]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libimcv/plugins/imv_swid/imv_swid_agent.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SWID IMC proposes IF-M segmentation contracts
[thirdparty/strongswan.git] / src / libimcv / plugins / imv_swid / imv_swid_agent.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #define _GNU_SOURCE
17 #include <stdio.h>
18
19 #include "imv_swid_agent.h"
20 #include "imv_swid_state.h"
21 #include "imv_swid_rest.h"
22
23 #include <imcv.h>
24 #include <imv/imv_agent.h>
25 #include <imv/imv_msg.h>
26 #include <ietf/ietf_attr_pa_tnc_error.h>
27 #include "tcg/seg/tcg_seg_attr_max_size.h"
28 #include "tcg/seg/tcg_seg_attr_seg_env.h"
29 #include "tcg/swid/tcg_swid_attr_req.h"
30 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
31 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
32 #include "swid/swid_error.h"
33 #include "swid/swid_inventory.h"
34
35 #include <tncif_names.h>
36 #include <tncif_pa_subtypes.h>
37
38 #include <pen/pen.h>
39 #include <utils/debug.h>
40 #include <bio/bio_reader.h>
41
42 typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
43
44 /* Subscribed PA-TNC message subtypes */
45 static pen_type_t msg_types[] = {
46 { PEN_TCG, PA_SUBTYPE_TCG_SWID }
47 };
48
49 /**
50 * Flag set when corresponding attribute has been received
51 */
52 enum imv_swid_attr_t {
53 IMV_SWID_ATTR_TAG_INV = (1<<0),
54 IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
55 };
56
57 /**
58 * Private data of an imv_swid_agent_t object.
59 */
60 struct private_imv_swid_agent_t {
61
62 /**
63 * Public members of imv_swid_agent_t
64 */
65 imv_agent_if_t public;
66
67 /**
68 * IMV agent responsible for generic functions
69 */
70 imv_agent_t *agent;
71
72 /**
73 * REST API to strongTNC manager
74 */
75 imv_swid_rest_t *rest_api;
76
77 };
78
79 METHOD(imv_agent_if_t, bind_functions, TNC_Result,
80 private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
81 {
82 return this->agent->bind_functions(this->agent, bind_function);
83 }
84
85 METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
86 private_imv_swid_agent_t *this, TNC_ConnectionID id,
87 TNC_ConnectionState new_state)
88 {
89 imv_state_t *state;
90
91 switch (new_state)
92 {
93 case TNC_CONNECTION_STATE_CREATE:
94 state = imv_swid_state_create(id);
95 return this->agent->create_state(this->agent, state);
96 case TNC_CONNECTION_STATE_DELETE:
97 return this->agent->delete_state(this->agent, id);
98 default:
99 return this->agent->change_state(this->agent, id, new_state, NULL);
100 }
101 }
102
103 /**
104 * Process a received message
105 */
106 static TNC_Result receive_msg(private_imv_swid_agent_t *this,
107 imv_state_t *state, imv_msg_t *in_msg)
108 {
109 imv_swid_state_t *swid_state;
110 imv_msg_t *out_msg;
111 enumerator_t *enumerator;
112 pa_tnc_attr_t *attr;
113 TNC_Result result;
114 bool fatal_error = FALSE;
115
116 /* generate an outgoing PA-TNC message - we might need it */
117 out_msg = imv_msg_create_as_reply(in_msg);
118
119 /* parse received PA-TNC message and handle local and remote errors */
120 result = in_msg->receive(in_msg, out_msg, &fatal_error);
121 if (result != TNC_RESULT_SUCCESS)
122 {
123 out_msg->destroy(out_msg);
124 return result;
125 }
126
127 swid_state = (imv_swid_state_t*)state;
128
129 /* analyze PA-TNC attributes */
130 enumerator = in_msg->create_attribute_enumerator(in_msg);
131 while (enumerator->enumerate(enumerator, &attr))
132 {
133 uint32_t request_id = 0, last_eid, eid_epoch;
134 swid_inventory_t *inventory;
135 pen_type_t type;
136
137 type = attr->get_type(attr);
138
139 if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
140 {
141 ietf_attr_pa_tnc_error_t *error_attr;
142 pen_type_t error_code;
143 chunk_t msg_info, description;
144 bio_reader_t *reader;
145 uint32_t max_attr_size;
146 bool success;
147
148 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
149 error_code = error_attr->get_error_code(error_attr);
150
151 if (error_code.vendor_id == PEN_TCG)
152 {
153 fatal_error = TRUE;
154 msg_info = error_attr->get_msg_info(error_attr);
155 reader = bio_reader_create(msg_info);
156 success = reader->read_uint32(reader, &request_id);
157
158 DBG1(DBG_IMV, "received TCG error '%N' for request %d",
