Return to load_tester_creds.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / load_tester |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "load_tester_creds.h" 17: 18: #include <time.h> 19: #include <sys/stat.h> 20: 21: #include <daemon.h> 22: #include <credentials/keys/shared_key.h> 23: #include <credentials/certificates/x509.h> 24: #include <utils/identification.h> 25: 26: typedef struct private_load_tester_creds_t private_load_tester_creds_t; 27: 28: /** 29: * Private data of an load_tester_creds_t object 30: */ 31: struct private_load_tester_creds_t { 32: /** 33: * Public part 34: */ 35: load_tester_creds_t public; 36: 37: /** 38: * Private key to create signatures 39: */ 40: private_key_t *private; 41: 42: /** 43: * CA certificate, to issue/verify peer certificates 44: */ 45: certificate_t *ca; 46: 47: /** 48: * Trusted CA certificates, including issuer CA 49: */ 50: linked_list_t *cas; 51: 52: /** 53: * Digest algorithm to issue certificates 54: */ 55: hash_algorithm_t digest; 56: 57: /** 58: * serial number to issue certificates 59: */ 60: uint32_t serial; 61: 62: /** 63: * Preshared key for IKE 64: */ 65: shared_key_t *psk; 66: 67: /** 68: * Password for EAP 69: */ 70: shared_key_t *pwd; 71: 72: /** 73: * List of certificate distribution points to include in generated certs 74: */ 75: linked_list_t *cdps; 76: }; 77: 78: /** 79: * 1024-bit RSA key: 80: -----BEGIN RSA PRIVATE KEY----- 81: MIICXQIBAAKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8EVRLx 82: JEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZqBUEC 83: 7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQIDAQAB 84: AoGACVACtkxJf7VY2jWTPXwaQoy/uIqYfX3zhwI9i6eTbDlxCE+JDi/xzpKaWjLa 85: 99RmjvP0OPArWQB239ck03x7gAm2obutosGbqbKzJZS5cyIayzyW9djZDHBdt9Ho 86: quKB39aspWit3xPzkrr+QeIkiggtmBKALTBxTwxAU+P6euECQQD4IPdrzKbCrO79 87: LKvoPrQQtTjL6ogag9rI9n2ZuoK3/XVybh2byOXT8tA5G5jSz9Ac8XeVOsnH9gT5 88: 3WXeaLOFAkEA1vrm/hVSEasp5eATgQ7ig9CF+GGKqhTwXp/uOSl/h3IRmStu5J0C 89: 9AkYyx0bn3j5R8iUEX/C00KSE1kQNh4NOQJAVOsLYlRG2idPH0xThQc4nuM2jes1 90: K0Xm8ZISSDNhm1BeCoyPC4rExTW7d1/vfG5svgsRrvvQpOOYrl7MB0Lz9QJBALhg 91: AWJiyLsskEd90Vx7dpvUaEHo7jMGuEx/X6GYzK5Oj3dNP9NEMfc4IhJ5SWqRJ0KA 92: bTVA3MexLXT4iqXPSkkCQQDSjLhBwvEnSuW4ElIMzBwLbu7573z2gzU82Mj6trrw 93: Osoox/vmcepT1Wjy4AvPZHgxp7vEXNSeS+M5L29QNTp8 94: -----END RSA PRIVATE KEY----- 95: */ 96: static char private[] = { 97: 0x30,0x82,0x02,0x5d,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xd0,0x5e,0xbe,0xe9,0xa0, 98: 0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,0xa4,0xf4,0x77, 99: 0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,0x55,0x12,0xf1, 100: 0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,0xda,0xee,0xa4, 101: 0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,0x90,0xea,0x4e, 102: 0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,0x05,0x41,0x02, 103: 0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,0x06,0xb8,0x94, 104: 0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,0xe4,0xc4,0x07, 105: 