From: Andreas Steffen Date: Tue, 20 Jun 2006 05:57:52 +0000 (-0000) Subject: removed local_credential_store X-Git-Tag: 4.0.1~11 X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=db959e6ea364122140f5531958f59b096356d764 removed local_credential_store --- diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index e5779fe..ab0e802 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -2,12 +2,13 @@ SUBDIRS = . testing ipsec_PROGRAMS = charon charon_SOURCES = \ -config/connections/connection.c config/connections/connection.h config/connections/local_connection_store.c \ -config/connections/connection_store.h config/connections/local_connection_store.h config/policies/policy.c \ -config/policies/policy.h config/policies/policy_store.h config/policies/local_policy_store.c \ -config/policies/local_policy_store.h config/credentials/local_credential_store.c \ -config/credentials/local_credential_store.h config/credentials/credential_store.h config/traffic_selector.c \ -config/traffic_selector.h config/proposal.c config/proposal.h config/configuration.c config/configuration.h \ +config/connections/connection.c config/connections/connection.h \ +config/connections/local_connection_store.c config/connections/local_connection_store.h config/connections/connection_store.h \ +config/policies/policy.c config/policies/policy.h \ +config/policies/local_policy_store.c config/policies/policy_store.h config/policies/local_policy_store.h \ +config/credentials/credential_store.c config/credentials/credential_store.h \ +config/traffic_selector.c config/traffic_selector.h \ +config/proposal.c config/proposal.h config/configuration.c config/configuration.h \ sa/states/state.c sa/states/state.h sa/states/ike_sa_init_requested.c sa/states/ike_sa_init_requested.h \ sa/states/ike_sa_init_responded.c sa/states/ike_sa_established.c sa/states/ike_sa_established.h \ sa/states/responder_init.c sa/states/responder_init.h sa/states/initiator_init.c sa/states/initiator_init.h \ diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c deleted file mode 100644 index ab6eeca..0000000 --- a/src/charon/config/credentials/local_credential_store.c +++ /dev/null @@ -1,593 +0,0 @@ -/** - * @file local_credential_store.c - * - * @brief Implementation of local_credential_store_t. - * - */ - -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include - -#include "local_credential_store.h" - -#include -#include -#include -#include -#include - -#define PATH_BUF 256 - -typedef struct private_local_credential_store_t private_local_credential_store_t; - -/** - * Private data of an local_credential_store_t object - */ -struct private_local_credential_store_t { - - /** - * Public part - */ - local_credential_store_t public; - - /** - * list of key_entry_t's with private keys - */ - linked_list_t *private_keys; - - /** - * list of X.509 certificates with public keys - */ - linked_list_t *certs; - - /** - * list of X.509 CA certificates with public keys - */ - linked_list_t *ca_certs; - - /** - * list of X.509 CRLs - */ - linked_list_t *crls; - - /** - * enforce strict crl policy - */ - bool strict; - - /** - * Assigned logger - */ - logger_t *logger; -}; - - -/** - * Implementation of credential_store_t.get_shared_secret. - */ -static status_t get_shared_secret(private_local_credential_store_t *this, identification_t *id, chunk_t *secret) -{ - return FAILED; -} - -/** - * Implementation of credential_store_t.get_rsa_public_key. - */ -static rsa_public_key_t * get_rsa_public_key(private_local_credential_store_t *this, identification_t *id) -{ - rsa_public_key_t *found = NULL; - - iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE); - - while (iterator->has_next(iterator)) - { - x509_t *cert; - - iterator->current(iterator, (void**)&cert); - - if (id->equals(id, cert->get_subject(cert)) || cert->equals_subjectAltName(cert, id)) - { - found = cert->get_public_key(cert); - break; - } - } - iterator->destroy(iterator); - return found; -} - -/** - * Implementation of credential_store_t.get_rsa_private_key. - */ -static rsa_private_key_t* get_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey) -{ - rsa_private_key_t *found = NULL; - rsa_private_key_t *current; - - iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE); - - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)¤t); - - if (current->belongs_to(current, pubkey)) - { - found = current->clone(current); - break; - } - } - iterator->destroy(iterator); - return found; -} - -/** - * Implementation of credential_store_t.has_rsa_private_key. - */ -static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_public_key_t *pubkey) -{ - bool found = FALSE; - rsa_private_key_t *current; - - iterator_t *iterator = this->private_keys->create_iterator(this->private_keys, TRUE); - - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)¤t); - - if (current->belongs_to(current, pubkey)) - { - found = TRUE; - break; - } - } - iterator->destroy(iterator); - return found; -} - -/** - * Add a unique certificate to a linked list - */ -static x509_t* add_certificate(linked_list_t *certs, x509_t *cert) -{ - bool found = FALSE; - - iterator_t *iterator = certs->create_iterator(certs, TRUE); - - while (iterator->has_next(iterator)) - { - x509_t *current_cert; - - iterator->current(iterator, (void**)¤t_cert); - if (cert->equals(cert, current_cert)) - { - found = TRUE; - cert->destroy(cert); - cert = current_cert; - break; - } - } - iterator->destroy(iterator); - - if (!found) - { - certs->insert_last(certs, (void*)cert); - } - return cert; -} - -/** - * Implements credential_store_t.add_end_certificate - */ -static x509_t* add_end_certificate(private_local_credential_store_t *this, x509_t *cert) -{ - return add_certificate(this->certs, cert); -} - -/** - * Implements credential_store_t.add_ca_certificate - */ -static x509_t* add_ca_certificate(private_local_credential_store_t *this, x509_t *cert) -{ - return add_certificate(this->ca_certs, cert); -} - -/** - * Implements credential_store_t.log_certificates - */ -static void log_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc) -{ - iterator_t *iterator = this->certs->create_iterator(this->certs, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 End Entity Certificates:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - x509_t *cert; - bool has_key; - - iterator->current(iterator, (void**)&cert); - has_key = has_rsa_private_key(this, cert->get_public_key(cert)); - cert->log_certificate(cert, logger, utc, has_key); - } - iterator->destroy(iterator); -} - -/** - * Implements credential_store_t.log_ca_certificates - */ -static void log_ca_certificates(private_local_credential_store_t *this, logger_t *logger, bool utc) -{ - iterator_t *iterator = this->ca_certs->create_iterator(this->ca_certs, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 CA Certificates:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - x509_t *cert; - - iterator->current(iterator, (void**)&cert); - cert->log_certificate(cert, logger, utc, FALSE); - } - iterator->destroy(iterator); -} - -/** - * Implements credential_store_t.log_crls - */ -static void log_crls(private_local_credential_store_t *this, logger_t *logger, bool utc) -{ - iterator_t *iterator = this->crls->create_iterator(this->crls, TRUE); - - if (iterator->get_count(iterator)) - { - logger->log(logger, CONTROL, ""); - logger->log(logger, CONTROL, "List of X.509 CRLs:"); - logger->log(logger, CONTROL, ""); - } - - while (iterator->has_next(iterator)) - { - crl_t *crl; - - iterator->current(iterator, (void**)&crl); - crl->log_crl(crl, logger, utc, this->strict); - } - iterator->destroy(iterator); -} - -/** - * Implements