Annotation of embedaddon/strongswan/src/libcharon/plugins/load_tester/load_tester_creds.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2008 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "load_tester_creds.h"
17:
18: #include <time.h>
19: #include <sys/stat.h>
20:
21: #include <daemon.h>
22: #include <credentials/keys/shared_key.h>
23: #include <credentials/certificates/x509.h>
24: #include <utils/identification.h>
25:
26: typedef struct private_load_tester_creds_t private_load_tester_creds_t;
27:
28: /**
29: * Private data of an load_tester_creds_t object
30: */
31: struct private_load_tester_creds_t {
32: /**
33: * Public part
34: */
35: load_tester_creds_t public;
36:
37: /**
38: * Private key to create signatures
39: */
40: private_key_t *private;
41:
42: /**
43: * CA certificate, to issue/verify peer certificates
44: */
45: certificate_t *ca;
46:
47: /**
48: * Trusted CA certificates, including issuer CA
49: */
50: linked_list_t *cas;
51:
52: /**
53: * Digest algorithm to issue certificates
54: */
55: hash_algorithm_t digest;
56:
57: /**
58: * serial number to issue certificates
59: */
60: uint32_t serial;
61:
62: /**
63: * Preshared key for IKE
64: */
65: shared_key_t *psk;
66:
67: /**
68: * Password for EAP
69: */
70: shared_key_t *pwd;
71:
72: /**
73: * List of certificate distribution points to include in generated certs
74: */
75: linked_list_t *cdps;
76: };
77:
78: /**
79: * 1024-bit RSA key:
80: -----BEGIN RSA PRIVATE KEY-----
81: MIICXQIBAAKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8EVRLx
82: JEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZqBUEC
83: 7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQIDAQAB
84: AoGACVACtkxJf7VY2jWTPXwaQoy/uIqYfX3zhwI9i6eTbDlxCE+JDi/xzpKaWjLa
85: 99RmjvP0OPArWQB239ck03x7gAm2obutosGbqbKzJZS5cyIayzyW9djZDHBdt9Ho
86: quKB39aspWit3xPzkrr+QeIkiggtmBKALTBxTwxAU+P6euECQQD4IPdrzKbCrO79
87: LKvoPrQQtTjL6ogag9rI9n2ZuoK3/XVybh2byOXT8tA5G5jSz9Ac8XeVOsnH9gT5
88: 3WXeaLOFAkEA1vrm/hVSEasp5eATgQ7ig9CF+GGKqhTwXp/uOSl/h3IRmStu5J0C
89: 9AkYyx0bn3j5R8iUEX/C00KSE1kQNh4NOQJAVOsLYlRG2idPH0xThQc4nuM2jes1
90: K0Xm8ZISSDNhm1BeCoyPC4rExTW7d1/vfG5svgsRrvvQpOOYrl7MB0Lz9QJBALhg
91: AWJiyLsskEd90Vx7dpvUaEHo7jMGuEx/X6GYzK5Oj3dNP9NEMfc4IhJ5SWqRJ0KA
92: bTVA3MexLXT4iqXPSkkCQQDSjLhBwvEnSuW4ElIMzBwLbu7573z2gzU82Mj6trrw
93: Osoox/vmcepT1Wjy4AvPZHgxp7vEXNSeS+M5L29QNTp8
94: -----END RSA PRIVATE KEY-----
95: */
96: static char private[] = {
97: 0x30,0x82,0x02,0x5d,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xd0,0x5e,0xbe,0xe9,0xa0,
98: 0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,0xa4,0xf4,0x77,
99: 0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,0x55,0x12,0xf1,
100: 0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,0xda,0xee,0xa4,
101: 0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,0x90,0xea,0x4e,
102: 0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,0x05,0x41,0x02,
103: 0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,0x06,0xb8,0x94,
