diff options
Diffstat (limited to 'src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c')
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 61 |
1 files changed, 37 insertions, 24 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 183fce53a..3faa59cae 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -19,8 +19,8 @@ #include "pkcs11_plugin.h" #include <library.h> -#include <debug.h> -#include <utils/linked_list.h> +#include <utils/debug.h> +#include <collections/linked_list.h> #include <threading/mutex.h> #include <threading/rwlock.h> @@ -82,13 +82,18 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, this->handle_events_lock->read_lock(this->handle_events_lock); if (add && this->handle_events) { - creds = pkcs11_creds_create(p11, slot); - if (creds) + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.modules.%s.load_certs", + TRUE, p11->get_name(p11))) { - this->mutex->lock(this->mutex); - this->creds->insert_last(this->creds, creds); - this->mutex->unlock(this->mutex); - lib->credmgr->add_set(lib->credmgr, &creds->set); + creds = pkcs11_creds_create(p11, slot); + if (creds) + { + this->mutex->lock(this->mutex); + this->creds->insert_last(this->creds, creds); + this->mutex->unlock(this->mutex); + lib->credmgr->add_set(lib->credmgr, &creds->set); + } } } else if (this->handle_events) @@ -147,6 +152,9 @@ static bool handle_certs(private_pkcs11_plugin_t *this, token_event_cb(this, p11, slot, TRUE); } enumerator->destroy(enumerator); + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, + CERT_X509, FALSE, (void*)pkcs11_creds_load); } else { @@ -157,20 +165,24 @@ static bool handle_certs(private_pkcs11_plugin_t *this, lib->credmgr->remove_set(lib->credmgr, &creds->set); creds->destroy(creds); } + + lib->creds->remove_builder(lib->creds, (void*)pkcs11_creds_load); } return TRUE; } -/** - * Add a set of features - */ -static inline void add_features(plugin_feature_t *f, plugin_feature_t *n, - int count, int *pos) + +METHOD(plugin_t, reload, bool, + private_pkcs11_plugin_t *this) { - int i; - for (i = 0; i < count; i++) + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.reload_certs", FALSE)) { - f[(*pos)++] = n[i]; + DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens"); + handle_certs(this, NULL, FALSE, NULL); + handle_certs(this, NULL, TRUE, NULL); + return TRUE; } + return FALSE; } METHOD(plugin_t, get_features, int, @@ -236,32 +248,32 @@ METHOD(plugin_t, get_features, int, { /* initialize only once */ bool use_ecc = lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_ecc", FALSE); - add_features(f, f_manager, countof(f_manager), &count); + plugin_features_add(f, f_manager, countof(f_manager), &count); /* private key handling for EC keys is not disabled by use_ecc */ - add_features(f, f_privkey, countof(f_privkey), &count); + plugin_features_add(f, f_privkey, countof(f_privkey), &count); if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_pubkey", FALSE)) { - add_features(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1), - &count); + plugin_features_add(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1), + &count); } if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { - add_features(f, f_hash, countof(f_hash), &count); + plugin_features_add(f, f_hash, countof(f_hash), &count); } if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_rng", FALSE)) { - add_features(f, f_rng, countof(f_rng), &count); + plugin_features_add(f, f_rng, countof(f_rng), &count); } if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_dh", FALSE)) { - add_features(f, f_dh, countof(f_dh), &count); + plugin_features_add(f, f_dh, countof(f_dh), &count); if (use_ecc) { - add_features(f, f_ecdh, countof(f_ecdh), &count); + plugin_features_add(f, f_ecdh, countof(f_ecdh), &count); } } } @@ -292,6 +304,7 @@ plugin_t *pkcs11_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, |