removed local_credential_store
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 20 Jun 2006 05:57:52 +0000 (05:57 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 20 Jun 2006 05:57:52 +0000 (05:57 -0000)
src/charon/Makefile.am
src/charon/config/credentials/local_credential_store.c [deleted file]
src/charon/config/credentials/local_credential_store.h [deleted file]
src/charon/testing/Makefile.am

index e5779fe..ab0e802 100644 (file)
@@ -2,12 +2,13 @@ SUBDIRS = . testing
 ipsec_PROGRAMS = charon
 
 charon_SOURCES = \
-config/connections/connection.c config/connections/connection.h config/connections/local_connection_store.c \
-config/connections/connection_store.h config/connections/local_connection_store.h config/policies/policy.c \
-config/policies/policy.h config/policies/policy_store.h config/policies/local_policy_store.c \
-config/policies/local_policy_store.h config/credentials/local_credential_store.c \
-config/credentials/local_credential_store.h config/credentials/credential_store.h config/traffic_selector.c \
-config/traffic_selector.h config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
+config/connections/connection.c config/connections/connection.h \
+config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \
+config/policies/policy.c config/policies/policy.h \
+config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \
+config/credentials/credential_store.c config/credentials/credential_store.h \
+config/traffic_selector.c config/traffic_selector.h \
+config/proposal.c config/proposal.h config/configuration.c config/configuration.h \
 sa/states/state.c sa/states/state.h sa/states/ike_sa_init_requested.c sa/states/ike_sa_init_requested.h \
 sa/states/ike_sa_init_responded.c sa/states/ike_sa_established.c sa/states/ike_sa_established.h \
 sa/states/responder_init.c sa/states/responder_init.h sa/states/initiator_init.c sa/states/initiator_init.h \
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
deleted file mode 100644 (file)
index ab6eeca..0000000
+++ /dev/null
@@ -1,593 +0,0 @@
-/**
- * @file local_credential_store.c
- * 
- * @brief Implementation of local_credential_store_t.
- *  
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <sys/stat.h>
-#include <dirent.h>
-#include <string.h>
-
-#include "local_credential_store.h"
-
-#include <utils/lexparser.h>
-#include <utils/linked_list.h>
-#include <utils/logger_manager.h>
-#include <crypto/x509.h>
-#include <crypto/crl.h>
-
-#define PATH_BUF       256
-
-typedef struct private_local_credential_store_t private_local_credential_store_t;
-
-/**
- * Private data of an local_credential_store_t object
- */
-struct private_local_credential_store_t {
-
-       /**
-        * Public part
-        */
-       local_credential_store_t public;
-       
-       /**
-        * list of key_entry_t's with private keys
-        */
-       linked_list_t *private_keys;
-       
-       /**
-        * list of X.509 certificates with public keys
-        */
-       linked_list_t *certs;
-       
-       /**
-        * list of X.509 CA certificates with public keys
-        */
-       linked_list_t *ca_certs;
-
-       /**
-        * list of X.509 CRLs
-        */
-       linked_list_t *crls;
-
-       /**
-        * enforce strict crl policy
-        */
-       bool strict;
-
-       /**
-        * Assigned logger
-        */
-       logger_t *logger;
-};
-
-
-/**
- * Implementation of credential_store_t.get_shared_secret.
- */    
-static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *id, chunk_t *secret)
-{
-       return FAILED;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_public_key.
- */
-static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *id)
-{
-       rsa_public_key_t *found = NULL;
-
-       iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-
-       while (iterator->has_next(iterator))
-       {
-               x509_t *cert;
-
-               iterator->current(iterator, (void**)&cert);
-
-               if (id->equals(id, cert->get_subject(cert)) || cert->equals_subjectAltName(cert, id))
-               {
-                       found = cert->get_public_key(cert);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_private_key.