159 swid_error_code_names, error_code.type, request_id);
160 if (!success)
161 {
162 reader->destroy(reader);
163 continue;
164 }
165 if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE)
166 {
167 if (!reader->read_uint32(reader, &max_attr_size))
168 {
169 reader->destroy(reader);
170 continue;
171 }
172 DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes",
173 max_attr_size);
174 }
175 description = reader->peek(reader);
176 if (description.len)
177 {
178 DBG1(DBG_IMV, " description: %.*s", description.len,
179 description.ptr);
180 }
181 reader->destroy(reader);
182 }
183 }
184 else if (type.vendor_id != PEN_TCG)
185 {
186 continue;
187 }
188
189 switch (type.type)
190 {
191 case TCG_SWID_TAG_ID_INVENTORY:
192 {
193 tcg_swid_attr_tag_id_inv_t *attr_cast;
194 uint32_t missing;
195 int tag_id_count;
196
197 state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
198
199 attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
200 request_id = attr_cast->get_request_id(attr_cast);
201 last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
202 inventory = attr_cast->get_inventory(attr_cast);
203 tag_id_count = inventory->get_count(inventory);
204 missing = attr_cast->get_tag_id_count(attr_cast);
205 swid_state->set_missing(swid_state, missing);
206
207 DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
208 "for request %d at eid %d of epoch 0x%08x, %d item%s to "
209 "follow", tag_id_count, (tag_id_count == 1) ? "" : "s",
210 request_id, last_eid, eid_epoch, missing,
211 (missing == 1) ? "" : "s");
212
213 if (request_id == swid_state->get_request_id(swid_state))
214 {
215 swid_state->set_swid_inventory(swid_state, inventory);
216 swid_state->set_count(swid_state, tag_id_count, 0);
217 }
218 else
219 {
220 DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
221 "with request ID %d", request_id);
222 }
223 attr_cast->clear_inventory(attr_cast);
224 break;
225 }
226 case TCG_SWID_TAG_INVENTORY:
227 {
228 tcg_swid_attr_tag_inv_t *attr_cast;
229 swid_tag_t *tag;
230 chunk_t tag_encoding;
231 json_object *jobj, *jarray, *jstring;
232 char *tag_str;
233 uint32_t missing;
234 int tag_count;
235 enumerator_t *e;
236
237 state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
238
239 attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
240 request_id = attr_cast->get_request_id(attr_cast);
241 last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
242 inventory = attr_cast->get_inventory(attr_cast);
243 tag_count = inventory->get_count(inventory);
244 missing = attr_cast->get_tag_count(attr_cast);
245 swid_state->set_missing(swid_state, missing);
246
247 DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
248 "request %d at eid %d of epoch 0x%08x, %d item%s to follow",
249 tag_count, (tag_count == 1) ? "" : "s", request_id,
250 last_eid, eid_epoch, missing, (missing == 1) ? "" : "s");
251
252 if (request_id == swid_state->get_request_id(swid_state))
253 {
254 swid_state->set_count(swid_state, 0, tag_count);
255
256 if (this->rest_api)
257 {
258 jobj = json_object_new_object();
259 jarray = json_object_new_array();
260 json_object_object_add(jobj, "data", jarray);
261
262 e = inventory->create_enumerator(inventory);
263 while (e->enumerate(e, &tag))
264 {
265 tag_encoding = tag->get_encoding(tag);
266 tag_str = strndup(tag_encoding.ptr, tag_encoding.len);
267 DBG3(DBG_IMV, "%s", tag_str);
268 jstring = json_object_new_string(tag_str);
269 json_object_array_add(jarray, jstring);
270 free(tag_str);
271 }
272 e->destroy(e);
273
274 if (this->rest_api->post(this->rest_api,
275 "swid/add-tags/", jobj, NULL) != SUCCESS)
276 {
277 DBG1(DBG_IMV, "error in REST API add-tags request");
278 }
279 json_object_put(jobj);
280 }
281 }
282 else
283 {
284 DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
285 "with request ID %d", request_id);
286 }
287 attr_cast->clear_inventory(attr_cast);
288 break;
289 }
290 default:
291 break;
292 }
293 }
294 enumerator->destroy(enumerator);
295
296 if (fatal_error)
297 {
298 state->set_recommendation(state,
299 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
300 TNC_IMV_EVALUATION_RESULT_ERROR);
301 result = out_msg->send_assessment(out_msg);
302 if (result == TNC_RESULT_SUCCESS)
