From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Wed, 14 Feb 2007 01:03:08 +0000 (-0000)
Subject: added support of ca information records and ocsp keywords
X-Git-Tag: 4.0.7~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34d7935ed45a4fb9ada6175852ae225d3a949f36;p=thirdparty%2Fstrongswan.git

added support of ca information records and ocsp keywords
---

diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index ebb12b7101..3d186bd0cf 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -211,7 +211,10 @@ static int show_status(stroke_keyword_t kw, char *connection)
 static int list_flags[] = {
 	LIST_CERTS,
 	LIST_CACERTS,
+	LIST_OCSPCERTS,
+	LIST_CAINFOS,
 	LIST_CRLS,
+	LIST_OCSP,
 	LIST_ALL
 };
 
@@ -228,6 +231,7 @@ static int list(stroke_keyword_t kw, int utc)
 
 static int reread_flags[] = {
 	REREAD_CACERTS,
+	REREAD_OCSPCERTS,
 	REREAD_CRLS,
 	REREAD_ALL
 };
@@ -242,6 +246,20 @@ static int reread(stroke_keyword_t kw)
 	return send_stroke_msg(&msg);
 }
 
+static int purge_flags[] = {
+	PURGE_OCSP
+};
+
+static int purge(stroke_keyword_t kw)
+{
+	stroke_msg_t msg;
+	
+	msg.type = STR_PURGE;
+	msg.length = offsetof(stroke_msg_t, buffer);
+	msg.purge.flags = purge_flags[kw - STROKE_PURGE_FIRST];
+	return send_stroke_msg(&msg);
+}
+
 static int set_loglevel(char *type, u_int level)
 {
 	stroke_msg_t msg;
@@ -288,9 +306,11 @@ static void exit_usage(char *error)
 	printf("  Show connection status:\n");
 	printf("    stroke status\n");
 	printf("  Show list of locally loaded certificates and crls:\n");
-	printf("    stroke listcerts|listcacerts|listcrls|listall\n");
+	printf("    stroke listcerts|listcacerts|listocspcerts|listcainfos|listcrls|listocsp|listall\n");
 	printf("  Reload ca certificates and crls:\n");
 	printf("    stroke rereadcacerts|rereadcrls|rereadall\n");
+	printf("  Purge ocsp cache entries:\n");
+	printf("    stroke purgeocsp\n");
 	exit_error(error);
 }
 
@@ -373,7 +393,10 @@ int main(int argc, char *argv[])
 			break;
 		case STROKE_LIST_CERTS:
 		case STROKE_LIST_CACERTS:
+		case STROKE_LIST_OCSPCERTS:
+		case STROKE_LIST_CAINFOS:
 		case STROKE_LIST_CRLS:
+		case STROKE_LIST_OCSP:
 		case STROKE_LIST_ALL:
 			res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0);
 			break;
@@ -382,6 +405,9 @@ int main(int argc, char *argv[])
 		case STROKE_REREAD_ALL:
 			res = reread(token->kw);
 			break;
+		case STROKE_PURGE_OCSP:
+			res = purge(token->kw);
+			break;
 		default:
 			exit_usage(NULL);
 	}
diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h
index 7d3f45d13b..563c0256f2 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke.h
@@ -40,15 +40,21 @@ typedef enum list_flag_t list_flag_t;
  */
 enum list_flag_t {
 	/** don't list anything */
-	LIST_NONE = 	0x0000,
+	LIST_NONE =			0x0000,
 	/** list all host/user certs */
-	LIST_CERTS =	0x0001,
+	LIST_CERTS =		0x0001,
 	/** list all ca certs */
-	LIST_CACERTS =	0x0002,
+	LIST_CACERTS =		0x0002,
+	/** list all ocsp signer certs */
+	LIST_OCSPCERTS =	0x0004,
+	/** list all ca information records */
+	LIST_CAINFOS =		0x0008,
 	/** list all crls */
-	LIST_CRLS =		0x0004,
+	LIST_CRLS =			0x0010,
+	/** list all ocsp cache entries */
+	LIST_OCSP =			0x0020,
 	/** all list options */
-	LIST_ALL =		0x0007,
+	LIST_ALL =			0x003F,
 };
 
 typedef enum reread_flag_t reread_flag_t;
@@ -59,13 +65,28 @@ typedef enum reread_flag_t reread_flag_t;
  */
 enum reread_flag_t {
 	/** don't reread anything */
-	REREAD_NONE = 		0x0000,
+	REREAD_NONE =		0x0000,
 	/** reread all ca certs */
-	REREAD_CACERTS = 	0x0001,
+	REREAD_CACERTS =	0x0001,
+	/** reread all ocsp signer certs */
+	REREAD_OCSPCERTS =	0x0002,
 	/** reread all crls */
-	REREAD_CRLS = 		0x0002,
+	REREAD_CRLS =		0x0004,
 	/** all reread options */
-	REREAD_ALL = 		0x0003,
+	REREAD_ALL =		0x0007,
+};
+
+typedef enum purge_flag_t purge_flag_t;
+
+/**
+ * Definition of the PURGE flags, currently used for
+ * the stroke purgeocsp command.
+ */
+enum purge_flag_t {
+	/** don't purge anything */
+	PURGE_NONE =		0x0000,
+	/** purge ocsp cache entries */
+	PURGE_OCSP =		0x0001,
 };
 