- */
-static rsa_private_key_t* get_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey)
-{
-       rsa_private_key_t *found = NULL;
-       rsa_private_key_t *current;
-
-       iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-
-               if (current->belongs_to(current, pubkey))
-               {
-                       found = current->clone(current);
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Implementation of credential_store_t.has_rsa_private_key.
- */
-static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey)
-{
-       bool found = FALSE;
-       rsa_private_key_t *current;
-
-       iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-
-       while (iterator->has_next(iterator))
-       {
-               iterator->current(iterator, (void**)&current);
-
-               if (current->belongs_to(current, pubkey))
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       return found;
-}
-
-/**
- * Add a unique certificate to a linked list
- */
-static x509_t* add_certificate(linked_list_t *certs, x509_t *cert)
-{
-       bool found = FALSE;
-
-       iterator_t *iterator = certs->create_iterator(certs, TRUE);
-
-       while (iterator->has_next(iterator))
-       {
-               x509_t *current_cert;
-
-               iterator->current(iterator, (void**)&current_cert);
-               if (cert->equals(cert, current_cert))
-               {
-                       found = TRUE;
-                       cert->destroy(cert);
-                       cert = current_cert;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (!found)
-       {
-               certs->insert_last(certs, (void*)cert);
-       }
-       return cert;
-}
-
-/**
- * Implements credential_store_t.add_end_certificate
- */
-static x509_t* add_end_certificate(private_local_credential_store_t *this, x509_t *cert)
-{
-       return add_certificate(this->certs, cert);
-}
-
-/**
- * Implements credential_store_t.add_ca_certificate
- */
-static x509_t* add_ca_certificate(private_local_credential_store_t *this, x509_t *cert)
-{
-       return add_certificate(this->ca_certs, cert);
-}
-
-/**
- * Implements credential_store_t.log_certificates
- */
-static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
-{
-       iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE);
-       
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 End Entity Certificates:");
-               logger->log(logger, CONTROL, "");
-       }
-       
-       while (iterator->has_next(iterator))
-       {
-               x509_t *cert;
-               bool has_key;
-               
-               iterator->current(iterator, (void**)&cert);
-               has_key = has_rsa_private_key(this, cert->get_public_key(cert));
-               cert->log_certificate(cert, logger, utc, has_key);
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implements credential_store_t.log_ca_certificates
- */
-static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc)
-{
-       iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE);
-
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 CA Certificates:");
-               logger->log(logger, CONTROL, "");
-       }
-
-       while (iterator->has_next(iterator))
-       {
-               x509_t *cert;
-
-               iterator->current(iterator, (void**)&cert);
-               cert->log_certificate(cert, logger, utc, FALSE);
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implements credential_store_t.log_crls
- */
-static void log_crls(private_local_credential_store_t *this, logger_t *logger, bool utc)
-{
-       iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE);
-
-       if (iterator->get_count(iterator))
-       {
-               logger->log(logger, CONTROL, "");
-               logger->log(logger, CONTROL, "List of X.509 CRLs:");
-               logger->log(logger, CONTROL, "");
-       }
-
-       while (iterator->has_next(iterator))
-       {
-               crl_t *crl;
-
-               iterator->current(iterator, (void**)&crl);
-               crl->log_crl(crl, logger, utc, this->strict);
-       }
-       iterator->destroy(iterator);
-}
-
-/**
- * Implements local_credential_store_t.load_ca_certificates
- */
-static void load_ca_certificates(private_local_credential_store_t *this, const char *path)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-       x509_t *cert;
-       
-       this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", path);
-
-       dir = opendir(path);
-       if (dir == NULL)
-       {
-               this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", path);
-               return;
-       }
-
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       cert = x509_create_from_file(file, "ca certificate");
-                       if (cert)
-                       {
-                               err_t ugh = cert->is_valid(cert, NULL);
-
-                               if (ugh != NULL)        
-                               {
-                                       this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh);
-                               }
-                               if (cert->is_ca(cert))
