lib/pki.c

   1 /* pki.c --- Public Key Infrastructure support functions for Shishi.
   2  * Copyright (C) 2002, 2003, 2004, 2007  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, see http://www.gnu.org/licenses or write
  18  * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
  19  * Floor, Boston, MA 02110-1301, USA
  20  *
  21  */
  22
  23 #include "internal.h"
  24
  25 #define X509CA_FILE "client.ca"
  26 #define X509KEY_FILE "client.key"
  27 #define X509CERT_FILE "client.certs"
  28
  29 /**
  30  * shishi_x509ca_default_file_guess:
  31  * @handle: Shishi library handle create by shishi_init().
  32  *
  33  * Guesses the default X.509 CA certificate filename; it is
  34  * $HOME/.shishi/client.ca.
  35  *
  36  * Return value: Returns default X.509 client certificate filename as
  37  *   a string that has to be deallocated with free() by the caller.
  38  **/
  39 char *
  40 shishi_x509ca_default_file_guess (Shishi * handle)
  41 {
  42   return shishi_cfg_userdirectory_file (handle, X509CA_FILE);
  43 }
  44
  45 /**
  46  * shishi_x509ca_default_file_set:
  47  * @handle: Shishi library handle create by shishi_init().
  48  * @x509cafile: string with new default x509 client certificate file name,
  49  *   or NULL to reset to default.
  50  *
  51  * Set the default X.509 CA certificate filename used in the library.
  52  * The certificate is used during TLS connections with the KDC to
  53  * authenticate the KDC.  The string is copied into the library, so
  54  * you can dispose of the variable immediately after calling this
  55  * function.
  56  **/
  57 void
  58 shishi_x509ca_default_file_set (Shishi * handle, const char *x509cafile)
  59 {
  60   if (handle->x509cafile)
  61     free (handle->x509cafile);
  62   if (x509cafile)
  63     handle->x509cafile = xstrdup (x509cafile);
  64   else
  65     handle->x509cafile = shishi_x509ca_default_file_guess (handle);
  66 }
  67
  68 /**
  69  * shishi_x509ca_default_file:
  70  * @handle: Shishi library handle create by shishi_init().
  71  *
  72  * Get filename for default X.509 CA certificate.
  73  *
  74  * Return value: Returns the default X.509 CA certificate filename
  75  *   used in the library.  The certificate is used during TLS
  76  *   connections with the KDC to authenticate the KDC.  The string is
  77  *   not a copy, so don't modify or deallocate it.
  78  **/
  79 const char *
  80 shishi_x509ca_default_file (Shishi * handle)
  81 {
  82   if (!handle->x509cafile)
  83     shishi_x509ca_default_file_set (handle, NULL);
  84
  85   return handle->x509cafile;
  86 }
  87
  88 /**
  89  * shishi_x509cert_default_file_guess:
  90  * @handle: Shishi library handle create by shishi_init().
  91  *
  92  * Guesses the default X.509 client certificate filename; it is
  93  * $HOME/.shishi/client.certs.
  94  *
  95  * Return value: Returns default X.509 client certificate filename as
  96  *   a string that has to be deallocated with free() by the caller.
  97  **/
  98 char *
  99 shishi_x509cert_default_file_guess (Shishi * handle)
 100 {
 101   return shishi_cfg_userdirectory_file (handle, X509CERT_FILE);
 102 }
 103
 104 /**
 105  * shishi_x509cert_default_file_set:
 106  * @handle: Shishi library handle create by shishi_init().
 107  * @x509certfile: string with new default x509 client certificate file name,
 108  *   or NULL to reset to default.
 109  *
 110  * Set the default X.509 client certificate filename used in the
 111  * library.  The certificate is used during TLS connections with the
 112  * KDC to authenticate the client.  The string is copied into the
 113  * library, so you can dispose of the variable immediately after
 114  * calling this function.
 115  **/
 116 void
 117 shishi_x509cert_default_file_set (Shishi * handle, const char *x509certfile)
 118 {
 119   if (handle->x509certfile)
 120     free (handle->x509certfile);
 121   if (x509certfile)
 122     handle->x509certfile = xstrdup (x509certfile);
 123   else
 124     handle->x509certfile = shishi_x509cert_default_file_guess (handle);
 125 }
 126
 127 /**
 128  * shishi_x509cert_default_file:
 129  * @handle: Shishi library handle create by shishi_init().
 130  *
 131  * Get filename for default X.509 certificate.
 132  *
 133  * Return value: Returns the default X.509 client certificate filename
 134  *   used in the library.  The certificate is used during TLS
 135  *   connections with the KDC to authenticate the client.  The string is
 136  *   not a copy, so don't modify or deallocate it.
 137  **/
 138 const char *
 139 shishi_x509cert_default_file (Shishi * handle)
 140 {
 141   if (!handle->x509certfile)
 142     shishi_x509cert_default_file_set (handle, NULL);
 143
 144   return handle->x509certfile;
 145 }
 146
 147 /**
 148  * shishi_x509key_default_file_guess:
 149  * @handle: Shishi library handle create by shishi_init().
 150  *
 151  * Guesses the default X.509 client key filename; it is
 152  * $HOME/.shishi/client.key.
 153  *
 154  * Return value: Returns default X.509 client key filename as
 155  *   a string that has to be deallocated with free() by the caller.
 156  **/
 157 char *
 158 shishi_x509key_default_file_guess (Shishi * handle)
 159 {
 160   return shishi_cfg_userdirectory_file (handle, X509KEY_FILE);
 161 }
 162
 163 /**
 164  * shishi_x509key_default_file_set:
 165  * @handle: Shishi library handle create by shishi_init().
 166  * @x509keyfile: string with new default x509 client key file name, or
 167  *   NULL to reset to default.
 168  *
 169  * Set the default X.509 client key filename used in the library.  The
 170  * key is used during TLS connections with the KDC to authenticate the
 171  * client.  The string is copied into the library, so you can dispose
 172  * of the variable immediately after calling this function.
 173  **/
 174 void
 175 shishi_x509key_default_file_set (Shishi * handle, const char *x509keyfile)
 176 {
 177   if (handle->x509keyfile)
 178     free (handle->x509keyfile);
 179   if (x509keyfile)
 180     handle->x509keyfile = xstrdup (x509keyfile);
 181   else
 182     handle->x509keyfile = shishi_x509key_default_file_guess (handle);
 183 }
 184
 185 /**
 186  * shishi_x509key_default_file:
 187  * @handle: Shishi library handle create by shishi_init().
 188  *
 189  * Get filename for default X.509 key.
 190  *
 191  * Return value: Returns the default X.509 client key filename
 192  *   used in the library.  The key is used during TLS
 193  *   connections with the KDC to authenticate the client.  The string is
 194  *   not a copy, so don't modify or deallocate it.
 195  **/
 196 const char *
 197 shishi_x509key_default_file (Shishi * handle)
 198 {
 199   if (!handle->x509keyfile)
 200     shishi_x509key_default_file_set (handle, NULL);
 201
 202   return handle->x509keyfile;
 203 }