summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r--src/libstrongswan/credentials/builder.c12
-rw-r--r--src/libstrongswan/credentials/builder.h17
-rw-r--r--src/libstrongswan/credentials/credential_factory.c161
-rw-r--r--src/libstrongswan/credentials/credential_factory.h15
4 files changed, 81 insertions, 124 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index c13a8a860..4295b3094 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -15,8 +15,9 @@
#include "builder.h"
-ENUM(builder_part_names, BUILD_BLOB_ASN1_DER, BUILD_END,
+ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_FROM_FILE",
+ "BUILD_AGENT_SOCKET",
"BUILD_BLOB_ASN1_DER",
"BUILD_BLOB_ASN1_PEM",
"BUILD_KEY_SIZE",
@@ -36,3 +37,12 @@ ENUM(builder_part_names, BUILD_BLOB_ASN1_DER, BUILD_END,
"BUILD_X509_FLAG",
"BUILD_END",
);
+
+/**
+ * See header.
+ */
+void* builder_free(builder_t *this)
+{
+ free(this);
+ return NULL;
+}
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 22c106b7a..cd75236ba 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -40,6 +40,8 @@ typedef builder_t* (*builder_constructor_t)(int subtype);
enum builder_part_t {
/** path to a file containing an ASN1 blob, char* */
BUILD_FROM_FILE,
+ /** unix socket of a ssh/pgp agent, char* */
+ BUILD_AGENT_SOCKET,
/** DER encoded ASN1 blob, chunk_t */
BUILD_BLOB_ASN1_DER,
/** PEM encoded ASN1 blob, null terminated char* */
@@ -94,8 +96,8 @@ struct builder_t {
/**
* Add a part to the construct.
*
- * Any added parts get owned by the builder/construct, so clone/refcount
- * them if needed.
+ * Any added parts are cloned/refcounted by the builder implementation, a
+ * caller may need to free the passed ressources themself.
*
* @param part kind of part
* @param ... part specific variable argument
@@ -112,4 +114,15 @@ struct builder_t {
void* (*build)(builder_t *this);
};
+/**
+ * Helper macro to cancel a build in a builder
+ */
+#define builder_cancel(builder) { (builder)->add = (void*)nop; \
+ (builder)->build = (void*)builder_free; }
+
+/**
+ * Helper function for a cancelled build.
+ */
+void* builder_free(builder_t *this);
+
#endif /* BUILDER_H_ @}*/
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 52ee2060d..203317fa4 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: credential_factory.c 4059 2008-06-11 14:10:02Z martin $
+ * $Id: credential_factory.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "credential_factory.h"
@@ -62,31 +62,36 @@ struct entry_t {
};
/**
- * Implementation of credential_factory_t.create_builder.
+ * type/subtype filter function for builder_enumerator
*/
-static builder_t* create_builder(private_credential_factory_t *this,
- credential_type_t type, int subtype)
+static bool builder_filter(entry_t *data, entry_t **in, builder_t **out)
{
- enumerator_t *enumerator;
- entry_t *entry;
- builder_t *builder = NULL;
-
- this->mutex->lock(this->mutex);
- enumerator = this->constructors->create_enumerator(this->constructors);
- while (enumerator->enumerate(enumerator, &entry))
+ if (data->type == (*in)->type &&
+ data->subtype == (*in)->subtype)
{
- if (entry->type == type && entry->subtype == subtype)
- {
- builder = entry->constructor(subtype);
- if (builder)
- {
- break;
- }
- }
+ *out = (*in)->constructor(data->subtype);
+ return TRUE;
}
- enumerator->destroy(enumerator);
- this->mutex->unlock(this->mutex);
- return builder;
+ return FALSE;
+}
+
+/**
+ * Implementation of credential_factory_t.create_builder_enumerator.
+ */
+static enumerator_t* create_builder_enumerator(
+ private_credential_factory_t *this, credential_type_t type, int subtype)
+{
+ entry_t *data = malloc_thing(entry_t);
+
+ data->type = type;
+ data->subtype = subtype;
+
+ this->mutex->lock(this->mutex);
+ return enumerator_create_cleaner(
+ enumerator_create_filter(
+ this->constructors->create_enumerator(this->constructors),
+ (void*)builder_filter, data, free),
+ (void*)this->mutex->unlock, this->mutex);
}
/**
@@ -135,18 +140,19 @@ static void remove_builder(private_credential_factory_t *this,
static void* create(private_credential_factory_t *this, credential_type_t type,
int subtype, ...)