-                               {
-                                       cert = add_certificate(this->ca_certs, cert);
-                               }
-                               else
-                               {
-                                       this->logger->log(this->logger, ERROR,
-                                                       "  CA basic constraints flag not set, cert discarded");
-                                       cert->destroy(cert);
-                               }
-                       }
-               }
-       }
-       closedir(dir);
-}
-
-/**
- * Add the latest crl to a linked list
- */
-static crl_t* add_crl(linked_list_t *crls, crl_t *crl)
-{
-       bool found = FALSE;
-
-       iterator_t *iterator = crls->create_iterator(crls, TRUE);
-
-       while (iterator->has_next(iterator))
-       {
-               crl_t *current_crl;
-
-               iterator->current(iterator, (void**)&current_crl);
-               if (crl->equals_issuer(crl, current_crl))
-               {
-                       found = TRUE;
-                       crl->destroy(crl);
-                       crl = current_crl;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-
-       if (!found)
-       {
-               crls->insert_last(crls, (void*)crl);
-       }
-       return crl;
-}
-
-/**
- * Implements local_credential_store_t.load_crls
- */
-static void load_crls(private_local_credential_store_t *this, const char *path)
-{
-       struct dirent* entry;
-       struct stat stb;
-       DIR* dir;
-       crl_t *crl;
-       
-       this->logger->log(this->logger, CONTROL, "loading crls from '%s/'", path);
-
-       dir = opendir(path);
-       if (dir == NULL)
-       {
-               this->logger->log(this->logger, ERROR, "error opening crl directory %s'", path);
-               return;
-       }
-
-       while ((entry = readdir(dir)) != NULL)
-       {
-               char file[PATH_BUF];
-
-               snprintf(file, sizeof(file), "%s/%s", path, entry->d_name);
-               
-               if (stat(file, &stb) == -1)
-               {
-                       continue;
-               }
-               /* try to parse all regular files */
-               if (stb.st_mode & S_IFREG)
-               {
-                       crl = crl_create_from_file(file);
-                       if (crl)
-                       {
-                               err_t ugh = crl->is_valid(crl, NULL, this->strict);
-
-                               if (ugh != NULL)        
-                               {
-                                       this->logger->log(this->logger, ERROR, "warning: crl %s", ugh);
-                               }
-                               crl = add_crl(this->crls, crl);
-                       }
-               }
-       }
-       closedir(dir);
-}
-
-/**
- * Implements local_credential_store_t.load_private_keys
- */
-static void load_private_keys(private_local_credential_store_t *this, const char *secretsfile, const char *defaultpath)
-{
-       FILE *fd = fopen(secretsfile, "r");
-
-       if (fd)
-       {
-               int bytes;
-               int line_nr = 0;
-       chunk_t chunk, src, line;
-
-               this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", secretsfile);
-
-               fseek(fd, 0, SEEK_END);
-               chunk.len = ftell(fd);
-               rewind(fd);
-               chunk.ptr = malloc(chunk.len);
-               bytes = fread(chunk.ptr, 1, chunk.len, fd);
-               fclose(fd);
-
-               src = chunk;
-
-               while (fetchline(&src, &line))
-               {
-                       chunk_t ids, token;
-
-                       line_nr++;
-
-                       if (!eat_whitespace(&line))
-                       {
-                               continue;
-                       }
-                       if (!extract_token(&ids, ':', &line))
-                       {
-                               this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr);
-                               goto error;
-                       }
-                       if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line))
-                       {
-                               this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr);
-                               goto error;
-                       }
-                       if (match("RSA", &token))
-                       {
-                               char path[PATH_BUF];
-                               chunk_t filename;
-
-                               err_t ugh = extract_value(&filename, &line);
-
-                               if (ugh != NULL)
-                               {
-                                       this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh);
-                                       goto error;
-                               }
-                               if (filename.len == 0)
-                               {
-                                       this->logger->log(this->logger, ERROR,