104: 0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,0xe4,0xc4,0x07,
105: 0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,0x01,0x00,0x01,
106: 0x02,0x81,0x80,0x09,0x50,0x02,0xb6,0x4c,0x49,0x7f,0xb5,0x58,0xda,0x35,0x93,0x3d,
107: 0x7c,0x1a,0x42,0x8c,0xbf,0xb8,0x8a,0x98,0x7d,0x7d,0xf3,0x87,0x02,0x3d,0x8b,0xa7,
108: 0x93,0x6c,0x39,0x71,0x08,0x4f,0x89,0x0e,0x2f,0xf1,0xce,0x92,0x9a,0x5a,0x32,0xda,
109: 0xf7,0xd4,0x66,0x8e,0xf3,0xf4,0x38,0xf0,0x2b,0x59,0x00,0x76,0xdf,0xd7,0x24,0xd3,
110: 0x7c,0x7b,0x80,0x09,0xb6,0xa1,0xbb,0xad,0xa2,0xc1,0x9b,0xa9,0xb2,0xb3,0x25,0x94,
111: 0xb9,0x73,0x22,0x1a,0xcb,0x3c,0x96,0xf5,0xd8,0xd9,0x0c,0x70,0x5d,0xb7,0xd1,0xe8,
112: 0xaa,0xe2,0x81,0xdf,0xd6,0xac,0xa5,0x68,0xad,0xdf,0x13,0xf3,0x92,0xba,0xfe,0x41,
113: 0xe2,0x24,0x8a,0x08,0x2d,0x98,0x12,0x80,0x2d,0x30,0x71,0x4f,0x0c,0x40,0x53,0xe3,
114: 0xfa,0x7a,0xe1,0x02,0x41,0x00,0xf8,0x20,0xf7,0x6b,0xcc,0xa6,0xc2,0xac,0xee,0xfd,
115: 0x2c,0xab,0xe8,0x3e,0xb4,0x10,0xb5,0x38,0xcb,0xea,0x88,0x1a,0x83,0xda,0xc8,0xf6,
116: 0x7d,0x99,0xba,0x82,0xb7,0xfd,0x75,0x72,0x6e,0x1d,0x9b,0xc8,0xe5,0xd3,0xf2,0xd0,
117: 0x39,0x1b,0x98,0xd2,0xcf,0xd0,0x1c,0xf1,0x77,0x95,0x3a,0xc9,0xc7,0xf6,0x04,0xf9,
118: 0xdd,0x65,0xde,0x68,0xb3,0x85,0x02,0x41,0x00,0xd6,0xfa,0xe6,0xfe,0x15,0x52,0x11,
119: 0xab,0x29,0xe5,0xe0,0x13,0x81,0x0e,0xe2,0x83,0xd0,0x85,0xf8,0x61,0x8a,0xaa,0x14,
120: 0xf0,0x5e,0x9f,0xee,0x39,0x29,0x7f,0x87,0x72,0x11,0x99,0x2b,0x6e,0xe4,0x9d,0x02,
121: 0xf4,0x09,0x18,0xcb,0x1d,0x1b,0x9f,0x78,0xf9,0x47,0xc8,0x94,0x11,0x7f,0xc2,0xd3,
122: 0x42,0x92,0x13,0x59,0x10,0x36,0x1e,0x0d,0x39,0x02,0x40,0x54,0xeb,0x0b,0x62,0x54,
123: 0x46,0xda,0x27,0x4f,0x1f,0x4c,0x53,0x85,0x07,0x38,0x9e,0xe3,0x36,0x8d,0xeb,0x35,
124: 0x2b,0x45,0xe6,0xf1,0x92,0x12,0x48,0x33,0x61,0x9b,0x50,0x5e,0x0a,0x8c,0x8f,0x0b,
125: 0x8a,0xc4,0xc5,0x35,0xbb,0x77,0x5f,0xef,0x7c,0x6e,0x6c,0xbe,0x0b,0x11,0xae,0xfb,
126: 0xd0,0xa4,0xe3,0x98,0xae,0x5e,0xcc,0x07,0x42,0xf3,0xf5,0x02,0x41,0x00,0xb8,0x60,
127: 0x01,0x62,0x62,0xc8,0xbb,0x2c,0x90,0x47,0x7d,0xd1,0x5c,0x7b,0x76,0x9b,0xd4,0x68,
128: 0x41,0xe8,0xee,0x33,0x06,0xb8,0x4c,0x7f,0x5f,0xa1,0x98,0xcc,0xae,0x4e,0x8f,0x77,
129: 0x4d,0x3f,0xd3,0x44,0x31,0xf7,0x38,0x22,0x12,0x79,0x49,0x6a,0x91,0x27,0x42,0x80,
130: 0x6d,0x35,0x40,0xdc,0xc7,0xb1,0x2d,0x74,0xf8,0x8a,0xa5,0xcf,0x4a,0x49,0x02,0x41,
131: 0x00,0xd2,0x8c,0xb8,0x41,0xc2,0xf1,0x27,0x4a,0xe5,0xb8,0x12,0x52,0x0c,0xcc,0x1c,
132: 0x0b,0x6e,0xee,0xf9,0xef,0x7c,0xf6,0x83,0x35,0x3c,0xd8,0xc8,0xfa,0xb6,0xba,0xf0,
133: 0x3a,0xca,0x28,0xc7,0xfb,0xe6,0x71,0xea,0x53,0xd5,0x68,0xf2,0xe0,0x0b,0xcf,0x64,
134: 0x78,0x31,0xa7,0xbb,0xc4,0x5c,0xd4,0x9e,0x4b,0xe3,0x39,0x2f,0x6f,0x50,0x35,0x3a,
135: 0x7c,
136: };
137:
138: /**
139: * And an associated self-signed CA certificate (note that the keyUsage
140: * extension has the digitalSignature bit set, which is not usually the case for
141: * CA certificates, so it can be used as end-entity certificate in load tests).
