moved RAW public key support to a separate plugin (pubkey)
authorMartin Willi <martin@strongswan.org>
Thu, 8 May 2008 13:16:42 +0000 (13:16 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 8 May 2008 13:16:42 +0000 (13:16 -0000)
configure.in
src/charon/plugins/medsrv/Makefile.am
src/charon/plugins/medsrv/medsrv_creds.c
src/charon/plugins/medsrv/medsrv_pubkey.c [deleted file]
src/charon/plugins/medsrv/medsrv_pubkey.h [deleted file]
src/libstrongswan/Makefile.am
src/libstrongswan/plugins/pubkey/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/pubkey/pubkey_cert.c [new file with mode: 0644]
src/libstrongswan/plugins/pubkey/pubkey_cert.h [new file with mode: 0644]
src/libstrongswan/plugins/pubkey/pubkey_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/pubkey/pubkey_plugin.h [new file with mode: 0644]

index d03f2fb..cfc90ab 100644 (file)
@@ -255,6 +255,17 @@ AC_ARG_ENABLE(
 )
 
 AC_ARG_ENABLE(
+       [pubkey],
+       AS_HELP_STRING([--disable-pubkey],[disable RAW public key support plugin. (default is NO).]),
+       [if test x$enableval = xyes; then
+               pubkey=true
+        else
+               pubkey=false
+       fi],
+       pubkey=true
+)
+
+AC_ARG_ENABLE(
        [hmac],
        AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]),
        [if test x$enableval = xyes; then
@@ -660,6 +671,7 @@ AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
 AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
 AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
+AM_CONDITIONAL(USE_PUBKEY, test x$pubkey = xtrue)
 AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
 AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
 AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
@@ -722,6 +734,7 @@ AC_OUTPUT(
        src/libstrongswan/plugins/hmac/Makefile
        src/libstrongswan/plugins/xcbc/Makefile
        src/libstrongswan/plugins/x509/Makefile
+       src/libstrongswan/plugins/pubkey/Makefile
        src/libstrongswan/plugins/curl/Makefile
        src/libstrongswan/plugins/ldap/Makefile
        src/libstrongswan/plugins/mysql/Makefile
index afff076..491e12d 100644 (file)
@@ -6,7 +6,6 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libcharon-medsrv.la
 libcharon_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
                              medsrv_creds.h medsrv_creds.c \
-                             medsrv_config.h medsrv_config.c \
-                             medsrv_pubkey.h medsrv_pubkey.c
+                             medsrv_config.h medsrv_config.c
 libcharon_medsrv_la_LDFLAGS = -module
 
index b87ef06..4289076 100644 (file)
@@ -16,7 +16,6 @@
  */
 
 #include "medsrv_creds.h"
-#include "medsrv_pubkey.h"
 
 #include <daemon.h>
 #include <library.h>
@@ -60,6 +59,7 @@ typedef struct {
 static bool cert_enumerator_enumerate(cert_enumerator_t *this,
                                                                          certificate_t **cert)
 {
+       certificate_t *trusted;
        public_key_t *public;
        chunk_t chunk;
 