303 {
304 result = this->agent->provide_recommendation(this->agent, state);
305 }
306 }
307 else
308 {
309 /* send PA-TNC message with the EXCL flag set */
310 result = out_msg->send(out_msg, TRUE);
311 }
312 out_msg->destroy(out_msg);
313
314 return result;
315 }
316
317 METHOD(imv_agent_if_t, receive_message, TNC_Result,
318 private_imv_swid_agent_t *this, TNC_ConnectionID id,
319 TNC_MessageType msg_type, chunk_t msg)
320 {
321 imv_state_t *state;
322 imv_msg_t *in_msg;
323 TNC_Result result;
324
325 if (!this->agent->get_state(this->agent, id, &state))
326 {
327 return TNC_RESULT_FATAL;
328 }
329 in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
330 result = receive_msg(this, state, in_msg);
331 in_msg->destroy(in_msg);
332
333 return result;
334 }
335
336 METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
337 private_imv_swid_agent_t *this, TNC_ConnectionID id,
338 TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
339 TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
340 {
341 imv_state_t *state;
342 imv_msg_t *in_msg;
343 TNC_Result result;
344
345 if (!this->agent->get_state(this->agent, id, &state))
346 {
347 return TNC_RESULT_FATAL;
348 }
349 in_msg = imv_msg_create_from_long_data(this->agent, state, id,
350 src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
351 result = receive_msg(this, state, in_msg);
352 in_msg->destroy(in_msg);
353
354 return result;
355
356 }
357
358 METHOD(imv_agent_if_t, batch_ending, TNC_Result,
359 private_imv_swid_agent_t *this, TNC_ConnectionID id)
360 {
361 imv_msg_t *out_msg;
362 imv_state_t *state;
363 imv_session_t *session;
364 imv_workitem_t *workitem;
365 imv_swid_state_t *swid_state;
366 imv_swid_handshake_state_t handshake_state;
367 pa_tnc_attr_t *attr;
368 TNC_IMVID imv_id;
369 TNC_Result result = TNC_RESULT_SUCCESS;
370 bool no_workitems = TRUE;
371 uint32_t request_id, received;
372 uint8_t flags;
373 enumerator_t *enumerator;
374
375 if (!this->agent->get_state(this->agent, id, &state))
376 {
377 return TNC_RESULT_FATAL;
378 }
379 swid_state = (imv_swid_state_t*)state;
380 handshake_state = swid_state->get_handshake_state(swid_state);
381 session = state->get_session(state);
382 imv_id = this->agent->get_id(this->agent);
383
384 if (handshake_state == IMV_SWID_STATE_END)
385 {
386 return TNC_RESULT_SUCCESS;
387 }
388
389 /* Create an empty out message - we might need it */
390 out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
391 msg_types[0]);
392
393 if (!imcv_db)
394 {
395 DBG2(DBG_IMV, "no workitems available - no evaluation possible");
396 state->set_recommendation(state,
397 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
398 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
399 result = out_msg->send_assessment(out_msg);
400 out_msg->destroy(out_msg);
401 swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
402
403 if (result != TNC_RESULT_SUCCESS)
404 {
405 return result;
406 }
407 return this->agent->provide_recommendation(this->agent, state);
408 }
409
410 /* Look for SWID tag workitem and create SWID tag request */
411 if (handshake_state == IMV_SWID_STATE_INIT &&
412 session->get_policy_started(session))
413 {
414 size_t max_attr_size = SWID_MAX_ATTR_SIZE;
415 size_t max_seg_size;
416 seg_contract_t *contract;
417 seg_contract_manager_t *contracts;
418 char buf[BUF_LEN];
419
420 enumerator = session->create_workitem_enumerator(session);
421 if (enumerator)
422 {
423 while (enumerator->enumerate(enumerator, &workitem))
424 {
425 if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
426 workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
427 {
428 continue;
429 }
430
431 flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
432 if (strchr(workitem->get_arg_str(workitem), 'R'))
433 {
434 flags |= TCG_SWID_ATTR_REQ_FLAG_R;
435 }
436 if (strchr(workitem->get_arg_str(workitem), 'S'))
437 {
438 flags |= TCG_SWID_ATTR_REQ_FLAG_S;
439 }
440 if (strchr(workitem->get_arg_str(workitem), 'C'))
441 {
442 flags |= TCG_SWID_ATTR_REQ_FLAG_C;
443 }
444
445 /* Determine maximum PA-TNC attribute segment size */
446 max_seg_size = state->get_max_msg_len(state)
447 - PA_TNC_HEADER_SIZE
448 - PA_TNC_ATTR_HEADER_SIZE