142: -----BEGIN CERTIFICATE-----
143: MIICJjCCAY+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA3MQwwCgYDVQQDEwNzcnYx
144: EjAQBgNVBAsTCWxvYWQtdGVzdDETMBEGA1UEChMKc3Ryb25nU3dhbjAeFw0xOTAy
145: MDgwODUyMjVaFw0yOTAyMDgwODUyMjVaMDcxDDAKBgNVBAMTA3NydjESMBAGA1UE
146: CxMJbG9hZC10ZXN0MRMwEQYDVQQKEwpzdHJvbmdTd2FuMIGfMA0GCSqGSIb3DQEB
147: AQUAA4GNADCBiQKBgQDQXr7poAPYZLxmTCqR51STGRuk9Hc5SWtTcs6b2RzpnP8E
148: VRLxJEVxOKE9Mw6n7mD1pNrupCpnpGRdLAV5VznTPhSQ6k7ppJJrxosRYg0pHTZq
149: BUEC7nQFwAe10g8q0UnM1wa4lJzGxDH78d21cVweJgbkxAeyriS0jhNs7gO5nQID
150: AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4E
151: FgQUytOG/alLWTyyO6ElA3cGwIzkofYwDQYJKoZIhvcNAQELBQADgYEAIdCzmJAw
152: Cj6VaDacc7yOhZK61nGzNJml5NEeLzZkGzYvsIggL/Kb2v42fKYC5OunkZ1Nw3YY
153: 207LR7wrhS7pndHfRMny86RwJ4d6LmiwtgbzTAbm3HL/iENDiyiJfCTknTvzMj9O
154: kGfz0rGDkJqIxx0inxp84PWWR5lX84A9pNQ=
155: -----END CERTIFICATE-----
156: */
157: static char default_cert[] = {
158: 0x30,0x82,0x02,0x26,0x30,0x82,0x01,0x8f,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x00,
159: 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,
160: 0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,
161: 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,
162: 0x65,0x73,0x74,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,
163: 0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x30,0x1e,0x17,0x0d,0x31,0x39,0x30,0x32,
164: 0x30,0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x17,0x0d,0x32,0x39,0x30,0x32,0x30,
165: 0x38,0x30,0x38,0x35,0x32,0x32,0x35,0x5a,0x30,0x37,0x31,0x0c,0x30,0x0a,0x06,0x03,
166: 0x55,0x04,0x03,0x13,0x03,0x73,0x72,0x76,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
167: 0x0b,0x13,0x09,0x6c,0x6f,0x61,0x64,0x2d,0x74,0x65,0x73,0x74,0x31,0x13,0x30,0x11,
168: 0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
169: 0x6e,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
170: 0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xd0,0x5e,
171: 0xbe,0xe9,0xa0,0x03,0xd8,0x64,0xbc,0x66,0x4c,0x2a,0x91,0xe7,0x54,0x93,0x19,0x1b,
172: 0xa4,0xf4,0x77,0x39,0x49,0x6b,0x53,0x72,0xce,0x9b,0xd9,0x1c,0xe9,0x9c,0xff,0x04,
173: 0x55,0x12,0xf1,0x24,0x45,0x71,0x38,0xa1,0x3d,0x33,0x0e,0xa7,0xee,0x60,0xf5,0xa4,
174: 0xda,0xee,0xa4,0x2a,0x67,0xa4,0x64,0x5d,0x2c,0x05,0x79,0x57,0x39,0xd3,0x3e,0x14,
175: 0x90,0xea,0x4e,0xe9,0xa4,0x92,0x6b,0xc6,0x8b,0x11,0x62,0x0d,0x29,0x1d,0x36,0x6a,
176: 0x05,0x41,0x02,0xee,0x74,0x05,0xc0,0x07,0xb5,0xd2,0x0f,0x2a,0xd1,0x49,0xcc,0xd7,
177: 0x06,0xb8,0x94,0x9c,0xc6,0xc4,0x31,0xfb,0xf1,0xdd,0xb5,0x71,0x5c,0x1e,0x26,0x06,
178: 0xe4,0xc4,0x07,0xb2,0xae,0x24,0xb4,0x8e,0x13,0x6c,0xee,0x03,0xb9,0x9d,0x02,0x03,
179: 0x01,0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
180: 0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
181: 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,
182: 0x16,0x04,0x14,0xca,0xd3,0x86,0xfd,0xa9,0x4b,0x59,0x3c,0xb2,0x3b,0xa1,0x25,0x03,
183: 0x77,0x06,0xc0,0x8c,0xe4,0xa1,0xf6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
184: 0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x81,0x81,0x00,0x21,0xd0,0xb3,0x98,0x90,0x30,
