Annotation of embedaddon/strongswan/src/libcharon/plugins/load_tester/load_tester_creds.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "load_tester_creds.h"
! 17:
! 18: #include <time.h>
! 19: #include <sys/stat.h>
! 20:
! 21: #include <daemon.h>
! 22: #include <credentials/keys/shared_key.h>
! 23: #include <credentials/certificates/x509.h>
! 24: #include <utils/identification.h>
! 25:
! 26: typedef struct private_load_tester_creds_t private_load_tester_creds_t;
! 27:
! 28: /**
! 29: * Private data of an load_tester_creds_t object
! 30: */
! 31: struct private_load_tester_creds_t {
! 32: /**
! 33: * Public part
! 34: */
! 35: load_tester_creds_t public;
! 36:
! 37: /**
! 38: * Private key to create signatures
! 39: */
! 40: private_key_t *private;
! 41:
! 42: /**
! 43: * CA certificate, to issue/verify peer certificates
! 44: */
! 45: certificate_t *ca;
! 46:
! 47: /**
! 48: * Trusted CA certificates, including issuer CA
! 49: */
! 50: linked_list_t *cas;
! 51:
! 52: /**
! 53: * Digest algorithm to issue certificates
! 54: */
! 55: hash_algorithm_t digest;
! 56:
! 57: /**
! 58: * serial number to issue certificates
! 59: */
! 60: uint32_t serial;
! 61:
! 62: /**
! 63: * Preshared key for IKE
! 64: */
! 65: shared_key_t *psk;
! 66:
! 67: /**
! 68: * Password for EAP
! 69: */
! 70: shared_key_t *pwd;
! 71:
! 72: /**
! 73: * List of certificate distribution points to include in generated certs
! 74: */
! 75: linked_list_t *cdps;
! 76: };
! 77:
! 78: /**
! 79: * 1024-bit RSA key:
! 80: -----BEGIN RSA PRIVATE KEY-----
! 81: MIICXQIBAAKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8EVRLx
! 82: JEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZqBUEC
! 83: 7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQIDAQAB
! 84: AoGACVACtkxJf7VY2jWTPXwaQoy/uIqYfX3zhwI9i6eTbDlxCE+JDi/xzpKaWjLa
! 85: 99RmjvP0OPArWQB239ck03x7gAm2obutosGbqbKzJZS5cyIayzyW9djZDHBdt9Ho
! 86: quKB39aspWit3xPzkrr+QeIkiggtmBKALTBxTwxAU+P6euECQQD4IPdrzKbCrO79
! 87: LKvoPrQQtTjL6ogag9rI9n2ZuoK3/XVybh2byOXT8tA5G5jSz9Ac8XeVOsnH9gT5
! 88: 3WXeaLOFAkEA1vrm/hVSEasp5eATgQ7ig9CF+GGKqhTwXp/uOSl/h3IRmStu5J0C
! 89: 9AkYyx0bn3j5R8iUEX/C00KSE1kQNh4NOQJAVOsLYlRG2idPH0xThQc4nuM2jes1
! 90: K0Xm8ZISSDNhm1BeCoyPC4rExTW7d1/vfG5svgsRrvvQpOOYrl7MB0Lz9QJBALhg
! 91: AWJiyLsskEd90Vx7dpvUaEHo7jMGuEx/X6GYzK5Oj3dNP9NEMfc4IhJ5SWqRJ0KA
! 92: bTVA3MexLXT4iqXPSkkCQQDSjLhBwvEnSuW4ElIMzBwLbu7573z2gzU82Mj6trrw
! 93: Osoox/vmcepT1Wjy4AvPZHgxp7vEXNSeS+M5L29QNTp8
! 94: -----END RSA PRIVATE KEY-----
! 95: */
! 96: static char private[] = {
! 97: 0x30,0x82,0x02,0x5d,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xd0,0x5e,0xbe,0xe9,0xa0,
! 98: 0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,0xa4,0xf4,0x77,
! 99: 0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,0x55,0x12,0xf1,
! 100: 0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,0xda,0xee,0xa4,
! 101: 0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,0x90,0xea,0x4e,
! 102: 0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,0x05,0x41,0x02,
! 103: 0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,0x06,0xb8,0x94,
! 104: 0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,0xe4,0xc4,0x07,