0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,0x01,0x00,0x01, 106: 0x02,0x81,0x80,0x09,0x50,0x02,0xb6,0x4c,0x49,0x7f,0xb5,0x58,0xda,0x35,0x93,0x3d, 107: 0x7c,0x1a,0x42,0x8c,0xbf,0xb8,0x8a,0x98,0x7d,0x7d,0xf3,0x87,0x02,0x3d,0x8b,0xa7, 108: 0x93,0x6c,0x39,0x71,0x08,0x4f,0x89,0x0e,0x2f,0xf1,0xce,0x92,0x9a,0x5a,0x32,0xda, 109: 0xf7,0xd4,0x66,0x8e,0xf3,0xf4,0x38,0xf0,0x2b,0x59,0x00,0x76,0xdf,0xd7,0x24,0xd3, 110: 0x7c,0x7b,0x80,0x09,0xb6,0xa1,0xbb,0xad,0xa2,0xc1,0x9b,0xa9,0xb2,0xb3,0x25,0x94, 111: 0xb9,0x73,0x22,0x1a,0xcb,0x3c,0x96,0xf5,0xd8,0xd9,0x0c,0x70,0x5d,0xb7,0xd1,0xe8, 112: 0xaa,0xe2,0x81,0xdf,0xd6,0xac,0xa5,0x68,0xad,0xdf,0x13,0xf3,0x92,0xba,0xfe,0x41, 113: 0xe2,0x24,0x8a,0x08,0x2d,0x98,0x12,0x80,0x2d,0x30,0x71,0x4f,0x0c,0x40,0x53,0xe3, 114: 0xfa,0x7a,0xe1,0x02,0x41,0x00,0xf8,0x20,0xf7,0x6b,0xcc,0xa6,0xc2,0xac,0xee,0xfd, 115: 0x2c,0xab,0xe8,0x3e,0xb4,0x10,0xb5,0x38,0xcb,0xea,0x88,0x1a,0x83,0xda,0xc8,0xf6, 116: 0x7d,0x99,0xba,0x82,0xb7,0xfd,0x75,0x72,0x6e,0x1d,0x9b,0xc8,0xe5,0xd3,0xf2,0xd0, 117: 0x39,0x1b,0x98,0xd2,0xcf,0xd0,0x1c,0xf1,0x77,0x95,0x3a,0xc9,0xc7,0xf6,0x04,0xf9, 118: 0xdd,0x65,0xde,0x68,0xb3,0x85,0x02,0x41,0x00,0xd6,0xfa,0xe6,0xfe,0x15,0x52,0x11, 119: 0xab,0x29,0xe5,0xe0,0x13,0x81,0x0e,0xe2,0x83,0xd0,0x85,0xf8,0x61,0x8a,0xaa,0x14, 120: 0xf0,0x5e,0x9f,0xee,0x39,0x29,0x7f,0x87,0x72,0x11,0x99,0x2b,0x6e,0xe4,0x9d,0x02, 121: 0xf4,0x09,0x18,0xcb,0x1d,0x1b,0x9f,0x78,0xf9,0x47,0xc8,0x94,0x11,0x7f,0xc2,0xd3, 122: 0x42,0x92,0x13,0x59,0x10,0x36,0x1e,0x0d,0x39,0x02,0x40,0x54,0xeb,0x0b,0x62,0x54, 123: 0x46,0xda,0x27,0x4f,0x1f,0x4c,0x53,0x85,0x07,0x38,0x9e,0xe3,0x36,0x8d,0xeb,0x35, 124: 0x2b,0x45,0xe6,0xf1,0x92,0x12,0x48,0x33,0x61,0x9b,0x50,0x5e,0x0a,0x8c,0x8f,0x0b, 125: 0x8a,0xc4,0xc5,0x35,0xbb,0x77,0x5f,0xef,0x7c,0x6e,0x6c,0xbe,0x0b,0x11,0xae,0xfb, 126: 0xd0,0xa4,0xe3,0x98,0xae,0x5e,0xcc,0x07,0x42,0xf3,0xf5,0x02,0x41,0x00,0xb8,0x60, 127: 0x01,0x62,0x62,0xc8,0xbb,0x2c,0x90,0x47,0x7d,0xd1,0x5c,0x7b,0x76,0x9b,0xd4,0x68, 128: 0x41,0xe8,0xee,0x33,0x06,0xb8,0x4c,0x7f,0x5f,0xa1,0x98,0xcc,0xae,0x4e,0x8f,0x77, 129: 0x4d,0x3f,0xd3,0x44,0x31,0xf7,0x38,0x22,0x12,0x79,0x49,0x6a,0x91,0x27,0x42,0x80, 130: 0x6d,0x35,0x40,0xdc,0xc7,0xb1,0x2d,0x74,0xf8,0x8a,0xa5,0xcf,0x4a,0x49,0x02,0x41, 131: 0x00,0xd2,0x8c,0xb8,0x41,0xc2,0xf1,0x27,0x4a,0xe5,0xb8,0x12,0x52,0x0c,0xcc,0x1c, 132: 0x0b,0x6e,0xee,0xf9,0xef,0x7c,0xf6,0x83,0x35,0x3c,0xd8,0xc8,0xfa,0xb6,0xba,0xf0, 133: 0x3a,0xca,0x28,0xc7,0xfb,0xe6,0x71,0xea,0x53,0xd5,0x68,0xf2,0xe0,0x0b,0xcf,0x64, 134: 0x78,0x31,0xa7,0xbb,0xc4,0x5c,0xd4,0x9e,0x4b,0xe3,0x39,0x2f,0x6f,0x50,0x35,0x3a, 135: 0x7c, 136: }; 137: 138: /** 139: * And an associated self-signed CA certificate (note that the keyUsage 140: * extension has the digitalSignature bit set, which is not usually the case for 141: * CA certificates, so it can be used as end-entity certificate in load tests). 