@@ -73,8 +73,15 @@ static bool cert_enumerator_enumerate(cert_enumerator_t *this,
                {
                        if (this->type == KEY_ANY || this->type == public->get_type(public))
                        {
-                               *cert = this->current = (certificate_t*)medsrv_pubkey_create(public);
-                               return TRUE;
+                               trusted = lib->creds->create(lib->creds,
+                                                                               CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+                                                                               BUILD_PUBLIC_KEY, public, BUILD_END);
+                               if (trusted)
+                               {
+                                       *cert = this->current = trusted;
+                                       return TRUE;
+                               }
+                               continue;
                        }
                        public->destroy(public);
                }
diff --git a/src/charon/plugins/medsrv/medsrv_pubkey.c b/src/charon/plugins/medsrv/medsrv_pubkey.c
deleted file mode 100644 (file)
index 26a9647..0000000
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-#include "medsrv_pubkey.h"
-
-typedef struct private_medsrv_pubkey_t private_medsrv_pubkey_t;
-
-/**
- * private data of medsrv_pubkey
- */
-struct private_medsrv_pubkey_t {
-
-       /**
-        * public functions
-        */
-       medsrv_pubkey_t public;
-       
-       /**
-        * wrapped public key
-        */
-       public_key_t *key;
-       
-       /**
-        * dummy issuer id, ID_ANY
-        */
-       identification_t *issuer;
-       
-       /**
-        * reference count
-        */
-       refcount_t ref;
-};
-
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_medsrv_pubkey_t *this)
-{
-       return CERT_TRUSTED_PUBKEY;
-}
-
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_medsrv_pubkey_t *this)
-{
-       return this->key->get_id(this->key, ID_PUBKEY_SHA1);
-}
-
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_medsrv_pubkey_t *this)
-{
-       return this->issuer;
-}
-
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_medsrv_pubkey_t *this,
-                                                         identification_t *subject)
-{
-       identification_t *id;
-       
-       id = this->key->get_id(this->key, subject->get_type(subject));
-       if (id)
-       {
-               return id->matches(id, subject);
-       }
-       return ID_MATCH_NONE;   
-}
-
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_medsrv_pubkey_t *this,
-                                                        identification_t *issuer)
-{
-       return ID_MATCH_NONE;
-}
-
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_medsrv_pubkey_t *this, certificate_t *other)
-{
-       if (this == (private_medsrv_pubkey_t*)other)
-       {
-               return TRUE;
-       }
-       if (other->get_type(other) != CERT_TRUSTED_PUBKEY)
-       {
-               return FALSE;
-       }
-       return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_SHA1));
-}
-
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_medsrv_pubkey_t *this, certificate_t *issuer)
-{
-       return equals(this, issuer);
-}
-
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_medsrv_pubkey_t *this)
-{
-       this->key->get_ref(this->key);
-       return this->key;
-}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_medsrv_pubkey_t *this, time_t *when,
-                                                time_t *not_before, time_t *not_after)
-{
-       if (not_before)
-       {
-               *not_before = 0;
-       }
-       if (not_after)
-       {
-               *not_after = ~0;
-       }
-       return TRUE;
-}
-
-/**
- * Implementation of certificate_t.is_newer.
- */
-static bool is_newer(certificate_t *this, certificate_t *that)
-{
-       return FALSE;
-}
-       
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static chunk_t get_encoding(private_medsrv_pubkey_t *this)
-{
-       return this->key->get_encoding(this->key);
-}
-
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_medsrv_pubkey_t* get_ref(private_medsrv_pubkey_t *this)
-{
-       ref_get(&this->ref);
-       return this;
-}
-
-/**
- * Implementation of medsrv_pubkey_t.destroy
- */
-static void destroy(private_medsrv_pubkey_t *this)
-{
-       if (ref_put(&this->ref))
-       {
-               this->issuer->destroy(this->issuer);
-               this->key->destroy(this->key);
-               free(this);
-       }
-}
-
-/*
- * see header file
- */
-medsrv_pubkey_t *medsrv_pubkey_create(public_key_t *key)
-{
-       private_medsrv_pubkey_t *this = malloc_thing(private_medsrv_pubkey_t);
-       
-       this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
-       this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
-       this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
-       this->public.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
-       this->public.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
-       this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
-       this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
-       this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
-       this->public.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
-       this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
-       this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
-       this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
-       this->public.interface.destroy = (void (*)(certificate_t *this))destroy;
-       
-       this->ref = 1;
-       this->key = key;
-       this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty);
-       
-       return &this->public;
-}
-
diff --git a/src/charon/plugins/medsrv/medsrv_pubkey.h b/src/charon/plugins/medsrv/medsrv_pubkey.h
deleted file mode 100644 (file)
index fb831f3..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-/**
- * @defgroup medsrv_pubkey medsrv_pubkey
- * @{ @ingroup medsrv
- */
-
-#ifndef MEDSRV_PUBKEY_H_
-#define MEDSRV_PUBKEY_H_
-
-#include <credentials/keys/public_key.h>
-#include <credentials/certificates/certificate.h>
-
-typedef struct medsrv_pubkey_t medsrv_pubkey_t;
-
-/**
- * A trusted public key wrapped into certificate of type CERT_TRUSTED_PUBKEY.
- */
-struct medsrv_pubkey_t {
-
-       /**
-        * Implements certificate_t.
-        */
-       certificate_t interface;
-};
-
-/**
- * Create a wrapped public key instance using a public_key.
- *
- * The certifcate uses the public_key ID as subject.
- *
- * @param key          public key to wrap
- * @return                     public key implementing certificate interface
- */
-medsrv_pubkey_t *medsrv_pubkey_create(public_key_t *key);
-
-#endif /* MEDSRV_PUBKEY_H_ @}*/
index 801369e..001dc7d 100644 (file)
@@ -128,6 +128,10 @@ if USE_X509
   SUBDIRS += plugins/x509
 endif
 