185: 0x0a,0x3e,0x95,0x68,0x36,0x9c,0x73,0xbc,0x8e,0x85,0x92,0xba,0xd6,0x71,0xb3,0x34,
186: 0x99,0xa5,0xe4,0xd1,0x1e,0x2f,0x36,0x64,0x1b,0x36,0x2f,0xb0,0x88,0x20,0x2f,0xf2,
187: 0x9b,0xda,0xfe,0x36,0x7c,0xa6,0x02,0xe4,0xeb,0xa7,0x91,0x9d,0x4d,0xc3,0x76,0x18,
188: 0xdb,0x4e,0xcb,0x47,0xbc,0x2b,0x85,0x2e,0xe9,0x9d,0xd1,0xdf,0x44,0xc9,0xf2,0xf3,
189: 0xa4,0x70,0x27,0x87,0x7a,0x2e,0x68,0xb0,0xb6,0x06,0xf3,0x4c,0x06,0xe6,0xdc,0x72,
190: 0xff,0x88,0x43,0x43,0x8b,0x28,0x89,0x7c,0x24,0xe4,0x9d,0x3b,0xf3,0x32,0x3f,0x4e,
191: 0x90,0x67,0xf3,0xd2,0xb1,0x83,0x90,0x9a,0x88,0xc7,0x1d,0x22,0x9f,0x1a,0x7c,0xe0,
192: 0xf5,0x96,0x47,0x99,0x57,0xf3,0x80,0x3d,0xa4,0xd4,
193: };
194:
195: /**
196: * Default IKE preshared key
197: */
198: static char *default_psk = "default-psk";
199:
200: /**
201: * Default EAP password for EAP
202: */
203: static char *default_pwd = "default-pwd";
204:
205:
206: /**
207: * Load the private key, hard-coded or from a file
208: */
209: static private_key_t *load_issuer_key()
210: {
211: char *path;
212:
213: path = lib->settings->get_str(lib->settings,
214: "%s.plugins.load-tester.issuer_key", NULL, lib->ns);
215: if (!path)
216: {
217: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
218: BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)),
219: BUILD_END);
220: }
221: DBG1(DBG_CFG, "loading load-tester private key from '%s'", path);
222: return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
223: BUILD_FROM_FILE, path, BUILD_END);
224: }
225:
226: /**
227: * Load the issuing certificate, hard-coded or from a file
228: */
229: static certificate_t *load_issuer_cert()
230: {
231: char *path;
232:
233: path = lib->settings->get_str(lib->settings,
234: "%s.plugins.load-tester.issuer_cert", NULL, lib->ns);
235: if (!path)
236: {
237: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
238: BUILD_BLOB_ASN1_DER,
239: chunk_create(default_cert, sizeof(default_cert)),
240: BUILD_X509_FLAG, X509_CA,
241: BUILD_END);
242: }
243: DBG1(DBG_CFG, "loading load-tester issuer cert from '%s'", path);
244: return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
245: BUILD_FROM_FILE, path, BUILD_END);
246: }
247:
248: /**
249: * Load (intermediate) CA certificates, hard-coded or from a file
250: */
251: static void load_ca_certs(private_load_tester_creds_t *this)
252: {
253: enumerator_t *enumerator;
254: certificate_t *cert;
255: struct stat st;
256: char *path;
257:
258: path = lib->settings->get_str(lib->settings,
259: "%s.plugins.load-tester.ca_dir", NULL, lib->ns);
260: if (path)
261: {
262: enumerator = enumerator_create_directory(path);
263: if (enumerator)
264: {
265: while (enumerator->enumerate(enumerator, NULL, &path, &st))
266: {
267: if (S_ISREG(st.st_mode))
268: {
269: DBG1(DBG_CFG, "loading load-tester CA cert from '%s'", path);
270: cert = lib->creds->create(lib->creds,
271: CRED_CERTIFICATE, CERT_X509,
272: BUILD_FROM_FILE, path, BUILD_END);
273: if (cert)
274: {
275: this->cas->insert_last(this->cas, cert);
276: }
277: }
278: }
279: enumerator->destroy(enumerator);
280: }
281: }
282: }
283:
284: METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
285: private_load_tester_creds_t *this, key_type_t type, identification_t *id)
