5 files changed, 69 insertions, 9 deletions

diff --git a/src/libstrongswan/plugins/sshkey/Makefile.am b/src/libstrongswan/plugins/sshkey/Makefile.am
index 22c076f84..5b86a7e56 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.am
+++ b/src/libstrongswan/plugins/sshkey/Makefile.am
@@ -2,7 +2,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-sshkey.la
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index 6bd82503d..ed86fcaba 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -266,6 +266,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -284,6 +285,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -311,6 +313,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -402,6 +405,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -416,7 +420,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sshkey.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sshkey.la
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 652663108..4a9f5b849 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2014 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -140,8 +140,8 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
 	char line[1024], *token;
 
 	while (!public && fgets(line, sizeof(line), file))
-	{	/* the format is: ssh-[rsa|ecdsa-...] <key(base64)> <identifier> */
-		if (!strpfx(line, "ssh-"))
+	{	/* the format is: ssh-rsa|ecdsa-... <key(base64)> <identifier> */
+		if (!strpfx(line, "ssh-rsa") && !strpfx(line, ECDSA_PREFIX))
 		{
 			continue;
 		}
@@ -235,3 +235,46 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 	}
 	return NULL;
 }
+
+/**
+ * See header.
+ */
+certificate_t *sshkey_certificate_load(certificate_type_t type, va_list args)
+{
+	certificate_t *cert;
+	public_key_t *key;
+	identification_t *subject = NULL;
+	char *file = NULL;
+
+	while (TRUE)
+	{
+		switch (va_arg(args, builder_part_t))
+		{
+			case BUILD_FROM_FILE:
+				file = va_arg(args, char*);
+				continue;
+			case BUILD_SUBJECT:
+				subject = va_arg(args, identification_t*);
+				continue;
+			case BUILD_END:
+				break;
+			default:
+				return NULL;
+		}
+		break;
+	}
+	if (!file || !subject)
+	{
+		return NULL;
+	}
+	key = (public_key_t*)load_from_file(file);
+	if (!key)
+	{
+		return NULL;
+	}
+	cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+							  CERT_TRUSTED_PUBKEY, BUILD_PUBLIC_KEY, key,
+							  BUILD_SUBJECT, subject, BUILD_END);
+	key->destroy(key);
+	return cert;
+}
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.h b/src/libstrongswan/plugins/sshkey/sshkey_builder.h
index d138c879b..20979c283 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.h
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2014 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
 typedef struct sshkey_public_key_t sshkey_public_key_t;
 
 /**
- * Public key implementation supporting RFC 4253 decoding.
+ * Public key implementation supporting RFC 4253/RFC 5656 decoding.
  */
 struct sshkey_public_key_t {
 
@@ -48,4 +48,15 @@ struct sshkey_public_key_t {
  */
 sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args);
 
+/**
+ * Load a public key in RFC 4253 format as certificate.
+ *
+ * Takes a BUILD_FROM_FILE and BUILD_SUBJECT argument.
+ *
+ * @param type		type of the certificate, must be CERT_TRUSTED_PUBKEY
+ * @param args		builder_part_t argument list
+ * @return			built certificate, NULL on failure
+ */
+certificate_t *sshkey_certificate_load(certificate_type_t type, va_list args);
+
 #endif /** SSHKEY_BUILDER_H_ @}*/
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
index 6409feaf1..1fde0c6e9 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2014 Tobias Brunner
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -44,6 +44,8 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(PUBKEY, sshkey_public_key_load, FALSE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+		PLUGIN_REGISTER(CERT_DECODE, sshkey_certificate_load, FALSE),
+			PLUGIN_PROVIDE(CERT_DECODE, CERT_TRUSTED_PUBKEY),
 	};
 	*features = f;
 	return countof(f);