! 105: 0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,0x01,0x00,0x01,
! 106: 0x02,0x81,0x80,0x09,0x50,0x02,0xb6,0x4c,0x49,0x7f,0xb5,0x58,0xda,0x35,0x93,0x3d,
! 107: 0x7c,0x1a,0x42,0x8c,0xbf,0xb8,0x8a,0x98,0x7d,0x7d,0xf3,0x87,0x02,0x3d,0x8b,0xa7,
! 108: 0x93,0x6c,0x39,0x71,0x08,0x4f,0x89,0x0e,0x2f,0xf1,0xce,0x92,0x9a,0x5a,0x32,0xda,
! 109: 0xf7,0xd4,0x66,0x8e,0xf3,0xf4,0x38,0xf0,0x2b,0x59,0x00,0x76,0xdf,0xd7,0x24,0xd3,
! 110: 0x7c,0x7b,0x80,0x09,0xb6,0xa1,0xbb,0xad,0xa2,0xc1,0x9b,0xa9,0xb2,0xb3,0x25,0x94,
! 111: 0xb9,0x73,0x22,0x1a,0xcb,0x3c,0x96,0xf5,0xd8,0xd9,0x0c,0x70,0x5d,0xb7,0xd1,0xe8,
! 112: 0xaa,0xe2,0x81,0xdf,0xd6,0xac,0xa5,0x68,0xad,0xdf,0x13,0xf3,0x92,0xba,0xfe,0x41,
! 113: 0xe2,0x24,0x8a,0x08,0x2d,0x98,0x12,0x80,0x2d,0x30,0x71,0x4f,0x0c,0x40,0x53,0xe3,
! 114: 0xfa,0x7a,0xe1,0x02,0x41,0x00,0xf8,0x20,0xf7,0x6b,0xcc,0xa6,0xc2,0xac,0xee,0xfd,
! 115: 0x2c,0xab,0xe8,0x3e,0xb4,0x10,0xb5,0x38,0xcb,0xea,0x88,0x1a,0x83,0xda,0xc8,0xf6,
! 116: 0x7d,0x99,0xba,0x82,0xb7,0xfd,0x75,0x72,0x6e,0x1d,0x9b,0xc8,0xe5,0xd3,0xf2,0xd0,
! 117: 0x39,0x1b,0x98,0xd2,0xcf,0xd0,0x1c,0xf1,0x77,0x95,0x3a,0xc9,0xc7,0xf6,0x04,0xf9,
! 118: 0xdd,0x65,0xde,0x68,0xb3,0x85,0x02,0x41,0x00,0xd6,0xfa,0xe6,0xfe,0x15,0x52,0x11,
! 119: 0xab,0x29,0xe5,0xe0,0x13,0x81,0x0e,0xe2,0x83,0xd0,0x85,0xf8,0x61,0x8a,0xaa,0x14,
! 120: 0xf0,0x5e,0x9f,0xee,0x39,0x29,0x7f,0x87,0x72,0x11,0x99,0x2b,0x6e,0xe4,0x9d,0x02,
! 121: 0xf4,0x09,0x18,0xcb,0x1d,0x1b,0x9f,0x78,0xf9,0x47,0xc8,0x94,0x11,0x7f,0xc2,0xd3,
! 122: 0x42,0x92,0x13,0x59,0x10,0x36,0x1e,0x0d,0x39,0x02,0x40,0x54,0xeb,0x0b,0x62,0x54,
! 123: 0x46,0xda,0x27,0x4f,0x1f,0x4c,0x53,0x85,0x07,0x38,0x9e,0xe3,0x36,0x8d,0xeb,0x35,
! 124: 0x2b,0x45,0xe6,0xf1,0x92,0x12,0x48,0x33,0x61,0x9b,0x50,0x5e,0x0a,0x8c,0x8f,0x0b,
! 125: 0x8a,0xc4,0xc5,0x35,0xbb,0x77,0x5f,0xef,0x7c,0x6e,0x6c,0xbe,0x0b,0x11,0xae,0xfb,
! 126: 0xd0,0xa4,0xe3,0x98,0xae,0x5e,0xcc,0x07,0x42,0xf3,0xf5,0x02,0x41,0x00,0xb8,0x60,
! 127: 0x01,0x62,0x62,0xc8,0xbb,0x2c,0x90,0x47,0x7d,0xd1,0x5c,0x7b,0x76,0x9b,0xd4,0x68,
! 128: 0x41,0xe8,0xee,0x33,0x06,0xb8,0x4c,0x7f,0x5f,0xa1,0x98,0xcc,0xae,0x4e,0x8f,0x77,
! 129: 0x4d,0x3f,0xd3,0x44,0x31,0xf7,0x38,0x22,0x12,0x79,0x49,0x6a,0x91,0x27,0x42,0x80,
! 130: 0x6d,0x35,0x40,0xdc,0xc7,0xb1,0x2d,0x74,0xf8,0x8a,0xa5,0xcf,0x4a,0x49,0x02,0x41,
! 131: 0x00,0xd2,0x8c,0xb8,0x41,0xc2,0xf1,0x27,0x4a,0xe5,0xb8,0x12,0x52,0x0c,0xcc,0x1c,
! 132: 0x0b,0x6e,0xee,0xf9,0xef,0x7c,0xf6,0x83,0x35,0x3c,0xd8,0xc8,0xfa,0xb6,0xba,0xf0,
! 133: 0x3a,0xca,0x28,0xc7,0xfb,0xe6,0x71,0xea,0x53,0xd5,0x68,0xf2,0xe0,0x0b,0xcf,0x64,
! 134: 0x78,0x31,0xa7,0xbb,0xc4,0x5c,0xd4,0x9e,0x4b,0xe3,0x39,0x2f,0x6f,0x50,0x35,0x3a,
! 135: 0x7c,
! 136: };
! 137:
! 138: /**
! 139: * And an associated self-signed CA certificate (note that the keyUsage
! 140: * extension has the digitalSignature bit set, which is not usually the case for
! 141: * CA certificates, so it can be used as end-entity certificate in load tests).
! 142: -----BEGIN CERTIFICATE-----
! 143: MIICJjCCAY+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA3MQwwCgYDVQQDEwNzcnYx
! 144: EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0xOTAy
! 145: MDgwODUyMjVaFw0yOTAyMDgwODUyMjVaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
