Added support for CDPs to conftest
authorMartin Willi <martin@revosec.ch>
Thu, 23 Dec 2010 10:54:17 +0000 (11:54 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:06 +0000 (16:46 +0100)
src/conftest/conftest.c

index 93b162f..e219148 100644 (file)
@@ -27,6 +27,7 @@
 #include "hooks/hook.h"
 
 #include <threading/thread.h>
 #include "hooks/hook.h"
 
 #include <threading/thread.h>
+#include <credentials/certificates/x509.h>
 
 /**
  * Conftest globals struct
 
 /**
  * Conftest globals struct
@@ -221,6 +222,48 @@ static bool load_keys(settings_t *settings, char *dir)
 }
 
 /**
 }
 
 /**
+ * Load certificate distribution points
+ */
+static void load_cdps(settings_t *settings)
+{
+       enumerator_t *enumerator;
+       identification_t *id;
+       char *ca, *uri, *section;
+       x509_t *x509;
+
+       enumerator = settings->create_section_enumerator(settings, "cdps");
+       while (enumerator->enumerate(enumerator, &section))
+       {
+               if (!strncaseeq(section, "crl", strlen("crl")))
+               {
+                       fprintf(stderr, "unknown cdp type '%s', ignored\n", section);
+                       continue;
+               }
+
+               uri = settings->get_str(settings, "cdps.%s.uri", NULL, section);
+               ca = settings->get_str(settings, "cdps.%s.ca", NULL, section);
+               if (!ca || !uri)
+               {
+                       fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section);
+                       continue;
+               }
+               x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+                                                       CERT_X509, BUILD_FROM_FILE, ca, BUILD_END);
+               if (!x509)
+               {
+                       fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section);
+                       continue;
+               }
+               id = identification_create_from_encoding(ID_KEY_ID,
+                                                                       x509->get_subjectKeyIdentifier(x509));
+               conftest->creds->add_cdp(conftest->creds, CERT_X509_CRL, id, uri);
+               DESTROY_IF((certificate_t*)x509);
+               id->destroy(id);
+       }
+       enumerator->destroy(enumerator);
+}
+
+/**
  * Load configured hooks
  */
 static bool load_hooks()
  * Load configured hooks
  */
 static bool load_hooks()
@@ -448,6 +491,7 @@ int main(int argc, char *argv[])
        {
                return 1;
        }
        {
                return 1;
        }
+       load_cdps(conftest->test);
        if (!load_hooks())
        {
                return 1;
        if (!load_hooks())
        {
                return 1;