Annotation of embedaddon/strongswan/src/libimcv/pts/pts_creds.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011 Andreas Steffen
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "pts_creds.h"
! 17:
! 18: #include <utils/debug.h>
! 19: #include <credentials/certificates/x509.h>
! 20: #include <credentials/sets/mem_cred.h>
! 21:
! 22: #include <sys/stat.h>
! 23:
! 24: typedef struct private_pts_creds_t private_pts_creds_t;
! 25:
! 26: /**
! 27: * Private data of a pts_creds_t object.
! 28: *
! 29: */
! 30: struct private_pts_creds_t {
! 31:
! 32: /**
! 33: * Public pts_creds_t interface.
! 34: */
! 35: pts_creds_t public;
! 36:
! 37: /**
! 38: * Credential set
! 39: */
! 40: mem_cred_t *creds;
! 41:
! 42: };
! 43:
! 44: METHOD(pts_creds_t, get_set, credential_set_t*,
! 45: private_pts_creds_t *this)
! 46: {
! 47: return &this->creds->set;
! 48: }
! 49:
! 50:
! 51: METHOD(pts_creds_t, destroy, void,
! 52: private_pts_creds_t *this)
! 53: {
! 54: this->creds->destroy(this->creds);
! 55: free(this);
! 56: }
! 57:
! 58: /**
! 59: * Load trusted PTS CA certificates from a directory
! 60: */
! 61: static void load_cacerts(private_pts_creds_t *this, char *path)
! 62: {
! 63: enumerator_t *enumerator;
! 64: struct stat st;
! 65: char *file;
! 66:
! 67: DBG1(DBG_PTS, "loading PTS ca certificates from '%s'", path);
! 68:
! 69: enumerator = enumerator_create_directory(path);
! 70: if (!enumerator)
! 71: {
! 72: return;
! 73: }
! 74:
! 75: while (enumerator->enumerate(enumerator, NULL, &file, &st))
! 76: {
! 77: certificate_t *cert;
! 78:
! 79: if (!S_ISREG(st.st_mode))
! 80: {
! 81: /* skip special file */
! 82: continue;
! 83: }
! 84: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
! 85: BUILD_FROM_FILE, file, BUILD_END);
! 86: if (cert)
! 87: {
! 88: x509_t *x509 = (x509_t*)cert;
! 89:
! 90: if (!(x509->get_flags(x509) & X509_CA))
! 91: {
! 92: DBG1(DBG_PTS, " ca certificate \"%Y\" lacks ca basic constraint"
! 93: ", discarded", cert->get_subject(cert));
! 94: cert->destroy(cert);
! 95: }
! 96: else
! 97: {
! 98: DBG1(DBG_PTS, " loaded ca certificate \"%Y\" from '%s'",
! 99: cert->get_subject(cert), file);
! 100: this->creds->add_cert(this->creds, TRUE, cert);
! 101: }
! 102: }
! 103: else
! 104: {
! 105: DBG1(DBG_PTS, " loading ca certificate from '%s' failed", file);
! 106: }
! 107: }
! 108: enumerator->destroy(enumerator);
! 109: }
! 110:
! 111: /**
! 112: * See header
! 113: */
! 114: pts_creds_t *pts_creds_create(char *path)
! 115: {
! 116: private_pts_creds_t *this;
! 117:
! 118: if (!path)
! 119: {
! 120: DBG1(DBG_PTS, "no PTS cacerts directory defined");
! 121: return NULL;
! 122: }
! 123:
! 124: INIT(this,
! 125: .public = {
! 126: .get_set = _get_set,
! 127: .destroy = _destroy,
! 128: },
! 129: .creds = mem_cred_create(),
! 130: );
! 131:
! 132: load_cacerts(this, path);
! 133:
! 134: return &this->public;
! 135: }
! 136:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts_creds.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts