/**
* Add a vici certificate blob value given by its file patch
*/
static bool add_file_key_value(vici_req_t *req, char *key, char *value)
{
chunk_t *map;
char *path, buf[PATH_MAX];
if (path_absolute(value))
{
path = value;
}
else
{
path = buf;
snprintf(path, PATH_MAX, "%s%s%s",
SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, value);
}
map = chunk_map(path, FALSE);
if (map)
{
vici_add_key_value(req, key, map->ptr, map->len);
chunk_unmap(map);
return TRUE;
}
else
{
fprintf(stderr, "loading ca certificate '%s' failed: %s\n",
path, strerror(errno));
return FALSE;
}
}
/**
* Load a single certificate over vici
*/
static bool load_cert(vici_conn_t *conn, bool raw, char *dir,
char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%s", type);
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (raw)
{
vici_dump(res, "load-cert reply", stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s certificate '%s'\n", type, dir);
}
vici_free_res(res);
return ret;
}
/**
* Load a single private key over vici
*/
static bool load_key(load_ctx_t *ctx, char *dir, char *type, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
char *id;
req = vici_begin("load-key");
if (streq(type, "private") ||
streq(type, "pkcs8"))
{ /* as used by vici */
vici_add_key_valuef(req, "type", "any");
}
else
{
vici_add_key_valuef(req, "type", "%s", type);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-key request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-key reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded %s key from '%s'\n", type, dir);
id = vici_find_str(res, "", "id");
free(ctx->keys->remove(ctx->keys, id));
}
vici_free_res(res);
return ret;
}
/**
* Load a single certificate over vici
*/
static bool load_cert(load_ctx_t *ctx, char *dir, certificate_type_t type,
x509_flag_t flag, chunk_t data)
{
vici_req_t *req;
vici_res_t *res;
bool ret = TRUE;
req = vici_begin("load-cert");
vici_add_key_valuef(req, "type", "%N", certificate_type_names, type);
if (type == CERT_X509)
{
vici_add_key_valuef(req, "flag", "%N", x509_flag_names, flag);
}
vici_add_key_value(req, "data", data.ptr, data.len);
res = vici_submit(req, ctx->conn);
if (!res)
{
fprintf(stderr, "load-cert request failed: %s\n", strerror(errno));
return FALSE;
}
if (ctx->format & COMMAND_FORMAT_RAW)
{
vici_dump(res, "load-cert reply", ctx->format & COMMAND_FORMAT_PRETTY,
stdout);
}
else if (!streq(vici_find_str(res, "no", "success"), "yes"))
{
fprintf(stderr, "loading '%s' failed: %s\n",
dir, vici_find_str(res, "", "errmsg"));
ret = FALSE;
}
else
{
printf("loaded certificate from '%s'\n", dir);
}
vici_free_res(res);
return ret;
}