142: -----BEGIN CERTIFICATE----- 143: MIICJjCCAY+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA3MQwwCgYDVQQDEwNzcnYx 144: EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0xOTAy 145: MDgwODUyMjVaFw0yOTAyMDgwODUyMjVaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE 146: CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB 147: AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E 148: VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq 149: BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID 150: AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4E 151: FgQUytOG/alLWTyyO6ElA3cGwIzkofYwDQYJKoZIhvcNAQELBQADgYEAIdCzmJAw 152: Cj6VaDacc7yOhZK61nGzNJml5NEeLzZkGzYvsIggL/Kb2v42fKYC5OunkZ1Nw3YY 153: 207LR7wrhS7pndHfRMny86RwJ4d6LmiwtgbzTAbm3HL/iENDiyiJfCTknTvzMj9O 154: kGfz0rGDkJqIxx0inxp84PWWR5lX84A9pNQ= 155: -----END CERTIFICATE----- 156: */ 157: static char default_cert[] = { 158: 0x30,0x82,0x02,0x26,0x30,0x82,0x01,0x8f,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00, 159: 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30, 160: 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31, 161: 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74, 162: 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74, 163: 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x31,0x39,0x30,0x32, 164: 0x30,0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x17,0x0d,0x32,0x39,0x30,0x32,0x30, 165: 0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03, 166: 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04, 167: 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11, 168: 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61, 169: 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, 170: 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e, 171: 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b, 172: 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04, 173: 0x55,0x12,0xf1,0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4, 174: 0xda,0xee,0xa4,0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14, 175: 0x90,0xea,0x4e,0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a, 176: 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7, 177: 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06, 178: 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03, 179: 0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, 180: 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01, 181: 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04, 182: 0x16,0x04,0x14,0xca,0xd3,0x86,0xfd,0xa9,0x4b,0x59,0x3c,0xb2,0x3b,0xa1,0x25,0x03, 183: 0x77,0x06,0xc0,0x8c,0xe4,0xa1,0xf6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, 184: 0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x81,0x81,0x00,0x21,0xd0,0xb3,0x98,0x90,0x30, 185: 0x0a,0x3e,0x95,0x68,0x36,0x9c,0x73,0xbc,0x8e,0x85,0x92,0xba,0xd6,0x71,0xb3,0x34, 186: 0x99,0xa5,0xe4,0xd1,0x1e,0x2f,0x36,0x64,0x1b,0x36,0x2f,0xb0,0x88,0x20,0x2f,0xf2, 187: 0x9b,0xda,0xfe,0x36,0x7c,0xa6,0x02,0xe4,0xeb,0xa7,0x91,0x9d,0x4d,0xc3,0x76,0x18, 188: 0xdb,0x4e,0xcb,0x47,0xbc,0x2b,0x85,0x2e,0xe9,0x9d,0xd1,0xdf,0x44,0xc9,0xf2,0xf3, 189: 