/** * Add a vici certificate blob value given by its file patch */ static bool add_file_key_value(vici_req_t *req, char *key, char *value) { chunk_t *map; char *path, buf[PATH_MAX]; if (path_absolute(value)) { path = value; } else { path = buf; snprintf(path, PATH_MAX, "%s%s%s", SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, value); } map = chunk_map(path, FALSE); if (map) { vici_add_key_value(req, key, map->ptr, map->len); chunk_unmap(map); return TRUE; } else { fprintf(stderr, "loading ca certificate '%s' failed: %s\n", path, strerror(errno)); return FALSE; } }
/** * Load a single certificate over vici */ static bool load_cert(vici_conn_t *conn, bool raw, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%s", type); vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (raw) { vici_dump(res, "load-cert reply", stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s certificate '%s'\n", type, dir); } vici_free_res(res); return ret; }
/** * Load a single private key over vici */ static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; char *id; req = vici_begin("load-key"); if (streq(type, "private") || streq(type, "pkcs8")) { /* as used by vici */ vici_add_key_valuef(req, "type", "any"); } else { vici_add_key_valuef(req, "type", "%s", type); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-key request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded %s key from '%s'\n", type, dir); id = vici_find_str(res, "", "id"); free(ctx->keys->remove(ctx->keys, id)); } vici_free_res(res); return ret; }
/** * Load a single certificate over vici */ static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type, x509_flag_t flag, chunk_t data) { vici_req_t *req; vici_res_t *res; bool ret = TRUE; req = vici_begin("load-cert"); vici_add_key_valuef(req, "type", "%N", certificate_type_names, type); if (type == CERT_X509) { vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag); } vici_add_key_value(req, "data", data.ptr, data.len); res = vici_submit(req, ctx->conn); if (!res) { fprintf(stderr, "load-cert request failed: %s\n", strerror(errno)); return FALSE; } if (ctx->format & COMMAND_FORMAT_RAW) { vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY, stdout); } else if (!streq(vici_find_str(res, "no", "success"), "yes")) { fprintf(stderr, "loading '%s' failed: %s\n", dir, vici_find_str(res, "", "errmsg")); ret = FALSE; } else { printf("loaded certificate from '%s'\n", dir); } vici_free_res(res); return ret; }