! 146: CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
! 147: AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
! 148: VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
! 149: BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
! 150: AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4E
! 151: FgQUytOG/alLWTyyO6ElA3cGwIzkofYwDQYJKoZIhvcNAQELBQADgYEAIdCzmJAw
! 152: Cj6VaDacc7yOhZK61nGzNJml5NEeLzZkGzYvsIggL/Kb2v42fKYC5OunkZ1Nw3YY
! 153: 207LR7wrhS7pndHfRMny86RwJ4d6LmiwtgbzTAbm3HL/iENDiyiJfCTknTvzMj9O
! 154: kGfz0rGDkJqIxx0inxp84PWWR5lX84A9pNQ=
! 155: -----END CERTIFICATE-----
! 156: */
! 157: static char default_cert[] = {
! 158: 0x30,0x82,0x02,0x26,0x30,0x82,0x01,0x8f,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
! 159: 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,
! 160: 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
! 161: 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
! 162: 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
! 163: 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x31,0x39,0x30,0x32,
! 164: 0x30,0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x17,0x0d,0x32,0x39,0x30,0x32,0x30,
! 165: 0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
! 166: 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
! 167: 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
! 168: 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
! 169: 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
! 170: 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
! 171: 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
! 172: 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
! 173: 0x55,0x12,0xf1,0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,
! 174: 0xda,0xee,0xa4,0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,
! 175: 0x90,0xea,0x4e,0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,
! 176: 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
! 177: 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
! 178: 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
! 179: 0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
! 180: 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
! 181: 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,
! 182: 0x16,0x04,0x14,0xca,0xd3,0x86,0xfd,0xa9,0x4b,0x59,0x3c,0xb2,0x3b,0xa1,0x25,0x03,
! 183: 0x77,0x06,0xc0,0x8c,0xe4,0xa1,0xf6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
! 184: 0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x81,0x81,0x00,0x21,0xd0,0xb3,0x98,0x90,0x30,
! 185: 0x0a,0x3e,0x95,0x68,0x36,0x9c,0x73,0xbc,0x8e,0x85,0x92,0xba,0xd6,0x71,0xb3,0x34,
! 186: 0x99,0xa5,0xe4,0xd1,0x1e,0x2f,0x36,0x64,0x1b,0x36,0x2f,0xb0,0x88,0x20,0x2f,0xf2,
! 187: 0x9b,0xda,0xfe,0x36,0x7c,0xa6,0x02,0xe4,0xeb,0xa7,0x91,0x9d,0x4d,0xc3,0x76,0x18,
! 188: 0xdb,0x4e,0xcb,0x47,0xbc,0x2b,0x85,0x2e,0xe9,0x9d,0xd1,0xdf,0x44,0xc9,0xf2,0xf3,
! 189: 0xa4,0x70,0x27,0x87,0x7a,0x2e,0x68,0xb0,0xb6,0x06,0xf3,0x4c,0x06,0xe6,0xdc,0x72,
! 190: 0xff,0x88,0x43,0x43,0x8b,0x28,0x89,0x7c,0x24,0xe4,0x9d,0x3b,0xf3,0x32,0x3f,0x4e,
! 191: 0x90,0x67,0xf3,0xd2,0xb1,0x83,0x90,0x9a,0x88,0xc7,0x1d,0x22,0x9f,0x1a,0x7c,0xe0,
