#define IFMAP_NS "http://www.trustedcomputinggroup.org/2010/IFMAP/2"
#define IFMAP_META_NS "http://www.trustedcomputinggroup.org/2010/IFMAP-METADATA/2"
-#define IFMAP_LOGFILE "strongswan_ifmap.log"
-#define IFMAP_SERVER "https://localhost:8443/"
+#define IFMAP_URI "https://localhost:8444/imap"
#define IFMAP_NO_FD -1
typedef struct private_tnc_ifmap2_soap_t private_tnc_ifmap2_soap_t;
char *device_name;
/**
- * IF-MAP Server host
+ * HTTPS Server URI with https:// prefix removed
+ */
+ char *uri;
+
+ /**
+ * IF-MAP Server (IP address and port)
*/
host_t *host;
this->ns = xmlNewNs(request, IFMAP_NS, "ifmap");
xmlSetNs(request, this->ns);
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
if (!soap_msg->post(soap_msg, request, "newSessionResult", &result))
{
soap_msg->destroy(soap_msg);
xmlNewProp(request, "session-id", this->session_id);
xmlNewProp(request, "ifmap-publisher-id", this->ifmap_publisher_id);
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
success = soap_msg->post(soap_msg, request, "purgePublisherReceived", NULL);
soap_msg->destroy(soap_msg);
}
e1->destroy(e1);
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
soap_msg->destroy(soap_msg);
xmlAddChild(update, create_ip_address(this, host));
xmlAddChild(update, create_metadata(this, "device-ip"));
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
soap_msg->destroy(soap_msg);
xmlAddChild(update, create_device(this));
xmlAddChild(update, create_enforcement_report(this, action, reason));
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
soap_msg->destroy(soap_msg);
xmlSetNs(request, this->ns);
xmlNewProp(request, "session-id", this->session_id);
- soap_msg = tnc_ifmap2_soap_msg_create(this->tls);
+ soap_msg = tnc_ifmap2_soap_msg_create(this->uri, this->tls);
success = soap_msg->post(soap_msg, request, "endSessionResult", NULL);
soap_msg->destroy(soap_msg);
static bool soap_init(private_tnc_ifmap2_soap_t *this)
{
- char *server, *server_cert, *client_cert, *client_key;
+ char *server_uri, *server_str, *port_str, *uri_str;
+ char *server_cert, *client_cert, *client_key, *username, *password;
+ int port;
certificate_t *cert;
private_key_t *key;
identification_t *server_id, *client_id;
- /**
- * Load [self-signed] MAP server certificate
- */
+ /* getting configuration parameters from strongswan.conf */
+ server_uri = lib->settings->get_str(lib->settings,
+ "%s.plugins.tnc-ifmap2.server_uri", IFMAP_URI, charon->name);
server_cert = lib->settings->get_str(lib->settings,
"%s.plugins.tnc-ifmap2.server_cert", NULL, charon->name);
+ client_cert = lib->settings->get_str(lib->settings,
+ "%s.plugins.tnc-ifmap2.client_cert", NULL, charon->name);
+ client_key = lib->settings->get_str(lib->settings,
+ "%s.plugins.tnc-ifmap2.client_key", NULL, charon->name);
+ username = lib->settings->get_str(lib->settings,
+ "%s.plugins.tnc-ifmap.username", NULL, charon->name);
+ password = lib->settings->get_str(lib->settings,
+ "%s.plugins.tnc-ifmap.password", NULL, charon->name);
+
+ /* load [self-signed] MAP server certificate */
if (!server_cert)
{
DBG1(DBG_TNC, "MAP server certificate not defined");
server_id = cert->get_subject(cert);
this->creds->add_cert(this->creds, TRUE, cert);
- /**
- * Load MAP client certificate
- */
- client_cert = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap2.client_cert", NULL, charon->name);
+ /* load MAP client certificate */
if (!client_cert)
{
DBG1(DBG_TNC, "MAP client certificate not defined");