286: {
287: if (this->private == NULL)
288: {
289: return NULL;
290: }
291: if (type != KEY_ANY && type != KEY_RSA)
292: {
293: return NULL;
294: }
295: if (id)
296: {
297: if (!this->private->has_fingerprint(this->private, id->get_encoding(id)))
298: {
299: return NULL;
300: }
301: }
302: return enumerator_create_single(this->private, NULL);
303: }
304:
305: METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
306: private_load_tester_creds_t *this, certificate_type_t cert, key_type_t key,
307: identification_t *id, bool trusted)
308: {
309: enumerator_t *enumerator;
310: certificate_t *peer_cert, *ca_cert;
311: public_key_t *peer_key, *ca_key;
312: identification_t *dn = NULL;
313: linked_list_t *sans;
314: char buf[128];
315: uint32_t serial;
316: time_t now;
317:
318: if (this->ca == NULL)
319: {
320: return NULL;
321: }
322: if (cert != CERT_ANY && cert != CERT_X509)
323: {
324: return NULL;
325: }
326: if (key != KEY_ANY && key != KEY_RSA)
327: {
328: return NULL;
329: }
330: if (!id)
331: {
332: return this->cas->create_enumerator(this->cas);
333: }
334: ca_key = this->ca->get_public_key(this->ca);
335: if (ca_key)
336: {
337: if (ca_key->has_fingerprint(ca_key, id->get_encoding(id)))
338: {
339: ca_key->destroy(ca_key);
340: return enumerator_create_single(this->ca, NULL);
341: }
342: ca_key->destroy(ca_key);
343: }
344: enumerator = this->cas->create_enumerator(this->cas);
345: while (enumerator->enumerate(enumerator, &ca_cert))
346: {
347: if (ca_cert->has_subject(ca_cert, id))
348: {
349: enumerator->destroy(enumerator);
350: return enumerator_create_single(ca_cert, NULL);
351: }
352: }
353: enumerator->destroy(enumerator);
354:
355: if (!trusted && this->private)
356: {
357: /* peer certificate, generate on demand */
358: serial = htonl(++this->serial);
359: now = time(NULL);
360: sans = linked_list_create();
361:
362: switch (id->get_type(id))
363: {
364: case ID_DER_ASN1_DN:
365: break;
366: case ID_FQDN:
367: case ID_RFC822_ADDR:
368: case ID_IPV4_ADDR:
369: case ID_IPV6_ADDR:
370: /* encode as subjectAltName, construct a sane DN */
371: sans->insert_last(sans, id);
372: snprintf(buf, sizeof(buf), "CN=%Y", id);
373: dn = identification_create_from_string(buf);
374: break;
375: default:
376: sans->destroy(sans);
377: return NULL;
378: }
379: peer_key = this->private->get_public_key(this->private);
380: peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
381: BUILD_SIGNING_KEY, this->private,
382: BUILD_SIGNING_CERT, this->ca,
383: BUILD_DIGEST_ALG, this->digest,
384: BUILD_PUBLIC_KEY, peer_key,
385: BUILD_SUBJECT, dn ?: id,
386: BUILD_SUBJECT_ALTNAMES, sans,
387: BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
388: BUILD_NOT_AFTER_TIME, now + 60 * 60 * 24,
389: BUILD_SERIAL, chunk_from_thing(serial),
390: BUILD_CRL_DISTRIBUTION_POINTS, this->cdps,
391: BUILD_END);
392: peer_key->destroy(peer_key);
393: sans->destroy(sans);
394: DESTROY_IF(dn);
395: if (peer_cert)
396: {
397: return enumerator_create_single(peer_cert, (void*)peer_cert->destroy);
398: }
399: }
400: return NULL;
401: }
402:
403: CALLBACK(shared_filter, bool,
