summaryrefslogtreecommitdiff
path: root/src/swanctl/commands/load_creds.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/swanctl/commands/load_creds.c')
-rw-r--r--src/swanctl/commands/load_creds.c47
1 files changed, 35 insertions, 12 deletions
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index d2ebc22eb..4647934f7 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -2,6 +2,9 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
+ * Copyright (C) 2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@@ -27,11 +30,14 @@
#include <credentials/sets/callback_cred.h>
#include <credentials/containers/pkcs12.h>
+#include <vici_cert_info.h>
+
/**
* Load a single certificate over vici
*/
static bool load_cert(vici_conn_t *conn, command_format_options_t format,
- char *dir, char *type, chunk_t data)
+ char *dir, certificate_type_t type, x509_flag_t flag,
+ chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
@@ -39,7 +45,11 @@ static bool load_cert(vici_conn_t *conn, command_format_options_t format,
req = vici_begin("load-cert");
- vici_add_key_valuef(req, "type", "%s", type);
+ vici_add_key_valuef(req, "type", "%N", certificate_type_names, type);
+ if (type == CERT_X509)
+ {
+ vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag);
+ }
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, conn);
@@ -61,7 +71,7 @@ static bool load_cert(vici_conn_t *conn, command_format_options_t format,
}
else
{
- printf("loaded %s certificate from '%s'\n", type, dir);
+ printf("loaded certificate from '%s'\n", dir);
}
vici_free_res(res);
return ret;
@@ -71,13 +81,17 @@ static bool load_cert(vici_conn_t *conn, command_format_options_t format,
* Load certficiates from a directory
*/
static void load_certs(vici_conn_t *conn, command_format_options_t format,
- char *type, char *dir)
+ char *type_str, char *dir)
{
enumerator_t *enumerator;
+ certificate_type_t type;
+ x509_flag_t flag;
struct stat st;
chunk_t *map;
char *path;
+ vici_cert_info_from_str(type_str, &type, &flag);
+
enumerator = enumerator_create_directory(dir);
if (enumerator)
{
@@ -88,7 +102,7 @@ static void load_certs(vici_conn_t *conn, command_format_options_t format,
map = chunk_map(path, FALSE);
if (map)
{
- load_cert(conn, format, path, type, *map);
+ load_cert(conn, format, path, type, flag, *map);
chunk_unmap(map);
}
else
@@ -171,6 +185,9 @@ static bool load_key_anytype(vici_conn_t *conn, command_format_options_t format,
case KEY_ECDSA:
loaded = load_key(conn, format, path, "ecdsa", encoding);
break;
+ case KEY_BLISS:
+ loaded = load_key(conn, format, path, "bliss", encoding);
+ break;
default:
fprintf(stderr, "unsupported key type in '%s'\n", path);
break;
@@ -237,6 +254,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype,
{ "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, },
{ "rsa", CRED_PRIVATE_KEY, KEY_RSA, },
{ "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, },
+ { "bliss", CRED_PRIVATE_KEY, KEY_BLISS, },
{ "pkcs12", CRED_CONTAINER, CONTAINER_PKCS12, },
};
int i;
@@ -439,7 +457,8 @@ static bool load_pkcs12(vici_conn_t *conn, command_format_options_t format,
loaded = FALSE;
if (cert->get_encoding(cert, CERT_ASN1_DER, &encoding))
{
- loaded = load_cert(conn, format, path, "x509", encoding);
+ loaded = load_cert(conn, format, path, CERT_X509, X509_NONE,
+ encoding);
if (loaded)
{
fprintf(stderr, " %Y\n", cert->get_subject(cert));
@@ -548,6 +567,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg,
"ike",
"rsa",
"ecdsa",
+ "bliss",
"pkcs8",
"pkcs12",
};
@@ -672,14 +692,17 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
}
}
- load_certs(conn, format, "x509", SWANCTL_X509DIR);
- load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
- load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
- load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
- load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+ load_certs(conn, format, "x509", SWANCTL_X509DIR);
+ load_certs(conn, format, "x509ca", SWANCTL_X509CADIR);
+ load_certs(conn, format, "x509ocsp", SWANCTL_X509OCSPDIR);
+ load_certs(conn, format, "x509aa", SWANCTL_X509AADIR);
+ load_certs(conn, format, "x509ac", SWANCTL_X509ACDIR);
+ load_certs(conn, format, "x509crl", SWANCTL_X509CRLDIR);
+ load_certs(conn, format, "pubkey", SWANCTL_PUBKEYDIR);
- load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
+ load_keys(conn, format, noprompt, cfg, "rsa", SWANCTL_RSADIR);
load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
+ load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 11:40:45 +0000