client_id = cert->get_subject(cert);
this->creds->add_cert(this->creds, TRUE, cert);
- /**
- * Load MAP client private key
- */
- client_key = lib->settings->get_str(lib->settings,
- "%s.plugins.tnc-ifmap2.client_key", NULL, charon->name);
+ /* load MAP client private key */
if (!client_key)
{
DBG1(DBG_TNC, "MAP client private key not defined");
DBG1(DBG_TNC, "loaded MAP client RSA private key from '%s'", client_key);
this->creds->add_key(this->creds, key);
- /**
- * Open TCP socket and connect to MAP server
- */
- server = "127.0.0.1";
- this->host = host_create_from_dns(server, 0, 8444);
+ /* remove HTTPS prefix if any */
+ if (strlen(server_uri) >= 8 && strncaseeq(server_uri, "https://", 8))
+ {
+ server_uri += 8;
+ }
+ this->uri = server_uri;
+
+ /* duplicate server string since we are going to manipulate it */
+ server_str = strdup(server_uri);
+
+ /* extract server name and port from server URI */
+ port_str = strchr(server_str, ':');
+ if (port_str)
+ {
+ *port_str++ = '\0';
+ if (sscanf(port_str, "%d", &port) != 1)
+ {
+ DBG1(DBG_TNC, "parsing server port %s failed", port_str);
+ free(server_str);
+ return FALSE;
+ }
+ }
+ else
+ {
+ /* use default https port */
+ port = 443;
+ uri_str = strchr(server_str, '/');
+ if (uri_str)
+ {
+ *uri_str = '\0';
+ }
+ }
+
+ /* open TCP socket and connect to MAP server */
+ this->host = host_create_from_dns(server_str, 0, port);
if (!this->host)
{
- DBG1(DBG_TNC, "resolving hostname %s failed", server);
+ DBG1(DBG_TNC, "resolving hostname %s failed", server_str);
+ free(server_str);
return FALSE;
}
+ free(server_str);
this->fd = socket(this->host->get_family(this->host), SOCK_STREAM, 0);
if (this->fd == IFMAP_NO_FD)
return FALSE;
}
- /**
- * Open TLS socket
- */
+ /* open TLS socket */
this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
if (!this->tls)
{
*/
tnc_ifmap2_soap_msg_t public;
+ /**
+ * HTTPS Server URI with https:// prefix removed
+ */
+ char *uri;
+
/**
* TLS Socket
*/
static bool http_post(private_tnc_ifmap2_soap_msg_t *this, chunk_t out,
chunk_t *in)
{
- char header[] =
- "POST /ifmap HTTP/1.1\r\n"
- "Content-Type: application/soap+xml;charset=utf-8\r\n"
- "Content-Length: ";
- char *request, response[2048];
+ char *host, *path, *request, response[2048];
chunk_t line, http, parameter;
int len, code, content_len = 0;
+ /* Duplicate host[/path] string since we are going to manipulate it */
+ len = strlen(this->uri) + 2;
+ host = malloc(len);
+ memset(host, '\0', len);
+ strcpy(host, this->uri);
+
+ /* Extract appended path or set to root */
+ path = strchr(host, '/');
+ if (!path)
+ {
+ path = host + len - 2;
+ *path = '/';
+ }
+
/* Write HTTP POST request */
- len = asprintf(&request, "%s%d\r\n\r\n%.*s", header, out.len,
- out.len, out.ptr);
+ len = asprintf(&request,
+ "POST %s HTTP/1.1\r\n"
+ "Host: %.*s\r\n"
+ "Content-Type: application/soap+xml;charset=utf-8\r\n"
+ "Content-Length: %d\r\n"
+ "\r\n"
+ "%.*s", path, (path-host), host, out.len, out.len, out.ptr);
+ free(host);
if (len == -1)
{
return FALSE;
}
+ http = chunk_create(request, len);
+ DBG3(DBG_TLS, "%B", &http);
+
this->tls->write(this->tls, request, len);
free(request);
/**
* See header
*/
-tnc_ifmap2_soap_msg_t *tnc_ifmap2_soap_msg_create(tls_socket_t *tls)
+tnc_ifmap2_soap_msg_t *tnc_ifmap2_soap_msg_create(char *uri, tls_socket_t *tls)
{
private_tnc_ifmap2_soap_msg_t *this;
.post = _post,
.destroy = _destroy,
},
+ .uri = uri,
.tls = tls,
);
projects / thirdparty / strongswan.git / commitdiff