404: void *null, enumerator_t *orig, va_list args)
405: {
406: shared_key_t *key, **out;
407: id_match_t *me, *other;
408:
409: VA_ARGS_VGET(args, out, me, other);
410:
411: if (orig->enumerate(orig, &key))
412: {
413: *out = key;
414: if (me)
415: {
416: *me = ID_MATCH_ANY;
417: }
418: if (other)
419: {
420: *other = ID_MATCH_ANY;
421: }
422: return TRUE;
423: }
424: return FALSE;
425: }
426:
427: METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
428: private_load_tester_creds_t *this, shared_key_type_t type,
429: identification_t *me, identification_t *other)
430: {
431: shared_key_t *shared;
432:
433: switch (type)
434: {
435: case SHARED_IKE:
436: shared = this->psk;
437: break;
438: case SHARED_EAP:
439: shared = this->pwd;
440: break;
441: default:
442: return NULL;
443: }
444: return enumerator_create_filter(enumerator_create_single(shared, NULL),
445: shared_filter, NULL, NULL);
446: }
447:
448: METHOD(load_tester_creds_t, destroy, void,
449: private_load_tester_creds_t *this)
450: {
451: this->cas->destroy_offset(this->cas, offsetof(certificate_t, destroy));
452: DESTROY_IF(this->private);
453: DESTROY_IF(this->ca);
454: this->psk->destroy(this->psk);
455: this->pwd->destroy(this->pwd);
456: this->cdps->destroy_function(this->cdps, free);
457: free(this);
458: }
459:
460: load_tester_creds_t *load_tester_creds_create()
461: {
462: private_load_tester_creds_t *this;
463: char *pwd, *psk, *digest, *crl;
464:
465: psk = lib->settings->get_str(lib->settings,
466: "%s.plugins.load-tester.preshared_key", default_psk, lib->ns);
467: pwd = lib->settings->get_str(lib->settings,
468: "%s.plugins.load-tester.eap_password", default_pwd, lib->ns);
469: digest = lib->settings->get_str(lib->settings,
470: "%s.plugins.load-tester.digest", "sha1", lib->ns);
471: crl = lib->settings->get_str(lib->settings,
472: "%s.plugins.load-tester.crl", NULL, lib->ns);
473:
474: INIT(this,
475: .public = {
476: .credential_set = {
477: .create_shared_enumerator = _create_shared_enumerator,
478: .create_private_enumerator = _create_private_enumerator,
479: .create_cert_enumerator = _create_cert_enumerator,
480: .create_cdp_enumerator = (void*)return_null,
481: .cache_cert = (void*)nop,
482: },
483: .destroy = _destroy,
484: },
485: .private = load_issuer_key(),
486: .ca = load_issuer_cert(),
487: .cas = linked_list_create(),
488: .cdps = linked_list_create(),
489: .psk = shared_key_create(SHARED_IKE,
490: chunk_clone(chunk_create(psk, strlen(psk)))),
491: .pwd = shared_key_create(SHARED_EAP,
492: chunk_clone(chunk_create(pwd, strlen(pwd)))),
493: );
494:
495: if (this->ca)
496: {
497: this->cas->insert_last(this->cas, this->ca->get_ref(this->ca));
498: }
499:
500: if (!enum_from_name(hash_algorithm_short_names, digest, &this->digest))
501: {
502: DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest);
503: this->digest = HASH_SHA1;
504: }
505:
506: if (crl)
507: {
508: x509_cdp_t *cdp;
509:
510: INIT(cdp,
511: .uri = crl,
512: );
513: this->cdps->insert_last(this->cdps, cdp);
514: }
515:
516: load_ca_certs(this);
517:
518: return &this->public;
519: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>