![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts_creds.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts|
Return to pts_creds.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts |
1.1 misho 1: /*
2: * Copyright (C) 2011 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "pts_creds.h"
17:
18: #include <utils/debug.h>
19: #include <credentials/certificates/x509.h>
20: #include <credentials/sets/mem_cred.h>
21:
22: #include <sys/stat.h>
23:
24: typedef struct private_pts_creds_t private_pts_creds_t;
25:
26: /**
27: * Private data of a pts_creds_t object.
28: *
29: */
30: struct private_pts_creds_t {
31:
32: /**
33: * Public pts_creds_t interface.
34: */
35: pts_creds_t public;
36:
37: /**
38: * Credential set
39: */
40: mem_cred_t *creds;
41:
42: };
43:
44: METHOD(pts_creds_t, get_set, credential_set_t*,
45: private_pts_creds_t *this)
46: {
47: return &this->creds->set;
48: }
49:
50:
51: METHOD(pts_creds_t, destroy, void,
52: private_pts_creds_t *this)
53: {
54: this->creds->destroy(this->creds);
55: free(this);
56: }
57:
58: /**
59: * Load trusted PTS CA certificates from a directory
60: */
61: static void load_cacerts(private_pts_creds_t *this, char *path)
62: {
63: enumerator_t *enumerator;
64: struct stat st;
65: char *file;
66:
67: DBG1(DBG_PTS, "loading PTS ca certificates from '%s'", path);
68:
69: enumerator = enumerator_create_directory(path);
70: if (!enumerator)
71: {
72: return;
73: }
74:
75: while (enumerator->enumerate(enumerator, NULL, &file, &st))
76: {
77: certificate_t *cert;
78:
79: if (!S_ISREG(st.st_mode))
80: {
81: /* skip special file */
82: continue;
83: }
84: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
85: BUILD_FROM_FILE, file, BUILD_END);
86: if (cert)
87: {
88: x509_t *x509 = (x509_t*)cert;
89:
90: if (!(x509->get_flags(x509) & X509_CA))
91: {
92: DBG1(DBG_PTS, " ca certificate \"%Y\" lacks ca basic constraint"
93: ", discarded", cert->get_subject(cert));
94: cert->destroy(cert);
95: }
96: else
97: {
98: DBG1(DBG_PTS, " loaded ca certificate \"%Y\" from '%s'",
99: cert->get_subject(cert), file);
100: this->creds->add_cert(this->creds, TRUE, cert);
101: }
102: }
103: else
104: {
105: DBG1(DBG_PTS, " loading ca certificate from '%s' failed", file);
106: }
107: }
108: enumerator->destroy(enumerator);
109: }
110:
111: /**
112: * See header
113: */
114: pts_creds_t *pts_creds_create(char *path)
115: {
116: private_pts_creds_t *this;
117:
118: if (!path)
119: {
120: DBG1(DBG_PTS, "no PTS cacerts directory defined");
121: return NULL;
122: }
123:
124: INIT(this,
125: .public = {
126: .get_set = _get_set,
127: .destroy = _destroy,
128: },
129: .creds = mem_cred_create(),
130: );
131:
132: load_cacerts(this, path);
133:
134: return &this->public;
135: }
136: