From: Martin Willi <martin@revosec.ch>
Date: Mon, 15 Oct 2012 15:54:00 +0000 (+0200)
Subject: Load ipsec.conf %smartcard leftcerts with pkcs11 builder
X-Git-Tag: 5.0.2dr4~294
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9687cb5100ca43ba84665037cf137368ea34fe2b;p=thirdparty%2Fstrongswan.git

Load ipsec.conf %smartcard leftcerts with pkcs11 builder
---

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 5ecaa35eff..60dbdf619e 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -133,20 +133,32 @@ METHOD(stroke_cred_t, load_peer, certificate_t*,
 {
 	certificate_t *cert;
 	char path[PATH_MAX];
+	chunk_t keyid;
 
-	if (*filename == '/')
+	if (strneq(filename, "%smartcard:", strlen("%smartcard:")))
 	{
-		snprintf(path, sizeof(path), "%s", filename);
+		keyid = chunk_create(filename, strlen(filename));
+		keyid = chunk_from_hex(chunk_skip(keyid, strlen("%smartcard:")), NULL);
+		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+								  BUILD_PKCS11_KEYID, keyid, BUILD_END);
+		free(keyid.ptr);
 	}
 	else
 	{
-		snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
-	}
+		if (*filename == '/')
+		{
+			snprintf(path, sizeof(path), "%s", filename);
+		}
+		else
+		{
+			snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename);
+		}
 
-	cert = lib->creds->create(lib->creds,
-							  CRED_CERTIFICATE, CERT_ANY,
-							  BUILD_FROM_FILE, path,
-							  BUILD_END);
+		cert = lib->creds->create(lib->creds,
+								  CRED_CERTIFICATE, CERT_ANY,
+								  BUILD_FROM_FILE, path,
+								  BUILD_END);
+	}
 	if (cert)
 	{
 		cert = this->creds->add_cert_ref(this->creds, TRUE, cert);