 typedef struct stroke_end_t stroke_end_t;
@@ -114,12 +135,18 @@ struct stroke_msg_t {
 		STR_STATUS,
 		/* show verbose connection status */
 		STR_STATUS_ALL,
+		/* add a ca information record */
+		STR_ADD_CA,
+		/* delete ca information record */
+		STR_DEL_CA,
 		/* set a log type to log/not log */
 		STR_LOGLEVEL,
 		/* list various objects */
 		STR_LIST,
 		/* reread various objects */
-		STR_REREAD
+		STR_REREAD,
+		/* purge various objects */
+		STR_PURGE
 		/* more to come */
 	} type;
 	
@@ -130,7 +157,7 @@ struct stroke_msg_t {
 		/* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
 		struct {
 			char *name;
-		} initiate, route, unroute, terminate, status, del_conn;
+		} initiate, route, unroute, terminate, status, del_conn, del_ca;
 
 		/* data for STR_ADD_CONN */
 		struct {
@@ -158,6 +185,15 @@ struct stroke_msg_t {
 			stroke_end_t me, other;
 		} add_conn;
 
+		/* data for STR_ADD_CA */
+		struct {
+			char *name;
+			char *cacert;
+			char *crluri;
+			char *crluri2;
+			char *ocspuri;
+		} add_ca;
+
 		/* data for STR_LOGLEVEL */
 		struct {
 			char *type;
@@ -175,6 +211,10 @@ struct stroke_msg_t {
 			reread_flag_t flags;
 		} reread;
 
+		/* data for STR_PURGE */
+		struct {
+			purge_flag_t flags;
+		} purge;
 	};
 	char buffer[STROKE_BUF_LEN];
 };
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index d8c9632cf1..2e7d7c3859 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -31,15 +31,21 @@ typedef enum {
 	STROKE_STATUSALL,
 	STROKE_LIST_CERTS,
 	STROKE_LIST_CACERTS,
+	STROKE_LIST_OCSPCERTS,
+	STROKE_LIST_CAINFOS,
 	STROKE_LIST_CRLS,
+	STROKE_LIST_OCSP,
 	STROKE_LIST_ALL,
 	STROKE_REREAD_CACERTS,
+	STROKE_REREAD_OCSPCERTS,
 	STROKE_REREAD_CRLS,
-	STROKE_REREAD_ALL
+	STROKE_REREAD_ALL,
+	STROKE_PURGE_OCSP
 } stroke_keyword_t;
 
 #define STROKE_LIST_FIRST		STROKE_LIST_CERTS
 #define STROKE_REREAD_FIRST		STROKE_REREAD_CACERTS
+#define STROKE_PURGE_FIRST		STROKE_PURGE_OCSP
 
 typedef struct stroke_token stroke_token_t;
 
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index b0f56ddd10..1e8afe19e5 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -26,20 +26,25 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 %%
-add,           STROKE_ADD
-del,           STROKE_DEL
-delete,        STROKE_DELETE
-route,         STROKE_ROUTE
-unroute,       STROKE_UNROUTE
-up,            STROKE_UP
-down,          STROKE_DOWN
-loglevel,      STROKE_LOGLEVEL
-status,        STROKE_STATUS
-statusall,     STROKE_STATUSALL
-listcerts,     STROKE_LIST_CERTS
-listcacerts,   STROKE_LIST_CACERTS
-listcrls,      STROKE_LIST_CRLS
-listall,       STROKE_LIST_ALL,
-rereadcacerts, STROKE_REREAD_CACERTS,
-rereadcrls,    STROKE_REREAD_CRLS,
-rereadall,     STROKE_REREAD_ALL
+add,             STROKE_ADD
+del,             STROKE_DEL
+delete,          STROKE_DELETE
+route,           STROKE_ROUTE
+unroute,         STROKE_UNROUTE
+up,              STROKE_UP
+down,            STROKE_DOWN
+loglevel,        STROKE_LOGLEVEL
+status,          STROKE_STATUS
+statusall,       STROKE_STATUSALL
+listcerts,       STROKE_LIST_CERTS
+listcacerts,     STROKE_LIST_CACERTS
+listocspcerts,   STROKE_LIST_OCSPCERTS
+listcainfos,     STROKE_LIST_CAINFOS
+listcrls,        STROKE_LIST_CRLS
+listocsp,        STROKE_LIST_OCSP
+listall,         STROKE_LIST_ALL
+rereadcacerts,   STROKE_REREAD_CACERTS
+rereadocspcerts, STROKE_REREAD_OCSPCERTS
+rereadcrls,      STROKE_REREAD_CRLS
+rereadall,       STROKE_REREAD_ALL
+purgeocsp,       STROKE_PURGE_OCSP