0xa4,0x70,0x27,0x87,0x7a,0x2e,0x68,0xb0,0xb6,0x06,0xf3,0x4c,0x06,0xe6,0xdc,0x72, 190: 0xff,0x88,0x43,0x43,0x8b,0x28,0x89,0x7c,0x24,0xe4,0x9d,0x3b,0xf3,0x32,0x3f,0x4e, 191: 0x90,0x67,0xf3,0xd2,0xb1,0x83,0x90,0x9a,0x88,0xc7,0x1d,0x22,0x9f,0x1a,0x7c,0xe0, 192: 0xf5,0x96,0x47,0x99,0x57,0xf3,0x80,0x3d,0xa4,0xd4, 193: }; 194: 195: /** 196: * Default IKE preshared key 197: */ 198: static char *default_psk = "default-psk"; 199: 200: /** 201: * Default EAP password for EAP 202: */ 203: static char *default_pwd = "default-pwd"; 204: 205: 206: /** 207: * Load the private key, hard-coded or from a file 208: */ 209: static private_key_t *load_issuer_key() 210: { 211: char *path; 212: 213: path = lib->settings->get_str(lib->settings, 214: "%s.plugins.load-tester.issuer_key", NULL, lib->ns); 215: if (!path) 216: { 217: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, 218: BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), 219: BUILD_END); 220: } 221: DBG1(DBG_CFG, "loading load-tester private key from '%s'", path); 222: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, 223: BUILD_FROM_FILE, path, BUILD_END); 224: } 225: 226: /** 227: * Load the issuing certificate, hard-coded or from a file 228: */ 229: static certificate_t *load_issuer_cert() 230: { 231: char *path; 232: 233: path = lib->settings->get_str(lib->settings, 234: "%s.plugins.load-tester.issuer_cert", NULL, lib->ns); 235: if (!path) 236: { 237: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, 238: BUILD_BLOB_ASN1_DER, 239: chunk_create(default_cert, sizeof(default_cert)), 240: BUILD_X509_FLAG, X509_CA, 241: BUILD_END); 242: } 243: DBG1(DBG_CFG, "loading load-tester issuer cert from '%s'", path); 244: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, 245: BUILD_FROM_FILE, path, BUILD_END); 246: } 247: 248: /** 249: * Load (intermediate) CA certificates, hard-coded or from a file 250: */ 251: static void load_ca_certs(private_load_tester_creds_t *this) 252: { 253: enumerator_t *enumerator; 254: certificate_t *cert; 255: struct stat st; 256: char *path; 257: 258: path = lib->settings->get_str(lib->settings, 259: "%s.plugins.load-tester.ca_dir", NULL, lib->ns); 260: if (path) 261: { 262: enumerator = enumerator_create_directory(path); 263: if (enumerator) 264: { 265: while (enumerator->enumerate(enumerator, NULL, &path, &st)) 266: { 267: if (S_ISREG(st.st_mode)) 268: { 269: DBG1(DBG_CFG, "loading load-tester CA cert from '%s'", path); 270: cert = lib->creds->create(lib->creds, 271: CRED_CERTIFICATE, CERT_X509, 272: BUILD_FROM_FILE, path, BUILD_END); 273: if (cert) 274: { 275: this->cas->insert_last(this->cas, cert); 276: } 277: } 278: } 279: enumerator->destroy(enumerator); 280: } 281: } 282: } 283: 284: METHOD(credential_set_t, create_private_enumerator, enumerator_t*, 285: private_load_tester_creds_t *this, key_type_t type, identification_t *id) 286: { 287: if (this->private == NULL) 288: { 289: return NULL; 290: } 291: if (type != KEY_ANY && type != KEY_RSA) 292: { 293: return NULL; 294: } 295: if (id) 296: { 297: if (!this->private->has_fingerprint(this->private, id->get_encoding(id))) 298: { 299: return NULL; 300: } 301: } 302: return enumerator_create_single(this->private, NULL); 303: } 304: 305: METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, 306: private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key, 307: identification_t *id, bool trusted) 308: { 309: enumerator_t *enumerator; 310: certificate_t *peer_cert, *ca_cert; 311: public_key_t *peer_key, *ca_key; 312: identification_t *dn = NULL; 313: linked_list_t *sans; 314: char buf[128]; 315: uint32_t serial; 316: time_t now; 317: 318: if (this->ca == NULL) 319: { 320: return NULL; 321: } 322: if (cert != CERT_ANY && cert != CERT_X509) 323: { 324: return NULL; 325: } 326: if (key != KEY_ANY && key != KEY_RSA) 327: { 328: return NULL; 329: } 330: if (!id) 331: { 332: return this->cas->create_enumerator(this->cas); 333: } 334: ca_key = this->ca->get_public_key(this->ca); 335: if (ca_key) 336: { 337: if (ca_key->has_fingerprint(ca_key, id->get_encoding(id))) 338: { 339: ca_key->destroy(ca_key); 340: return enumerator_create_single(this->ca, NULL); 341: } 342: ca_key->destroy(ca_key); 343: } 344: enumerator = this->cas->create_enumerator(this->cas); 345: while (enumerator->enumerate(enumerator, &ca_cert)) 346: { 347: if (ca_cert->has_subject(ca_cert, id)) 348: { 349: enumerator->destroy(enumerator); 350: return enumerator_create_single(ca_cert, NULL); 351: } 352: } 353: enumerator->destroy(enumerator); 354: 355: if (!trusted && this->private) 356: { 357: /* peer certificate, generate on demand */ 358: serial = htonl(++this->serial); 359: now = time(NULL); 360: sans = linked_list_create(); 361: 362: switch (id->get_type(id)) 363: { 364: case ID_DER_ASN1_DN: 365: break; 366: case ID_FQDN: 367: case ID_RFC822_ADDR: 368: case ID_IPV4_ADDR: 369: case ID_IPV6_ADDR: 370: /* encode as subjectAltName, construct a sane DN */ 371: sans->insert_last(sans, id); 372: snprintf(buf, sizeof(buf), "CN=%Y", id); 373: dn = identification_create_from_string(buf); 374: break; 375: default: 376: sans->destroy(sans); 377: return NULL; 378: } 379: peer_key = this->private->get_public_key(this->private); 380: peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, 381: BUILD_SIGNING_KEY, this->private, 382: BUILD_SIGNING_CERT, this->ca, 383: BUILD_DIGEST_ALG, this->digest, 384: BUILD_PUBLIC_KEY, peer_key, 385: BUILD_SUBJECT, dn ?: id, 386: BUILD_SUBJECT_ALTNAMES, sans, 387: BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24, 388: BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24, 389: BUILD_SERIAL, chunk_from_thing(serial), 390: BUILD_CRL_DISTRIBUTION_POINTS, this->cdps, 391: BUILD_END); 392: peer_key->destroy(peer_key); 393: sans->destroy(sans); 394: DESTROY_IF(dn); 395: if (peer_cert) 396: { 397: return enumerator_create_single(peer_cert, (void*)peer_cert->destroy); 398: } 399: } 400: return NULL; 401: } 402: 403: CALLBACK(shared_filter, bool, 404: void *null, enumerator_t *orig, va_list args) 405: { 406: shared_key_t *key, **out; 407: id_match_t *me, *other; 408: 409: VA_ARGS_VGET(args, out, me, other); 410: 411: if (orig->enumerate(orig, &key)) 412: { 413: *out = key; 414: if (me) 415: { 416: *me = ID_MATCH_ANY; 417: } 418: if (other) 419: { 420: *other = ID_MATCH_ANY; 421: } 422: return TRUE; 423: } 424: return FALSE; 425: } 426: 427: METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, 428: private_load_tester_creds_t *this, shared_key_type_t type, 429: identification_t *me, identification_t *other) 430: { 431: shared_key_t *shared; 432: 433: switch (type) 434: { 435: case SHARED_IKE: 436: shared = this->psk; 437: break; 438: case SHARED_EAP: 439: shared = this->pwd; 440: break; 441: default: 442: return NULL; 443: } 444: return enumerator_create_filter(enumerator_create_single(shared, NULL), 445: shared_filter, NULL, NULL); 446: } 447: 448: METHOD(load_tester_creds_t, destroy, void, 449: private_load_tester_creds_t *this) 450: { 451: this->cas->destroy_offset(this->cas, offsetof(certificate_t, destroy)); 452: DESTROY_IF(this->private); 453: DESTROY_IF(this->ca); 454: this->psk->destroy(this->psk); 455: this->pwd->destroy(this->pwd); 456: this->cdps->destroy_function(this->cdps, free); 457: free(this); 458: } 459: 460: load_tester_creds_t *load_tester_creds_create() 461: { 462: private_load_tester_creds_t *this; 463: char *pwd, *psk, *digest, *crl; 464: 465: psk = lib->settings->get_str(lib->settings, 466: "%s.plugins.load-tester.preshared_key", default_psk, lib->ns); 467: pwd = lib->settings->get_str(lib->settings, 468: "%s.plugins.load-tester.eap_password", default_pwd, lib->ns); 469: digest = lib->settings->get_str(lib->settings, 470: "%s.plugins.load-tester.digest", "sha1", lib->ns); 471: crl = lib->settings->get_str(lib->settings, 472: "%s.plugins.load-tester.crl", NULL, lib->ns); 473: 474: INIT(this, 475: .public = { 476: .credential_set = { 477: .create_shared_enumerator = _create_shared_enumerator, 478: .create_private_enumerator = _create_private_enumerator, 479: .create_cert_enumerator = _create_cert_enumerator, 480: .create_cdp_enumerator = (void*)return_null, 481: .cache_cert = (void*)nop, 482: }, 483: .destroy = _destroy, 484: }, 485: .private = load_issuer_key(), 486: .ca = load_issuer_cert(), 487: .cas = linked_list_create(), 488: .cdps = linked_list_create(), 489: .psk = shared_key_create(SHARED_IKE, 490: chunk_clone(chunk_create(psk, strlen(psk)))), 491: .pwd = shared_key_create(SHARED_EAP, 492: chunk_clone(chunk_create(pwd, strlen(pwd)))), 493: ); 494: 495: if (this->ca) 496: { 497: this->cas->insert_last(this->cas, this->ca->get_ref(this->ca)); 498: } 499: 500: if (!enum_from_name(hash_algorithm_short_names, digest, &this->digest)) 501: { 502: DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest); 503: this->digest = HASH_SHA1; 504: } 505: 506: if (crl) 507: { 508: x509_cdp_t *cdp; 509: 510: INIT(cdp, 511: .uri = crl, 512: ); 513: this->cdps->insert_last(this->cdps, cdp); 514: } 515: 516: load_ca_certs(this); 517: 518: return &this->public; 519: }