local_credential_store_t.load_ca_certificates - */ -static void load_ca_certificates(private_local_credential_store_t *this, const char *path) -{ - struct dirent* entry; - struct stat stb; - DIR* dir; - x509_t *cert; - - this->logger->log(this->logger, CONTROL, "loading ca certificates from '%s/'", path); - - dir = opendir(path); - if (dir == NULL) - { - this->logger->log(this->logger, ERROR, "error opening ca certs directory %s'", path); - return; - } - - while ((entry = readdir(dir)) != NULL) - { - char file[PATH_BUF]; - - snprintf(file, sizeof(file), "%s/%s", path, entry->d_name); - - if (stat(file, &stb) == -1) - { - continue; - } - /* try to parse all regular files */ - if (stb.st_mode & S_IFREG) - { - cert = x509_create_from_file(file, "ca certificate"); - if (cert) - { - err_t ugh = cert->is_valid(cert, NULL); - - if (ugh != NULL) - { - this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh); - } - if (cert->is_ca(cert)) - { - cert = add_certificate(this->ca_certs, cert); - } - else - { - this->logger->log(this->logger, ERROR, - " CA basic constraints flag not set, cert discarded"); - cert->destroy(cert); - } - } - } - } - closedir(dir); -} - -/** - * Add the latest crl to a linked list - */ -static crl_t* add_crl(linked_list_t *crls, crl_t *crl) -{ - bool found = FALSE; - - iterator_t *iterator = crls->create_iterator(crls, TRUE); - - while (iterator->has_next(iterator)) - { - crl_t *current_crl; - - iterator->current(iterator, (void**)¤t_crl); - if (crl->equals_issuer(crl, current_crl)) - { - found = TRUE; - crl->destroy(crl); - crl = current_crl; - break; - } - } - iterator->destroy(iterator); - - if (!found) - { - crls->insert_last(crls, (void*)crl); - } - return crl; -} - -/** - * Implements local_credential_store_t.load_crls - */ -static void load_crls(private_local_credential_store_t *this, const char *path) -{ - struct dirent* entry; - struct stat stb; - DIR* dir; - crl_t *crl; - - this->logger->log(this->logger, CONTROL, "loading crls from '%s/'", path); - - dir = opendir(path); - if (dir == NULL) - { - this->logger->log(this->logger, ERROR, "error opening crl directory %s'", path); - return; - } - - while ((entry = readdir(dir)) != NULL) - { - char file[PATH_BUF]; - - snprintf(file, sizeof(file), "%s/%s", path, entry->d_name); - - if (stat(file, &stb) == -1) - { - continue; - } - /* try to parse all regular files */ - if (stb.st_mode & S_IFREG) - { - crl = crl_create_from_file(file); - if (crl) - { - err_t ugh = crl->is_valid(crl, NULL, this->strict); - - if (ugh != NULL) - { - this->logger->log(this->logger, ERROR, "warning: crl %s", ugh); - } - crl = add_crl(this->crls, crl); - } - } - } - closedir(dir); -} - -/** - * Implements local_credential_store_t.load_private_keys - */ -static void load_private_keys(private_local_credential_store_t *this, const char *secretsfile, const char *defaultpath) -{ - FILE *fd = fopen(secretsfile, "r"); - - if (fd) - { - int bytes; - int line_nr = 0; - chunk_t chunk, src, line; - - this->logger->log(this->logger, CONTROL, "loading secrets from \"%s\"", secretsfile); - - fseek(fd, 0, SEEK_END); - chunk.len = ftell(fd); - rewind(fd); - chunk.ptr = malloc(chunk.len); - bytes = fread(chunk.ptr, 1, chunk.len, fd); - fclose(fd); - - src = chunk; - - while (fetchline(&src, &line)) - { - chunk_t ids, token; - - line_nr++; - - if (!eat_whitespace(&line)) - { - continue; - } - if (!extract_token(&ids, ':', &line)) - { - this->logger->log(this->logger, ERROR, "line %d: missing ':' separator", line_nr); - goto error; - } - if (!eat_whitespace(&line) || !extract_token(&token, ' ', &line)) - { - this->logger->log(this->logger, ERROR, "line %d: missing token", line_nr); - goto error; - } - if (match("RSA", &token)) - { - char path[PATH_BUF]; - chunk_t filename; - - err_t ugh = extract_value(&filename, &line); - - if (ugh != NULL) - { - this->logger->log(this->logger, ERROR, "line %d: %s", line_nr, ugh); - goto error; - } - if (filename.len == 0) - { - this->logger->log(this->logger, ERROR, - "line %d: empty filename", line_nr); - goto error; - } - if (*filename.ptr == '/') - { - /* absolute path name */ - snprintf(path, sizeof(path), "%.