Implemented support for preinstalled PGP certificates in charon

diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 9133a1380a656ef7727766f9576737234f1cb220..5f322c5f9e3627426f911aa84d6066012d04aeb9 100644 (file)
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -240,8 +240,8 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
                                        (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter,
                                        data, (void*)id_data_destroy);
        }
-       if (cert != CERT_X509 && cert != CERT_ANY)
-       {       /* we only have X509 certificates. TODO: ACs? */
+       if (cert != CERT_X509 && cert != CERT_GPG && cert != CERT_ANY)
+       {       /* we have X509/PGP certificates. TODO: ACs? */
                return NULL;
        }
        data = malloc_thing(id_data_t);
@@ -484,9 +484,8 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename)
        }
 
        cert = lib->creds->create(lib->creds,
-                                                         CRED_CERTIFICATE, CERT_X509,
+                                                         CRED_CERTIFICATE, CERT_ANY,
                                                          BUILD_FROM_FILE, path,
-                                                         BUILD_X509_FLAG, 0,
                                                          BUILD_END);
        if (cert)
        {

diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index c53e1e9cd00e1e68ca3d2856d9a1ab34efdf9b62..eb3d300a6e69064981552269a58b4d55131d843e 100644 (file)
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -375,6 +375,11 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
                         * RSA for PGP keys, which is actually wrong. */
                        subtype = KEY_ANY;
                }
+               /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */
+               if (type == CRED_CERTIFICATE && subtype == CERT_ANY)
+               {
+                       subtype = pgp ? CERT_GPG : CERT_X509;
+               }
        }
        cred = lib->creds->create(lib->creds, type, subtype,
                                                          pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,

diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index f9a2ff3c7564bf02e9e657dc1f3fd13dc59167f7..d289a3b86e56e30b8607277699c23a5aaa98edb5 100644 (file)
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -347,7 +347,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
 /**
  * See header.
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args)
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
 {
        chunk_t packet, blob = chunk_empty;
        pgp_packet_tag_t tag;

diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h
index b6411557fcdf0c7129586e958bdf6ada7a5a472e..7845e8f0499a5b1143004d3b15a4aabcf477ca4b 100644 (file)
--- a/src/libstrongswan/plugins/pgp/pgp_cert.h
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.h
@@ -43,6 +43,6 @@ struct pgp_cert_t {
  * @param args         builder_part_t argument list
  * @return                     builder instance
  */
-pgp_cert_t *pgp_cert_load(certificate_t type, va_list args);
+pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args);
 
 #endif /* PGP_CERT_ @}*/

diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 198b58cbfdc55860c6b252b46c7121918840b3cc..eabb3695f735a5386160fcdcf6a737aae85d1322 100644 (file)
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -18,6 +18,7 @@
 #include <library.h>
 #include "pgp_builder.h"
 #include "pgp_encoder.h"
+#include "pgp_cert.h"
 
 typedef struct private_pgp_plugin_t private_pgp_plugin_t;
 
@@ -42,6 +43,9 @@ static void destroy(private_pgp_plugin_t *this)
        lib->creds->remove_builder(lib->creds,
                                                        (builder_function_t)pgp_private_key_load);
 
+       lib->creds->remove_builder(lib->creds,
+                                                       (builder_function_t)pgp_cert_load);
+
        lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode);
 
        free(this);
@@ -65,6 +69,9 @@ plugin_t *plugin_create()
        lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
                                                        (builder_function_t)pgp_private_key_load);
 
+       lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+                                                       (builder_function_t)pgp_cert_load);
+
        lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
 
        return &this->public.plugin;