-                                               "line %d: empty filename", line_nr);
-                                       goto error;
-                               }
-                               if (*filename.ptr == '/')
-                               {
-                                       /* absolute path name */
-                                       snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr);
-                               }
-                               else
-                               {
-                                       /* relative path name */
-                                       snprintf(path, sizeof(path), "%s/%.*s", defaultpath, filename.len, filename.ptr);
-                               }
-
-                               rsa_private_key_t *key = rsa_private_key_create_from_file(path, NULL);
-                               if (key)
-                               {
-                                       this->private_keys->insert_last(this->private_keys, (void*)key);
-                               }
-                       }
-                       else if (match("PSK", &token))
-                       {
-
-                       }
-                       else if (match("PIN", &token))
-                       {
-
-                       }
-                       else
-                       {
-                               this->logger->log(this->logger, ERROR,
-                                        "line %d: token must be either RSA, PSK, or PIN",
-                                         line_nr, token.len);
-                               goto error;
-                       }
-               }
-error:
-               free(chunk.ptr);
-       }
-       else
-       {
-               this->logger->log(this->logger, ERROR, "could not open file '%s'", secretsfile);
-       }
-}
-
-/**
- * Implementation of credential_store_t.destroy.
- */
-static void destroy(private_local_credential_store_t *this)
-{
-       x509_t *cert;
-       crl_t *crl;
-       rsa_private_key_t *key;
-       
-       /* destroy cert list */
-       while (this->certs->remove_last(this->certs, (void**)&cert) == SUCCESS)
-       {
-               cert->destroy(cert);
-       }
-       this->certs->destroy(this->certs);
-
-       /* destroy ca cert list */
-       while (this->ca_certs->remove_last(this->ca_certs, (void**)&cert) == SUCCESS)
-       {
-               cert->destroy(cert);
-       }
-       this->ca_certs->destroy(this->ca_certs);
-
-       /* destroy crl list */
-       while (this->crls->remove_last(this->crls, (void**)&crl) == SUCCESS)
-       {
-               crl->destroy(crl);
-       }
-       this->crls->destroy(this->crls);
-
-    /* destroy private key list */
-       while (this->private_keys->remove_last(this->private_keys, (void**)&key) == SUCCESS)
-       {
-               key->destroy(key);
-       }
-       this->private_keys->destroy(this->private_keys);
-
-       free(this);
-}
-
-/**
- * Described in header.
- */
-local_credential_store_t * local_credential_store_create(bool strict)
-{
-       private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t);
-
-       this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
-       this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,rsa_public_key_t*))get_rsa_private_key;
-       this->public.credential_store.has_rsa_private_key = (bool(*)(credential_store_t*,rsa_public_key_t*))has_rsa_private_key;
-       this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key;
-       this->public.credential_store.add_end_certificate = (x509_t*(*)(credential_store_t*,x509_t*))add_end_certificate;
-       this->public.credential_store.add_ca_certificate = (x509_t*(*)(credential_store_t*,x509_t*))add_ca_certificate;
-       this->public.credential_store.log_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_certificates;
-       this->public.credential_store.log_ca_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_ca_certificates;
-       this->public.credential_store.log_crls = (void(*)(credential_store_t*,logger_t*,bool))log_crls;
-       this->public.load_ca_certificates = (void(*)(local_credential_store_t*,const char*))load_ca_certificates;
-       this->public.load_crls = (void(*)(local_credential_store_t*,const char*))load_crls;
-       this->public.load_private_keys = (void(*)(local_credential_store_t*,const char*, const char*))load_private_keys;
-       this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy;
-       
-       /* private variables */
-       this->private_keys = linked_list_create();
-       this->certs = linked_list_create();
-       this->ca_certs = linked_list_create();
-       this->crls = linked_list_create();
-       this->strict = strict;
-       this->logger = logger_manager->get_logger(logger_manager, CONFIG);
-
-       return (&this->public);
-}
diff --git a/src/charon/config/credentials/local_credential_store.h b/src/charon/config/credentials/local_credential_store.h
deleted file mode 100644 (file)
index be2128a..0000000
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * @file local_credential_store.h
- *
- * @brief Interface of local_credential_store_t.
- *
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-#ifndef LOCAL_CREDENTIAL_H_
-#define LOCAL_CREDENTIAL_H_
-
-#include <types.h>
-#include <config/credentials/credential_store.h>
-
-
-typedef struct local_credential_store_t local_credential_store_t;
-
-/**
- * @brief A credential_store_t implementation using simple credentail lists.
- *
- * The local_credential_store_t class implements the credential_store_t interface
- * as simple as possible. The credentials are stored in lists, and can be loaded
- * from folders.
- * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND.
- *
- * @b Constructors:
- *  - local_credential_store_create(bool strict)
- * 
- * @ingroup config
- */
-struct local_credential_store_t {
-       
-       /**
-        * Implements credential_store_t interface
-        */
-       credential_store_t credential_store;
-       
-       /**
-        * @brief Loads trusted CA certificates from a default directory.
-        *
-        * Certificates in both DER and PEM format are accepted
-        *
-        * @param this          calling object
-        * @param path          directory to load certificates from
-        */
-       void (*load_ca_certificates) (local_credential_store_t *this, const char *path);
-       
-       /**
-        * @brief Loads CRLs from a default directory.
-        *
-        * Certificates in both DER and PEM format are accepted
-        *
-        * @param this          calling object
-        * @param path          directory to load crls from 
-        */
-       void (*load_crls) (local_credential_store_t *this, const char *path);
-       
-       /**
-        * @brief Loads RSA private keys defined in ipsec.secrets
-        * 
-        * Currently, all keys must be unencrypted in either DER or PEM format.
-        * Other formats are ignored. Further, a certificate for the specific private
-        * key must already be loaded to get the ID from.
-        * 
-        * @param this                  calling object
-        * @param secretsfile   file where secrets are stored
-        * @param path                  default directory for private keys
-        */
-       void (*load_private_keys) (local_credential_store_t *this, const char *secretsfile, const char *path);
-};
-
-/**
- * @brief Creates a local_credential_store_t instance.
- *
- * @param  strict              enforce a strict crl policy
- * @return                             credential store instance.
- * 
- * @ingroup config
- */
-local_credential_store_t *local_credential_store_create(bool strict);
-
-#endif /* LOCAL_CREDENTIAL_H_ */
index 32f80d2..31c883b 100644 (file)
@@ -16,7 +16,7 @@ rsa_test.h generator_test.h aes_cbc_crypter_test.h send_queue_test.c
 
 testing_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp -lpthread \
 $(top_srcdir)/src/charon/connection.o $(top_srcdir)/src/charon/local_connection_store.o $(top_srcdir)/src/charon/policy.o \
-$(top_srcdir)/src/charon/local_policy_store.o $(top_srcdir)/src/charon/local_credential_store.o $(top_srcdir)/src/charon/traffic_selector.o \
+$(top_srcdir)/src/charon/local_policy_store.o $(top_srcdir)/src/charon/credential_store.o $(top_srcdir)/src/charon/traffic_selector.o \
 $(top_srcdir)/src/charon/proposal.o $(top_srcdir)/src/charon/configuration.o $(top_srcdir)/src/charon/state.o $(top_srcdir)/src/charon/ike_sa_init_requested.o \
 $(top_srcdir)/src/charon/ike_sa_init_responded.o $(top_srcdir)/src/charon/ike_sa_established.o $(top_srcdir)/src/charon/responder_init.o \
 $(top_srcdir)/src/charon/initiator_init.o $(top_srcdir)/src/charon/ike_auth_requested.o $(top_srcdir)/src/charon/delete_ike_sa_requested.o \