*s", filename.len, filename.ptr); - } - else - { - /* relative path name */ - snprintf(path, sizeof(path), "%s/%.*s", defaultpath, filename.len, filename.ptr); - } - - rsa_private_key_t *key = rsa_private_key_create_from_file(path, NULL); - if (key) - { - this->private_keys->insert_last(this->private_keys, (void*)key); - } - } - else if (match("PSK", &token)) - { - - } - else if (match("PIN", &token)) - { - - } - else - { - this->logger->log(this->logger, ERROR, - "line %d: token must be either RSA, PSK, or PIN", - line_nr, token.len); - goto error; - } - } -error: - free(chunk.ptr); - } - else - { - this->logger->log(this->logger, ERROR, "could not open file '%s'", secretsfile); - } -} - -/** - * Implementation of credential_store_t.destroy. - */ -static void destroy(private_local_credential_store_t *this) -{ - x509_t *cert; - crl_t *crl; - rsa_private_key_t *key; - - /* destroy cert list */ - while (this->certs->remove_last(this->certs, (void**)&cert) == SUCCESS) - { - cert->destroy(cert); - } - this->certs->destroy(this->certs); - - /* destroy ca cert list */ - while (this->ca_certs->remove_last(this->ca_certs, (void**)&cert) == SUCCESS) - { - cert->destroy(cert); - } - this->ca_certs->destroy(this->ca_certs); - - /* destroy crl list */ - while (this->crls->remove_last(this->crls, (void**)&crl) == SUCCESS) - { - crl->destroy(crl); - } - this->crls->destroy(this->crls); - - /* destroy private key list */ - while (this->private_keys->remove_last(this->private_keys, (void**)&key) == SUCCESS) - { - key->destroy(key); - } - this->private_keys->destroy(this->private_keys); - - free(this); -} - -/** - * Described in header. - */ -local_credential_store_t * local_credential_store_create(bool strict) -{ - private_local_credential_store_t *this = malloc_thing(private_local_credential_store_t); - - this->public.credential_store.get_shared_secret = (status_t(*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret; - this->public.credential_store.get_rsa_private_key = (rsa_private_key_t*(*)(credential_store_t*,rsa_public_key_t*))get_rsa_private_key; - this->public.credential_store.has_rsa_private_key = (bool(*)(credential_store_t*,rsa_public_key_t*))has_rsa_private_key; - this->public.credential_store.get_rsa_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_rsa_public_key; - this->public.credential_store.add_end_certificate = (x509_t*(*)(credential_store_t*,x509_t*))add_end_certificate; - this->public.credential_store.add_ca_certificate = (x509_t*(*)(credential_store_t*,x509_t*))add_ca_certificate; - this->public.credential_store.log_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_certificates; - this->public.credential_store.log_ca_certificates = (void(*)(credential_store_t*,logger_t*,bool))log_ca_certificates; - this->public.credential_store.log_crls = (void(*)(credential_store_t*,logger_t*,bool))log_crls; - this->public.load_ca_certificates = (void(*)(local_credential_store_t*,const char*))load_ca_certificates; - this->public.load_crls = (void(*)(local_credential_store_t*,const char*))load_crls; - this->public.load_private_keys = (void(*)(local_credential_store_t*,const char*, const char*))load_private_keys; - this->public.credential_store.destroy = (void(*)(credential_store_t*))destroy; - - /* private variables */ - this->private_keys = linked_list_create(); - this->certs = linked_list_create(); - this->ca_certs = linked_list_create(); - this->crls = linked_list_create(); - this->strict = strict; - this->logger = logger_manager->get_logger(logger_manager, CONFIG); - - return (&this->public); -} diff --git a/src/charon/config/credentials/local_credential_store.h b/src/charon/config/credentials/local_credential_store.h deleted file mode 100644 index be2128a..0000000 --- a/src/charon/config/credentials/local_credential_store.h +++ /dev/null @@ -1,96 +0,0 @@ -/** - * @file local_credential_store.h - * - * @brief Interface of local_credential_store_t. - * - */ - -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef LOCAL_CREDENTIAL_H_ -#define LOCAL_CREDENTIAL_H_ - -#include -#include - - -typedef struct local_credential_store_t local_credential_store_t; - -/** - * @brief A credential_store_t implementation using simple credentail lists. - * - * The local_credential_store_t class implements the credential_store_t interface - * as simple as possible. The credentials are stored in lists, and can be loaded - * from folders. - * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND. - * - * @b Constructors: - * - local_credential_store_create(bool strict) - * - * @ingroup config - */ -struct local_credential_store_t { - - /** - * Implements credential_store_t interface - */ - credential_store_t credential_store; - - /** - * @brief Loads trusted CA certificates from a default directory. - * - * Certificates in both DER and PEM format are accepted - * - * @param this calling object - * @param path directory to load certificates from - */ - void (*load_ca_certificates) (local_credential_store_t *this, const char *path); - - /** - * @brief Loads CRLs from a default directory. - * - * Certificates in both DER and PEM format are accepted - * - * @param this calling object - * @param path directory to load crls from - */ - void (*load_crls) (local_credential_store_t *this, const char *path); - - /** - * @brief Loads RSA private keys defined in ipsec.secrets - * - * Currently, all keys must be unencrypted in either DER or PEM format. - * Other formats are ignored. Further, a certificate for the specific private - * key must already be loaded to get the ID from. - * - * @param this calling object - * @param secretsfile file where secrets are stored - * @param path default directory for private keys - */ - void (*load_private_keys) (local_credential_store_t *this, const char *secretsfile, const char *path); -}; - -/** - * @brief Creates a local_credential_store_t instance. - * - * @param strict enforce a strict crl policy - * @return credential store instance. - * - * @ingroup config - */ -local_credential_store_t *local_credential_store_create(bool strict); - -#endif /* LOCAL_CREDENTIAL_H_ */ diff --git a/src/charon/testing/Makefile.am b/src/charon/testing/Makefile.am index 32f80d2..31c883b 100644 --- a/src/charon/testing/Makefile.am +++ b/src/charon/testing/Makefile.am @@ -16,7 +16,7 @@ rsa_test.h generator_test.h aes_cbc_crypter_test.h send_queue_test.c testing_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp -lpthread \ $(top_srcdir)/src/charon/connection.o $(top_srcdir)/src/charon/local_connection_store.o $(top_srcdir)/src/charon/policy.o \ -$(top_srcdir)/src/charon/local_policy_store.o $(top_srcdir)/src/charon/local_credential_store.o $(top_srcdir)/src/charon/traffic_selector.o \ +$(top_srcdir)/src/charon/local_policy_store.o $(top_srcdir)/src/charon/credential_store.o $(top_srcdir)/src/charon/traffic_selector.o \ $(top_srcdir)/src/charon/proposal.o $(top_srcdir)/src/charon/configuration.o $(top_srcdir)/src/charon/state.o $(top_srcdir)/src/charon/ike_sa_init_requested.o \ $(top_srcdir)/src/charon/ike_sa_init_responded.o $(top_srcdir)/src/charon/ike_sa_established.o $(top_srcdir)/src/charon/responder_init.o \ $(top_srcdir)/src/charon/initiator_init.o $(top_srcdir)/src/charon/ike_auth_requested.o $(top_srcdir)/src/charon/delete_ike_sa_requested.o \