summaryrefslogtreecommitdiff
path: root/src/libpts/pts/pts_creds.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libpts/pts/pts_creds.c')
-rw-r--r--src/libpts/pts/pts_creds.c136
1 files changed, 136 insertions, 0 deletions
diff --git a/src/libpts/pts/pts_creds.c b/src/libpts/pts/pts_creds.c
new file mode 100644
index 000000000..5a6197bdb
--- /dev/null
+++ b/src/libpts/pts/pts_creds.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pts_creds.h"
+
+#include <debug.h>
+#include <credentials/certificates/x509.h>
+#include <credentials/sets/mem_cred.h>
+
+#include <sys/stat.h>
+
+typedef struct private_pts_creds_t private_pts_creds_t;
+
+/**
+ * Private data of a pts_creds_t object.
+ *
+ */
+struct private_pts_creds_t {
+
+ /**
+ * Public pts_creds_t interface.
+ */
+ pts_creds_t public;
+
+ /**
+ * Credential set
+ */
+ mem_cred_t *creds;
+
+};
+
+METHOD(pts_creds_t, get_set, credential_set_t*,
+ private_pts_creds_t *this)
+{
+ return &this->creds->set;
+}
+
+
+METHOD(pts_creds_t, destroy, void,
+ private_pts_creds_t *this)
+{
+ this->creds->destroy(this->creds);
+ free(this);
+}
+
+/**
+ * Load trusted PTS CA certificates from a directory
+ */
+static void load_cacerts(private_pts_creds_t *this, char *path)
+{
+ enumerator_t *enumerator;
+ struct stat st;
+ char *file;
+
+ DBG1(DBG_PTS, "loading PTS ca certificates from '%s'", path);
+
+ enumerator = enumerator_create_directory(path);
+ if (!enumerator)
+ {
+ return;
+ }
+
+ while (enumerator->enumerate(enumerator, NULL, &file, &st))
+ {
+ certificate_t *cert;
+
+ if (!S_ISREG(st.st_mode))
+ {
+ /* skip special file */
+ continue;
+ }
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_FROM_FILE, file, BUILD_END);
+ if (cert)
+ {
+ x509_t *x509 = (x509_t*)cert;
+
+ if (!(x509->get_flags(x509) & X509_CA))
+ {
+ DBG1(DBG_PTS, " ca certificate \"%Y\" lacks ca basic constraint"
+ ", discarded", cert->get_subject(cert));
+ cert->destroy(cert);
+ }
+ else
+ {
+ DBG1(DBG_PTS, " loaded ca certificate \"%Y\" from '%s'",
+ cert->get_subject(cert), file);
+ this->creds->add_cert(this->creds, TRUE, cert);
+ }
+ }
+ else
+ {
+ DBG1(DBG_PTS, " loading ca certificate from '%s' failed", file);
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * See header
+ */
+pts_creds_t *pts_creds_create(char *path)
+{
+ private_pts_creds_t *this;
+
+ if (!path)
+ {
+ DBG1(DBG_PTS, "no PTS cacerts directory defined");
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_set = _get_set,
+ .destroy = _destroy,
+ },
+ .creds = mem_cred_create(),
+ );
+
+ load_cacerts(this, path);
+
+ return &this->public;
+}
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 12:23:46 +0000