449 - TCG_SEG_ATTR_SEG_ENV_HEADER
450 - PA_TNC_ATTR_HEADER_SIZE
451 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
452
453 /* Announce support of PA-TNC segmentation to IMC */
454 contract = seg_contract_create(msg_types[0], max_attr_size,
455 max_seg_size, TRUE, imv_id, FALSE);
456 contract->get_info_string(contract, buf, BUF_LEN, TRUE);
457 DBG2(DBG_IMV, "%s", buf);
458 contracts = state->get_contracts(state);
459 contracts->add_contract(contracts, contract);
460 attr = tcg_seg_attr_max_size_create(max_attr_size,
461 max_seg_size, TRUE);
462 out_msg->add_attribute(out_msg, attr);
463
464 /* Issue a SWID request */
465 request_id = workitem->get_id(workitem);
466 swid_state->set_request_id(swid_state, request_id);
467 attr = tcg_swid_attr_req_create(flags, request_id, 0);
468 out_msg->add_attribute(out_msg, attr);
469 workitem->set_imv_id(workitem, imv_id);
470 no_workitems = FALSE;
471 DBG2(DBG_IMV, "IMV %d issues SWID request %d",
472 imv_id, request_id);
473 break;
474 }
475 enumerator->destroy(enumerator);
476
477 if (no_workitems)
478 {
479 DBG2(DBG_IMV, "IMV %d has no workitems - "
480 "no evaluation requested", imv_id);
481 state->set_recommendation(state,
482 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
483 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
484 }
485 handshake_state = IMV_SWID_STATE_WORKITEMS;
486 swid_state->set_handshake_state(swid_state, handshake_state);
487 }
488 }
489
490 received = state->get_action_flags(state);
491
492 if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
493 (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
494 swid_state->get_missing(swid_state) == 0)
495 {
496 TNC_IMV_Evaluation_Result eval;
497 TNC_IMV_Action_Recommendation rec;
498 char result_str[BUF_LEN], *error_str = "", *command;
499 char *target, *separator;
500 int tag_id_count, tag_count, i;
501 chunk_t tag_creator, unique_sw_id;
502 json_object *jrequest, *jresponse, *jvalue;
503 tcg_swid_attr_req_t *cast_attr;
504 swid_tag_id_t *tag_id;
505 status_t status = SUCCESS;
506
507 if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV))
508 {
509 if (asprintf(&command, "sessions/%d/swid-measurement/",
510 session->get_session_id(session, NULL, NULL)) < 0)
511 {
512 error_str = "allocation of command string failed";
513 status = FAILED;
514 }
515 else
516 {
517 jrequest = swid_state->get_swid_inventory(swid_state);
518 status = this->rest_api->post(this->rest_api, command,
519 jrequest, &jresponse);
520 if (status == FAILED)
521 {
522 error_str = "error in REST API swid-measurement request";
523 }
524 free(command);
525 }
526 }
527
528 switch (status)
529 {
530 case SUCCESS:
531 enumerator = session->create_workitem_enumerator(session);
532 while (enumerator->enumerate(enumerator, &workitem))
533 {
534 if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
535 {
536 swid_state->get_count(swid_state, &tag_id_count,
537 &tag_count);
538 snprintf(result_str, BUF_LEN, "received inventory of "
539 "%d SWID tag ID%s and %d SWID tag%s",
540 tag_id_count, (tag_id_count == 1) ? "" : "s",
541 tag_count, (tag_count == 1) ? "" : "s");
542 session->remove_workitem(session, enumerator);
543
544 eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
545 rec = workitem->set_result(workitem, result_str, eval);
546 state->update_recommendation(state, rec, eval);
547 imcv_db->finalize_workitem(imcv_db, workitem);
548 workitem->destroy(workitem);
549 break;
550 }
551 }
552 enumerator->destroy(enumerator);
553 break;
554 case NEED_MORE:
555 if (received & IMV_SWID_ATTR_TAG_INV)
556 {
557 error_str = "not all requested SWID tags were received";
558 status = FAILED;
559 json_object_put(jresponse);
560 break;
561 }
562 if (json_object_get_type(jresponse) != json_type_array)
563 {
564 error_str = "response was not a json_array";
565 status = FAILED;
566 json_object_put(jresponse);
567 break;
568 }
569
570 /* Create a TCG SWID Request attribute */
571 attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
572 swid_state->get_request_id(swid_state), 0);
573 tag_id_count = json_object_array_length(jresponse);
574 DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
575 (tag_id_count == 1) ? "" : "s");
576 swid_state->set_missing(swid_state, tag_id_count);