! 192: 0xf5,0x96,0x47,0x99,0x57,0xf3,0x80,0x3d,0xa4,0xd4,
! 193: };
! 194:
! 195: /**
! 196: * Default IKE preshared key
! 197: */
! 198: static char *default_psk = "default-psk";
! 199:
! 200: /**
! 201: * Default EAP password for EAP
! 202: */
! 203: static char *default_pwd = "default-pwd";
! 204:
! 205:
! 206: /**
! 207: * Load the private key, hard-coded or from a file
! 208: */
! 209: static private_key_t *load_issuer_key()
! 210: {
! 211: char *path;
! 212:
! 213: path = lib->settings->get_str(lib->settings,
! 214: "%s.plugins.load-tester.issuer_key", NULL, lib->ns);
! 215: if (!path)
! 216: {
! 217: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
! 218: BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
! 219: BUILD_END);
! 220: }
! 221: DBG1(DBG_CFG, "loading load-tester private key from '%s'", path);
! 222: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
! 223: BUILD_FROM_FILE, path, BUILD_END);
! 224: }
! 225:
! 226: /**
! 227: * Load the issuing certificate, hard-coded or from a file
! 228: */
! 229: static certificate_t *load_issuer_cert()
! 230: {
! 231: char *path;
! 232:
! 233: path = lib->settings->get_str(lib->settings,
! 234: "%s.plugins.load-tester.issuer_cert", NULL, lib->ns);
! 235: if (!path)
! 236: {
! 237: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
! 238: BUILD_BLOB_ASN1_DER,
! 239: chunk_create(default_cert, sizeof(default_cert)),
! 240: BUILD_X509_FLAG, X509_CA,
! 241: BUILD_END);
! 242: }
! 243: DBG1(DBG_CFG, "loading load-tester issuer cert from '%s'", path);
! 244: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
! 245: BUILD_FROM_FILE, path, BUILD_END);
! 246: }
! 247:
! 248: /**
! 249: * Load (intermediate) CA certificates, hard-coded or from a file
! 250: */
! 251: static void load_ca_certs(private_load_tester_creds_t *this)
! 252: {
! 253: enumerator_t *enumerator;
! 254: certificate_t *cert;
! 255: struct stat st;
! 256: char *path;
! 257:
! 258: path = lib->settings->get_str(lib->settings,
! 259: "%s.plugins.load-tester.ca_dir", NULL, lib->ns);
! 260: if (path)
! 261: {
! 262: enumerator = enumerator_create_directory(path);
! 263: if (enumerator)
! 264: {
! 265: while (enumerator->enumerate(enumerator, NULL, &path, &st))
! 266: {
! 267: if (S_ISREG(st.st_mode))
! 268: {
! 269: DBG1(DBG_CFG, "loading load-tester CA cert from '%s'", path);
! 270: cert = lib->creds->create(lib->creds,
! 271: CRED_CERTIFICATE, CERT_X509,
! 272: BUILD_FROM_FILE, path, BUILD_END);
! 273: if (cert)
! 274: {
! 275: this->cas->insert_last(this->cas, cert);
! 276: }
! 277: }
! 278: }
! 279: enumerator->destroy(enumerator);
! 280: }
! 281: }
! 282: }
! 283:
! 284: METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
! 285: private_load_tester_creds_t *this, key_type_t type, identification_t *id)
! 286: {
! 287: if (this->private == NULL)
! 288: {
! 289: return NULL;
! 290: }
! 291: if (type != KEY_ANY && type != KEY_RSA)
! 292: {
! 293: return NULL;
! 294: }
! 295: if (id)
! 296: {
! 297: if (!this->private->has_fingerprint(this->private, id->get_encoding(id)))
! 298: {
! 299: return NULL;
! 300: }
! 301: }
! 302: return enumerator_create_single(this->private, NULL);
! 303: }
! 304:
! 305: METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
! 306: private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key,
! 307: identification_t *id, bool trusted)
! 308: {
! 309: enumerator_t *enumerator;
! 310: certificate_t *peer_cert, *ca_cert;
! 311: public_key_t *peer_key, *ca_key;
! 312: identification_t *dn = NULL;
! 313: linked_list_t *sans;
! 314: char buf[128];
! 315: uint32_t serial;
! 316: time_t now;
! 317:
! 318: if (this->ca == NULL)
! 319: {
! 320: return NULL;
! 321: }
! 322: if (cert != CERT_ANY && cert != CERT_X509)
! 323: {
! 324: return NULL;
! 325: }
! 326: if (key != KEY_ANY && key != KEY_RSA)
! 327: {
! 328: return NULL;
! 329: }
! 330: if (!id)
! 331: {
! 332: return this->cas->create_enumerator(this->cas);
! 333: }
! 334: ca_key = this->ca->get_public_key(this->ca);
! 335: if (ca_key)
! 336: {
! 337: if (ca_key->has_fingerprint(ca_key, id->get_encoding(id)))
! 338: {
! 339: ca_key->destroy(ca_key);
! 340: return enumerator_create_single(this->ca, NULL);
! 341: }
! 342: ca_key->destroy(ca_key);
! 343: }
! 344: enumerator = this->cas->create_enumerator(this->cas);
! 345: while (enumerator->enumerate(enumerator, &ca_cert))
! 346: {
! 347: if (ca_cert->has_subject(ca_cert, id))
! 348: {
! 349: enumerator->destroy(enumerator);
! 350: return enumerator_create_single(ca_cert, NULL);
! 351: }
! 352: }
! 353: enumerator->destroy(enumerator);
! 354:
! 355: if (!trusted && this->private)
! 356: {
! 357: /* peer certificate, generate on demand */
! 358: serial = htonl(++this->serial);
! 359: now = time(NULL);
! 360: sans = linked_list_create();
! 361:
! 362: switch (id->get_type(id))
! 363: {
! 364: case ID_DER_ASN1_DN:
! 365: break;
! 366: case ID_FQDN:
! 367: case ID_RFC822_ADDR:
! 368: case ID_IPV4_ADDR:
! 369: case ID_IPV6_ADDR:
! 370: /* encode as subjectAltName, construct a sane DN */
! 371: sans->insert_last(sans, id);
! 372: snprintf(buf, sizeof(buf), "CN=%Y", id);
! 373: dn = identification_create_from_string(buf);
! 374: break;
! 375: default:
! 376: sans->destroy(sans);
! 377: return NULL;
! 378: }
! 379: peer_key = this->private->get_public_key(this->private);
! 380: peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
! 381: BUILD_SIGNING_KEY, this->private,
! 382: BUILD_SIGNING_CERT, this->ca,
! 383: BUILD_DIGEST_ALG, this->digest,
! 384: BUILD_PUBLIC_KEY, peer_key,
! 385: BUILD_SUBJECT, dn ?: id,
! 386: BUILD_SUBJECT_ALTNAMES, sans,
! 387: BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
! 388: BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
! 389: BUILD_SERIAL, chunk_from_thing(serial),
! 390: BUILD_CRL_DISTRIBUTION_POINTS, this->cdps,
! 391: BUILD_END);
! 392: peer_key->destroy(peer_key);
! 393: sans->destroy(sans);
! 394: DESTROY_IF(dn);
! 395: if (peer_cert)
! 396: {
! 397: return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
! 398: }
! 399: }
! 400: return NULL;
! 401: }
! 402:
! 403: CALLBACK(shared_filter, bool,
! 404: void *null, enumerator_t *orig, va_list args)
! 405: {
! 406: shared_key_t *key, **out;
! 407: id_match_t *me, *other;
! 408:
! 409: VA_ARGS_VGET(args, out, me, other);
! 410:
! 411: if (orig->enumerate(orig, &key))
! 412: {
! 413: *out = key;
! 414: if (me)
! 415: {
! 416: *me = ID_MATCH_ANY;
! 417: }
! 418: if (other)
! 419: {
! 420: *other = ID_MATCH_ANY;
! 421: }
! 422: return TRUE;
! 423: }
! 424: return FALSE;
! 425: }
! 426:
! 427: METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
! 428: private_load_tester_creds_t *this, shared_key_type_t type,
! 429: identification_t *me, identification_t *other)
! 430: {
! 431: shared_key_t *shared;
! 432:
! 433: switch (type)
! 434: {
! 435: case SHARED_IKE:
! 436: shared = this->psk;
! 437: break;
! 438: case SHARED_EAP:
! 439: shared = this->pwd;
! 440: break;
! 441: default:
! 442: return NULL;
! 443: }
! 444: return enumerator_create_filter(enumerator_create_single(shared, NULL),
! 445: shared_filter, NULL, NULL);
! 446: }
! 447:
! 448: METHOD(load_tester_creds_t, destroy, void,
! 449: private_load_tester_creds_t *this)
! 450: {
! 451: this->cas->destroy_offset(this->cas, offsetof(certificate_t, destroy));
! 452: DESTROY_IF(this->private);
! 453: DESTROY_IF(this->ca);
! 454: this->psk->destroy(this->psk);
! 455: this->pwd->destroy(this->pwd);
! 456: this->cdps->destroy_function(this->cdps, free);
! 457: free(this);
! 458: }
! 459:
! 460: load_tester_creds_t *load_tester_creds_create()
! 461: {
! 462: private_load_tester_creds_t *this;
! 463: char *pwd, *psk, *digest, *crl;
! 464:
! 465: psk = lib->settings->get_str(lib->settings,
! 466: "%s.plugins.load-tester.preshared_key", default_psk, lib->ns);
! 467: pwd = lib->settings->get_str(lib->settings,
! 468: "%s.plugins.load-tester.eap_password", default_pwd, lib->ns);
! 469: digest = lib->settings->get_str(lib->settings,
! 470: "%s.plugins.load-tester.digest", "sha1", lib->ns);
! 471: crl = lib->settings->get_str(lib->settings,
! 472: "%s.plugins.load-tester.crl", NULL, lib->ns);
! 473:
! 474: INIT(this,
! 475: .public = {
! 476: .credential_set = {
! 477: .create_shared_enumerator = _create_shared_enumerator,
! 478: .create_private_enumerator = _create_private_enumerator,
! 479: .create_cert_enumerator = _create_cert_enumerator,
! 480: .create_cdp_enumerator = (void*)return_null,
! 481: .cache_cert = (void*)nop,
! 482: },
! 483: .destroy = _destroy,
! 484: },
! 485: .private = load_issuer_key(),
! 486: .ca = load_issuer_cert(),
! 487: .cas = linked_list_create(),
! 488: .cdps = linked_list_create(),
! 489: .psk = shared_key_create(SHARED_IKE,
! 490: chunk_clone(chunk_create(psk, strlen(psk)))),
! 491: .pwd = shared_key_create(SHARED_EAP,
! 492: chunk_clone(chunk_create(pwd, strlen(pwd)))),
! 493: );
! 494:
! 495: if (this->ca)
! 496: {
! 497: this->cas->insert_last(this->cas, this->ca->get_ref(this->ca));
! 498: }
! 499:
! 500: if (!enum_from_name(hash_algorithm_short_names, digest, &this->digest))
! 501: {
! 502: DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest);
! 503: this->digest = HASH_SHA1;
! 504: }
! 505:
! 506: if (crl)
! 507: {
! 508: x509_cdp_t *cdp;
! 509:
! 510: INIT(cdp,
! 511: .uri = crl,
! 512: );
! 513: this->cdps->insert_last(this->cdps, cdp);
! 514: }
! 515:
! 516: load_ca_certs(this);
! 517:
! 518: return &this->public;
! 519: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>