+if USE_PUBKEY
+  SUBDIRS += plugins/pubkey
+endif
+
 if USE_CURL
   SUBDIRS += plugins/curl
 endif
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am
new file mode 100644 (file)
index 0000000..3d67f35
--- /dev/null
@@ -0,0 +1,11 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-pubkey.la
+
+libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
+  pubkey_cert.h pubkey_cert.c
+libstrongswan_pubkey_la_LDFLAGS = -module
+
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
new file mode 100644 (file)
index 0000000..63dffb4
--- /dev/null
@@ -0,0 +1,284 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "pubkey_cert.h"
+
+#include <debug.h>
+
+typedef struct private_pubkey_cert_t private_pubkey_cert_t;
+
+/**
+ * private data of pubkey_cert
+ */
+struct private_pubkey_cert_t {
+
+       /**
+        * public functions
+        */
+       pubkey_cert_t public;
+       
+       /**
+        * wrapped public key
+        */
+       public_key_t *key;
+       
+       /**
+        * dummy issuer id, ID_ANY
+        */
+       identification_t *issuer;
+       
+       /**
+        * reference count
+        */
+       refcount_t ref;
+};
+
+/**
+ * Implementation of certificate_t.get_type
+ */
+static certificate_type_t get_type(private_pubkey_cert_t *this)
+{
+       return CERT_TRUSTED_PUBKEY;
+}
+
+/**
+ * Implementation of certificate_t.get_subject
+ */
+static identification_t* get_subject(private_pubkey_cert_t *this)
+{
+       return this->key->get_id(this->key, ID_PUBKEY_SHA1);
+}
+
+/**
+ * Implementation of certificate_t.get_issuer
+ */
+static identification_t* get_issuer(private_pubkey_cert_t *this)
+{
+       return this->issuer;
+}
+
+/**
+ * Implementation of certificate_t.has_subject.
+ */
+static id_match_t has_subject(private_pubkey_cert_t *this,
+                                                         identification_t *subject)
+{
+       identification_t *id;
+       
+       id = this->key->get_id(this->key, subject->get_type(subject));
+       if (id)
+       {
+               return id->matches(id, subject);
+       }
+       return ID_MATCH_NONE;   
+}
+
+/**
+ * Implementation of certificate_t.has_subject.
+ */
+static id_match_t has_issuer(private_pubkey_cert_t *this,
+                                                        identification_t *issuer)
+{
+       return ID_MATCH_NONE;
+}
+
+/**
+ * Implementation of certificate_t.equals.
+ */
+static bool equals(private_pubkey_cert_t *this, certificate_t *other)
+{
+       if (this == (private_pubkey_cert_t*)other)
+       {
+               return TRUE;
+       }
+       if (other->get_type(other) != CERT_TRUSTED_PUBKEY)
+       {
+               return FALSE;
+       }
+       return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_SHA1));
+}
+
+/**
+ * Implementation of certificate_t.issued_by
+ */
+static bool issued_by(private_pubkey_cert_t *this, certificate_t *issuer)
+{
+       return equals(this, issuer);
+}
+
+/**
+ * Implementation of certificate_t.get_public_key
+ */
+static public_key_t* get_public_key(private_pubkey_cert_t *this)
+{
+       this->key->get_ref(this->key);
+       return this->key;
+}
+/**
+ * Implementation of certificate_t.get_validity.
+ */
+static bool get_validity(private_pubkey_cert_t *this, time_t *when,
+                                                time_t *not_before, time_t *not_after)
+{
+       if (not_before)
+       {
+               *not_before = 0;
+       }
+       if (not_after)
+       {
+               *not_after = ~0;
+       }
+       return TRUE;
+}
+
+/**
+ * Implementation of certificate_t.is_newer.
+ */
+static bool is_newer(certificate_t *this, certificate_t *that)
+{
+       return FALSE;
+}
+       
+/**
+ * Implementation of certificate_t.get_encoding.
+ */
+static chunk_t get_encoding(private_pubkey_cert_t *this)
+{
+       return this->key->get_encoding(this->key);
+}
+
+/**
+ * Implementation of certificate_t.get_ref
+ */
+static private_pubkey_cert_t* get_ref(private_pubkey_cert_t *this)
+{
+       ref_get(&this->ref);
+       return this;
+}
+
+/**
+ * Implementation of pubkey_cert_t.destroy
+ */
+static void destroy(private_pubkey_cert_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               this->issuer->destroy(this->issuer);
+               this->key->destroy(this->key);
+               free(this);
+       }
+}
+
+/*
+ * see header file
+ */
+static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
+{
+       private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t);
+       
+       this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
+       this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
+       this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
+       this->public.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
+       this->public.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
+       this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
