From: Martin Willi Date: Wed, 28 Jan 2015 16:40:57 +0000 (+0100) Subject: stroke: Support loading CGA parameters from left/rightcert having a cga: prefix X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=06b34228b31ddf03d66ae93616d799c0cb4a3d2a;p=thirdparty%2Fstrongswan.git stroke: Support loading CGA parameters from left/rightcert having a cga: prefix --- diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 3e40a78889..3f60b957e3 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -486,7 +486,14 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator = enumerator_create_token(cert, ",", " "); while (enumerator->enumerate(enumerator, &cert)) { - certificate = this->cred->load_peer(this->cred, cert); + if (strpfx(cert, "cga:")) + { + certificate = this->cred->load_cga(this->cred, cert + 4); + } + else + { + certificate = this->cred->load_peer(this->cred, cert); + } if (certificate) { if (local) diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 0dc03ec16e..288716d807 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -373,6 +373,33 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*, return NULL; } +METHOD(stroke_cred_t, load_cga, certificate_t*, + private_stroke_cred_t *this, char *filename) +{ + certificate_t *cert; + char path[PATH_MAX]; + + if (*filename == '/') + { + snprintf(path, sizeof(path), "%s", filename); + } + else + { + snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_CGA_PARAMS, + BUILD_FROM_FILE, path, BUILD_END); + if (cert) + { + cert = this->creds->add_cert_ref(this->creds, TRUE, cert); + DBG1(DBG_CFG, " loaded CGA parameters \"%Y\" from '%s'", + cert->get_subject(cert), filename); + return cert; + } + DBG1(DBG_CFG, " loading CGA parameters from '%s' failed", filename); + return NULL; +} + /** * load trusted certificates from a directory */ @@ -1384,6 +1411,7 @@ stroke_cred_t *stroke_cred_create() .load_ca = _load_ca, .load_peer = _load_peer, .load_pubkey = _load_pubkey, + .load_cga = _load_cga, .add_shared = _add_shared, .cachecrl = _cachecrl, .destroy = _destroy, diff --git a/src/libcharon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h index f6fbb96d38..cad3518b4c 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.h +++ b/src/libcharon/plugins/stroke/stroke_cred.h @@ -75,6 +75,14 @@ struct stroke_cred_t { certificate_t* (*load_pubkey)(stroke_cred_t *this, char *filename, identification_t *identity); + /** + * Load CGA parameters from file. + * + * @param filename file to read CGA parameters from + * @return CGA parameters, as certificate + */ + certificate_t* (*load_cga)(stroke_cred_t *this, char *filename); + /** * Add a shared secret to serve through the credential_set. *