
+#ifndef KEYCHAIN_CREDS_H_
+#define KEYCHAIN_CREDS_H_
+
+typedef struct keychain_creds_t keychain_creds_t;
+
+#include <credentials/credential_manager.h>
+
+/**
+ * Credential set using OS X Keychain Services.
+ */
+struct keychain_creds_t {
+
+       /**
+        * Implements credential_set_t.
+        */
+       credential_set_t set;
+
+       /**
+        * Destroy a keychain_creds_t.
+        */
+       void (*destroy)(keychain_creds_t *this);
+};
+
+/**
+ * Create a keychain_creds instance.
+ */
+keychain_creds_t *keychain_creds_create();
+
+#endif /** KEYCHAIN_CREDS_H_ @}*/
diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.c b/src/libstrongswan/plugins/keychain/keychain_plugin.c
new file mode 100644 (file)
index 0000000..5ce7b16
--- /dev/null
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "keychain_plugin.h"
+#include "keychain_creds.h"
+
+#include <library.h>
+
+typedef struct private_keychain_plugin_t private_keychain_plugin_t;
+
+/**
+ * private data of keychain_plugin
+ */
+struct private_keychain_plugin_t {
+
+       /**
+        * public functions
+        */
+       keychain_plugin_t public;
+
+       /**
+        * System level Keychain Services credential set
+        */
+       keychain_creds_t *creds;
+};
+
+METHOD(plugin_t, get_name, char*,
+       private_keychain_plugin_t *this)
+{
+       return "keychain";
+}
+
+METHOD(plugin_t, destroy, void,
+       private_keychain_plugin_t *this)
+{
+       lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+       this->creds->destroy(this->creds);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *keychain_plugin_create()
+{
+       private_keychain_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .destroy = _destroy,
+                       },
+               },
+               .creds = keychain_creds_create(),
+       );
+
+       lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+
+       return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/keychain/keychain_plugin.h b/src/libstrongswan/plugins/keychain/keychain_plugin.h
new file mode 100644 (file)
index 0000000..482f173
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup keychain keychain
+ * @ingroup plugins
+ *
+ * @defgroup keychain_plugin keychain_plugin
+ * @{ @ingroup keychain
+ */
+
+#ifndef KEYCHAIN_PLUGIN_H_
+#define KEYCHAIN_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct keychain_plugin_t keychain_plugin_t;
+
+/**
+ * Plugin providing OS X Keychain Services support.
+ */
+struct keychain_plugin_t {
+
+       /**
+        * Implements plugin interface,
+        */
+       plugin_t plugin;
+};
+
+#endif /** KEYCHAIN_PLUGIN_H_ @}*/