-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathloadConn.go
98 lines (84 loc) · 3.23 KB
/
loadConn.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package goStrongswanVici
import (
"crypto"
"crypto/x509"
"encoding/pem"
"fmt"
)
type Connection struct {
ConnConf map[string]IKEConf `json:"connections"`
}
type IKEConf struct {
LocalAddrs []string `json:"local_addrs"`
RemoteAddrs []string `json:"remote_addrs,omitempty"`
LocalPort string `json:"local_port,omitempty"`
RemotePort string `json:"remote_port,omitempty"`
Proposals []string `json:"proposals,omitempty"`
Vips []string `json:"vips,omitempty"`
Version string `json:"version"` //1 for ikev1, 0 for ikev1 & ikev2
Encap string `json:"encap"` //yes,no
KeyingTries string `json:"keyingtries"`
RekeyTime string `json:"rekey_time"`
DPDDelay string `json:"dpd_delay,omitempty"`
LocalAuth AuthConf `json:"local"`
RemoteAuth AuthConf `json:"remote"`
Pools []string `json:"pools,omitempty"`
Children map[string]ChildSAConf `json:"children"`
Mobike string `json:"mobike,omitempty"`
}
type AuthConf struct {
ID string `json:"id"`
Round string `json:"round,omitempty"`
AuthMethod string `json:"auth"` // (psk|pubkey)
EAP_ID string `json:"eap_id,omitempty"`
PubKeys []string `json:"pubkeys,omitempty"` // PEM encoded public keys
}
type ChildSAConf struct {
Local_ts []string `json:"local_ts"`
Remote_ts []string `json:"remote_ts"`
ESPProposals []string `json:"esp_proposals,omitempty"` //aes128-sha1_modp1024
StartAction string `json:"start_action"` //none,trap,start
CloseAction string `json:"close_action"`
ReqID string `json:"reqid,omitempty"`
RekeyTime string `json:"rekey_time"`
ReplayWindow string `json:"replay_window,omitempty"`
Mode string `json:"mode"`
InstallPolicy string `json:"policies"`
UpDown string `json:"updown,omitempty"`
Priority string `json:"priority,omitempty"`
MarkIn string `json:"mark_in,omitempty"`
MarkOut string `json:"mark_out,omitempty"`
DpdAction string `json:"dpd_action,omitempty"`
LifeTime string `json:"life_time,omitempty"`
}
// SetPublicKeys is a helper method that converts Public Keys to x509 PKIX PEM format
// Supported formats are those implemented by x509.MarshalPKIXPublicKey
func (a *AuthConf) SetPublicKeys(keys []crypto.PublicKey) error {
var newKeys []string
for _, key := range keys {
asn1Bytes, err := x509.MarshalPKIXPublicKey(key)
if err != nil {
return fmt.Errorf("Error marshaling key: %v", err)
}
pemKey := pem.Block{
Type: "PUBLIC KEY",
Bytes: asn1Bytes,
}
pemBytes := pem.EncodeToMemory(&pemKey)
newKeys = append(newKeys, string(pemBytes))
}
a.PubKeys = newKeys
return nil
}
func (c *ClientConn) LoadConn(conn *map[string]IKEConf) error {
requestMap := &map[string]interface{}{}
err := ConvertToGeneral(conn, requestMap)
if err != nil {
return fmt.Errorf("error creating request: %v", err)
}
msg, err := c.Request("load-conn", *requestMap)
if msg["success"] != "yes" {
return fmt.Errorf("unsuccessful LoadConn: %v", msg["errmsg"])
}
return nil
}