+       this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
+       this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
+       this->public.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
+       this->public.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
+       this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
+       this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
+       this->public.interface.destroy = (void (*)(certificate_t *this))destroy;
+       
+       this->ref = 1;
+       this->key = key;
+       this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty);
+       
+       return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+/**
+ * Builder implementation for key loading
+ */
+struct private_builder_t {
+       /** implements the builder interface */
+       builder_t public;
+       /** loaded public key */
+       pubkey_cert_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static pubkey_cert_t *build(private_builder_t *this)
+{
+       pubkey_cert_t *key = this->key;
+       
+       free(this);
+       return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+       va_list args;
+       
+       if (this->key)
+       {
+               DBG1("ignoring surplus build part %N", builder_part_names, part);
+               return;
+       }
+       
+       switch (part)
+       {
+               case BUILD_PUBLIC_KEY:
+               {
+                       va_start(args, part);
+                       this->key = pubkey_cert_create(va_arg(args, public_key_t*));
+                       va_end(args);
+                       break;
+               }
+               default:
+                       DBG1("ignoring unsupported build part %N", builder_part_names, part);
+                       break;
+       }
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *pubkey_cert_builder(certificate_type_t type)
+{
+       private_builder_t *this;
+       
+       if (type != CERT_TRUSTED_PUBKEY)
+       {
+               return NULL;
+       }
+       
+       this = malloc_thing(private_builder_t);
+       
+       this->key = NULL;
+       this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+       this->public.build = (void*(*)(builder_t *this))build;
+       
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
new file mode 100644 (file)
index 0000000..71ffe50
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup pubkey_cert pubkey_cert
+ * @{ @ingroup certificates
+ */
+
+#ifndef PUBKEY_CERT_H_
+#define PUBKEY_CERT_H_
+
+#include <credentials/certificates/certificate.h>
+
+typedef struct pubkey_cert_t pubkey_cert_t;
+
+/**
+ * A trusted public key wrapped into certificate of type CERT_TRUSTED_PUBKEY.
+ */
+struct pubkey_cert_t {
+
+       /**
+        * Implements certificate_t.
+        */
+       certificate_t interface;
+};
+
+/**
+ * Create the builder for a trusted public key.
+ *
+ * The builders add() function takes BUILD_PUBLIC_KEY to enwrap.
+ *
+ * @param type         type of the certificate, must be CERT_pubkey_cert
+ * @return                     builder instance
+ */
+builder_t *pubkey_cert_builder(certificate_type_t type);
+
+#endif /* PUBKEY_CERT_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
new file mode 100644 (file)
index 0000000..77d2c86
--- /dev/null
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "pubkey_plugin.h"
+
+#include <library.h>
+#include "pubkey_cert.h"
+
+typedef struct private_pubkey_plugin_t private_pubkey_plugin_t;
+
+/**
+ * private data of pubkey_plugin
+ */
+struct private_pubkey_plugin_t {
+
+       /**
+        * public functions
+        */
+       pubkey_plugin_t public;
+};
+
+/**
+ * Implementation of pubkey_plugin_t.pubkeytroy
+ */
+static void destroy(private_pubkey_plugin_t *this)
+{
+       lib->creds->remove_builder(lib->creds,
+                                                          (builder_constructor_t)pubkey_cert_builder);
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+       private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t);
+       
+       this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+       lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+                                                       (builder_constructor_t)pubkey_cert_builder);
+
+       return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
new file mode 100644 (file)
index 0000000..64d0995
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pubkey_p pubkey
+ * @ingroup plugins
+ *
+ * @defgroup pubkey_plugin pubkey_plugin
+ * @{ @ingroup pubkey_p
+ */
+
+#ifndef PUBKEY_PLUGIN_H_
+#define PUBKEY_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct pubkey_plugin_t pubkey_plugin_t;
+
+/**
+ * Plugin implementing CERT_TRUSTED_PUBKEY certificate type.
+ */
+struct pubkey_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+/**
+ * Create a pubkey_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* PUBKEY_PLUGIN_H_ @}*/