577
578 for (i = 0; i < tag_id_count; i++)
579 {
580 jvalue = json_object_array_get_idx(jresponse, i);
581 if (json_object_get_type(jvalue) != json_type_string)
582 {
583 error_str = "json_string element expected in json_array";
584 status = FAILED;
585 json_object_put(jresponse);
586 break;
587 }
588 target = (char*)json_object_get_string(jvalue);
589 DBG1(DBG_IMV, " %s", target);
590
591 /* Separate target into tag_creator and unique_sw_id */
592 separator = strchr(target, '_');
593 if (!separator)
594 {
595 error_str = "separation of regid from "
596 "unique software ID failed";
597 break;
598 }
599 tag_creator = chunk_create(target, separator - target);
600 separator++;
601 unique_sw_id = chunk_create(separator, strlen(target) -
602 tag_creator.len - 1);
603 tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
604 chunk_empty);
605 cast_attr = (tcg_swid_attr_req_t*)attr;
606 cast_attr->add_target(cast_attr, tag_id);
607 }
608 json_object_put(jresponse);
609
610 out_msg->add_attribute(out_msg, attr);
611 break;
612 case FAILED:
613 default:
614 break;
615 }
616
617 if (status == FAILED)
618 {
619 enumerator = session->create_workitem_enumerator(session);
620 while (enumerator->enumerate(enumerator, &workitem))
621 {
622 if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
623 {
624 session->remove_workitem(session, enumerator);
625 eval = TNC_IMV_EVALUATION_RESULT_ERROR;
626 rec = workitem->set_result(workitem, error_str, eval);
627 state->update_recommendation(state, rec, eval);
628 imcv_db->finalize_workitem(imcv_db, workitem);
629 workitem->destroy(workitem);
630 break;
631 }
632 }
633 enumerator->destroy(enumerator);
634 }
635 }
636
637 /* finalized all workitems ? */
638 if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
639 session->get_workitem_count(session, imv_id) == 0)
640 {
641 result = out_msg->send_assessment(out_msg);
642 out_msg->destroy(out_msg);
643 swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
644
645 if (result != TNC_RESULT_SUCCESS)
646 {
647 return result;
648 }
649 return this->agent->provide_recommendation(this->agent, state);
650 }
651
652 /* send non-empty PA-TNC message with excl flag not set */
653 if (out_msg->get_attribute_count(out_msg))
654 {
655 result = out_msg->send(out_msg, FALSE);
656 }
657 out_msg->destroy(out_msg);
658
659 return result;
660 }
661
662 METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
663 private_imv_swid_agent_t *this, TNC_ConnectionID id)
664 {
665 imv_state_t *state;
666
667 if (!this->agent->get_state(this->agent, id, &state))
668 {
669 return TNC_RESULT_FATAL;
670 }
671 return this->agent->provide_recommendation(this->agent, state);
672 }
673
674 METHOD(imv_agent_if_t, destroy, void,
675 private_imv_swid_agent_t *this)
676 {
677 DESTROY_IF(this->rest_api);
678 this->agent->destroy(this->agent);
679 free(this);
680 }
681
682 /**
683 * Described in header.
684 */
685 imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
686 TNC_Version *actual_version)
687 {
688 private_imv_swid_agent_t *this;
689 imv_agent_t *agent;
690 char *rest_api_uri;
691 u_int rest_api_timeout;
692
693 agent = imv_agent_create(name, msg_types, countof(msg_types), id,
694 actual_version);
695 if (!agent)
696 {
697 return NULL;
698 }
699 agent->add_non_fatal_attr_type(agent,
700 pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
701
702 INIT(this,
703 .public = {
704 .bind_functions = _bind_functions,
705 .notify_connection_change = _notify_connection_change,
706 .receive_message = _receive_message,
707 .receive_message_long = _receive_message_long,
708 .batch_ending = _batch_ending,
709 .solicit_recommendation = _solicit_recommendation,
710 .destroy = _destroy,
711 },
712 .agent = agent,
713 );
714
715 rest_api_uri = lib->settings->get_str(lib->settings,
716 "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns);
717 rest_api_timeout = lib->settings->get_int(lib->settings,
718 "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns);
719 if (rest_api_uri)
720 {
721 this->rest_api = imv_swid_rest_create(rest_api_uri, rest_api_timeout);
722 }
723
724 return &this->public;
725 }
726
Unnamed repository; edit this file 'description' to name the repository.