{
+ enumerator_t *enumerator;
builder_t *builder;
builder_part_t part;
va_list args;
+ void* construct = NULL;
- builder = create_builder(this, type, subtype);
- if (builder)
+ enumerator = create_builder_enumerator(this, type, subtype);
+ while (enumerator->enumerate(enumerator, &builder))
{
va_start(args, subtype);
while (TRUE)
{
part = va_arg(args, builder_part_t);
-
switch (part)
{
case BUILD_END:
@@ -167,6 +173,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
continue;
case BUILD_BLOB_ASN1_PEM:
case BUILD_FROM_FILE:
+ case BUILD_AGENT_SOCKET:
case BUILD_SIGNING_KEY:
case BUILD_PUBLIC_KEY:
case BUILD_SUBJECT:
@@ -179,105 +186,25 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
case BUILD_IETF_GROUP_ATTR:
builder->add(builder, part, va_arg(args, void*));
continue;
- default:
- DBG1("builder part %N not supported by factory",
- builder_part_names, part);
- break;
+ /* no default to get a compiler warning */
}
break;
}
va_end(args);
-
- return builder->build(builder);
- }
- else
- {
- DBG1("failed to create a builder for credential type %N,"
- " subtype (%d)", credential_type_names, type, subtype);
- }
-
- /** shredder all data on failure */
- va_start(args, subtype);
- while (TRUE)
- {
- part = va_arg(args, builder_part_t);
- switch (part)
+ construct = builder->build(builder);
+ if (construct)
{
- case BUILD_END:
- break;
- case BUILD_BLOB_ASN1_DER:
- {
- chunk_t chunk = va_arg(args, chunk_t);
- free(chunk.ptr);
- continue;
- }
- case BUILD_SERIAL:
- {
- va_arg(args, chunk_t);
- continue;
- }
- case BUILD_X509_FLAG:
- {
- va_arg(args, x509_flag_t);
- continue;
- }
- case BUILD_KEY_SIZE:
- {
- va_arg(args, u_int);
- continue;
- }
- case BUILD_NOT_BEFORE_TIME:
- case BUILD_NOT_AFTER_TIME:
- {
- va_arg(args, time_t);
- continue;
- }
- case BUILD_SIGNING_KEY:
- {
- private_key_t *private = va_arg(args, private_key_t*);
- private->destroy(private);
- continue;
- }
- case BUILD_PUBLIC_KEY:
- {
- public_key_t *public = va_arg(args, public_key_t*);
- public->destroy(public);
- continue;
- }
- case BUILD_SUBJECT:
- case BUILD_SUBJECT_ALTNAME:
- case BUILD_ISSUER:
- case BUILD_ISSUER_ALTNAME:
- {
- identification_t *id = va_arg(args, identification_t*);
- id->destroy(id);
- continue;
- }
- case BUILD_SIGNING_CERT:
- case BUILD_CA_CERT:
- case BUILD_CERT:
- {
- certificate_t *cert = va_arg(args, certificate_t*);
- cert->destroy(cert);
- continue;
- }
- case BUILD_BLOB_ASN1_PEM:
- case BUILD_FROM_FILE:
- case BUILD_IETF_GROUP_ATTR:
- {
- va_arg(args, void*);
- continue;
- }
- default:
- DBG1("builder part %N not supported by factory",
- builder_part_names, part);
- continue;
+ break;
}
- break;
}
- va_end(args);
- return NULL;
+ enumerator->destroy(enumerator);
+ if (!construct)
+ {
+ DBG1("failed to create a builder for credential type %N,"
+ " subtype (%d)", credential_type_names, type, subtype);
+ }
+ return construct;
}
/**
@@ -298,7 +225,7 @@ credential_factory_t *credential_factory_create()
private_credential_factory_t *this = malloc_thing(private_credential_factory_t);
this->public.create = (void*(*)(credential_factory_t*, credential_type_t type, int subtype, ...))create;
- this->public.create_builder = (builder_t*(*)(credential_factory_t*, credential_type_t type, int subtype))create_builder;
+ this->public.create_builder_enumerator = (enumerator_t*(*)(credential_factory_t*, credential_type_t type, int subtype))create_builder_enumerator;
this->public.add_builder = (void(*)(credential_factory_t*,credential_type_t type, int subtype, builder_constructor_t constructor))add_builder;
this->public.remove_builder = (void(*)(credential_factory_t*,builder_constructor_t constructor))remove_builder;
this->public.destroy = (void(*)(credential_factory_t*))destroy;
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index 873cf8ab2..dc4d62679 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -56,6 +56,9 @@ struct credential_factory_t {
*
* The variable argument list takes builder_part_t types followed
* by the type specific value. The list must be terminated using BUILD_END.
+ * All passed parts get cloned/refcounted by the builder implementations,
+ * so free up allocated ressources after successful and unsuccessful
+ * invocations.
*
* @param type credential type to build
* @param subtype subtype specific for type of the credential
@@ -66,14 +69,18 @@ struct credential_factory_t {
int subtype, ...);
/**
- * Create a builder instance to build credentials.
+ * Create an enumerator for a builder type.
+ *
+ * The build() method has to be called on each enumerated builder to
+ * cleanup associated ressources.
*
* @param type type of credentials the builder creates
* @param subtype type specific subtype, such as certificate_type_t
- * @return builder instance
+ * @return enumerator over builder_t
*/
- builder_t* (*create_builder)(credential_factory_t *this,
- credential_type_t type, int subtype);
+ enumerator_t* (*create_builder_enumerator)(credential_factory_t *this,
+ credential_type_t type, int subtype);
+
/**
* Register a builder_t constructor function.
*