Load certificates from global suite configuration file
authorMartin Willi <martin@revosec.ch>
Thu, 21 Oct 2010 14:36:40 +0000 (16:36 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:45:40 +0000 (16:45 +0100)
src/conftest/conftest.c
src/conftest/conftest.h

index 45da34b..777cf68 100644 (file)
@@ -18,6 +18,7 @@
 #include <errno.h>
 #include <signal.h>
 #include <getopt.h>
+#include <libgen.h>
 
 #include "conftest.h"
 
@@ -57,7 +58,7 @@ static void usage(char *error)
  */
 static void segv_handler(int signal)
 {
-       fprintf(stderr, "thread %u received %d", thread_current_id(), signal);
+       fprintf(stderr, "thread %u received %d\n", thread_current_id(), signal);
        abort();
 }
 
@@ -85,6 +86,63 @@ static bool load_configs(char *suite_file, char *test_file)
        }
        conftest->suite = settings_create(suite_file);
        conftest->test = settings_create(test_file);
+       suite_file = dirname(suite_file);
+       test_file = dirname(test_file);
+       conftest->suite_dir = strdup(suite_file);
+       conftest->test_dir = strdup(test_file);
+       return TRUE;
+}
+
+/**
+ * Load certificates from the confiuguration file
+ */
+static bool load_certs()
+{
+       enumerator_t *enumerator;
+       char *key, *value;
+       certificate_t *cert;
+
+       if (chdir(conftest->suite_dir) != 0)
+       {
+               fprintf(stderr, "opening suite directory '%s' failed",
+                               conftest->suite_dir);
+               return FALSE;
+       }
+
+       enumerator = conftest->suite->create_key_value_enumerator(
+                                                                                       conftest->suite, "certs.trusted");
+       while (enumerator->enumerate(enumerator, &key, &value))
+       {
+               cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                                                                 BUILD_FROM_FILE, value, BUILD_END);
+               if (!cert)
+               {
+                       fprintf(stderr, "loading trusted certificate "
+                                       "'%s' from '%s' failed\n", key, value);
+                       enumerator->destroy(enumerator);
+                       return FALSE;
+               }
+               conftest->creds->add_cert(conftest->creds, TRUE, cert);
+       }
+       enumerator->destroy(enumerator);
+
+       enumerator = conftest->suite->create_key_value_enumerator(
+                                                                                       conftest->suite, "certs.untrusted");
+       while (enumerator->enumerate(enumerator, &key, &value))
+       {
+               cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                                                                 BUILD_FROM_FILE, value, BUILD_END);
+               if (!cert)
+               {
+                       fprintf(stderr, "loading untrusted certificate "
+                                       "'%s' from '%s' failed\n", key, value);
+                       enumerator->destroy(enumerator);
+                       return FALSE;
+               }
+               conftest->creds->add_cert(conftest->creds, FALSE, cert);
+       }
+       enumerator->destroy(enumerator);
+
        return TRUE;
 }
 
@@ -95,6 +153,10 @@ static void cleanup()
 {
        DESTROY_IF(conftest->suite);
        DESTROY_IF(conftest->test);
+       lib->credmgr->remove_set(lib->credmgr, &conftest->creds->set);
+       conftest->creds->destroy(conftest->creds);
+       free(conftest->suite_dir);
+       free(conftest->test_dir);
        free(conftest);
        libcharon_deinit();
        libhydra_deinit();
@@ -133,12 +195,16 @@ int main(int argc, char *argv[])
        }
 
        INIT(conftest,
+               .creds = mem_cred_create(),
        );
        logger = file_logger_create(stdout, NULL, FALSE);
        logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
        charon->bus->add_listener(charon->bus, &logger->listener);
        charon->file_loggers->insert_last(charon->file_loggers, logger);
 
+       lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
+       conftest->hooks = linked_list_create();
+
        atexit(cleanup);
 
        while (TRUE)
@@ -177,11 +243,14 @@ int main(int argc, char *argv[])
        {
                return 1;
        }
-
        if (!charon->initialize(charon))
        {
                return 1;
        }
+       if (!load_certs(suite_file))
+       {
+               return 1;
+       }
 
        /* set up thread specific handlers */
        action.sa_handler = segv_handler;
index f318fd9..22d3deb 100644 (file)
@@ -23,6 +23,7 @@
 #include <library.h>
 #include <hydra.h>
 #include <daemon.h>
+#include <credentials/sets/mem_cred.h>
 
 typedef struct conftest_t conftest_t;
 
@@ -40,6 +41,21 @@ struct conftest_t {
         * Test specific configuration
         */
        settings_t *test;
+
+       /**
+        * Directory containing suite files
+        */
+       char *suite_dir;
+
+       /**
+        * Directory containing test files
+        */
+       char *test_dir;
+
+       /**
+        * Credentials loaded from configuration
+        */
+       mem_cred_t *creds;
 };
 
 /**