diff options
Diffstat (limited to 'src/libimcv/pts/pts_creds.c')
-rw-r--r-- | src/libimcv/pts/pts_creds.c | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/src/libimcv/pts/pts_creds.c b/src/libimcv/pts/pts_creds.c new file mode 100644 index 000000000..bc483eb84 --- /dev/null +++ b/src/libimcv/pts/pts_creds.c @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pts_creds.h" + +#include <utils/debug.h> +#include <credentials/certificates/x509.h> +#include <credentials/sets/mem_cred.h> + +#include <sys/stat.h> + +typedef struct private_pts_creds_t private_pts_creds_t; + +/** + * Private data of a pts_creds_t object. + * + */ +struct private_pts_creds_t { + + /** + * Public pts_creds_t interface. + */ + pts_creds_t public; + + /** + * Credential set + */ + mem_cred_t *creds; + +}; + +METHOD(pts_creds_t, get_set, credential_set_t*, + private_pts_creds_t *this) +{ + return &this->creds->set; +} + + +METHOD(pts_creds_t, destroy, void, + private_pts_creds_t *this) +{ + this->creds->destroy(this->creds); + free(this); +} + +/** + * Load trusted PTS CA certificates from a directory + */ +static void load_cacerts(private_pts_creds_t *this, char *path) +{ + enumerator_t *enumerator; + struct stat st; + char *file; + + DBG1(DBG_PTS, "loading PTS ca certificates from '%s'", path); + + enumerator = enumerator_create_directory(path); + if (!enumerator) + { + return; + } + + while (enumerator->enumerate(enumerator, NULL, &file, &st)) + { + certificate_t *cert; + + if (!S_ISREG(st.st_mode)) + { + /* skip special file */ + continue; + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, file, BUILD_END); + if (cert) + { + x509_t *x509 = (x509_t*)cert; + + if (!(x509->get_flags(x509) & X509_CA)) + { + DBG1(DBG_PTS, " ca certificate \"%Y\" lacks ca basic constraint" + ", discarded", cert->get_subject(cert)); + cert->destroy(cert); + } + else + { + DBG1(DBG_PTS, " loaded ca certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); + this->creds->add_cert(this->creds, TRUE, cert); + } + } + else + { + DBG1(DBG_PTS, " loading ca certificate from '%s' failed", file); + } + } + enumerator->destroy(enumerator); +} + +/** + * See header + */ +pts_creds_t *pts_creds_create(char *path) +{ + private_pts_creds_t *this; + + if (!path) + { + DBG1(DBG_PTS, "no PTS cacerts directory defined"); + return NULL; + } + + INIT(this, + .public = { + .get_set = _get_set, + .destroy = _destroy, + }, + .creds = mem_cred_create(), + ); + + load_cacerts(this, path); + + return &this->public; +} + |