added support of ca information records and ocsp keywords
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 14 Feb 2007 01:03:08 +0000 (01:03 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 14 Feb 2007 01:03:08 +0000 (01:03 -0000)
src/stroke/stroke.c
src/stroke/stroke.h
src/stroke/stroke_keywords.h
src/stroke/stroke_keywords.txt

index ebb12b7..3d186bd 100644 (file)
@@ -211,7 +211,10 @@ static int show_status(stroke_keyword_t kw, char *connection)
 static int list_flags[] = {
        LIST_CERTS,
        LIST_CACERTS,
+       LIST_OCSPCERTS,
+       LIST_CAINFOS,
        LIST_CRLS,
+       LIST_OCSP,
        LIST_ALL
 };
 
@@ -228,6 +231,7 @@ static int list(stroke_keyword_t kw, int utc)
 
 static int reread_flags[] = {
        REREAD_CACERTS,
+       REREAD_OCSPCERTS,
        REREAD_CRLS,
        REREAD_ALL
 };
@@ -242,6 +246,20 @@ static int reread(stroke_keyword_t kw)
        return send_stroke_msg(&msg);
 }
 
+static int purge_flags[] = {
+       PURGE_OCSP
+};
+
+static int purge(stroke_keyword_t kw)
+{
+       stroke_msg_t msg;
+       
+       msg.type = STR_PURGE;
+       msg.length = offsetof(stroke_msg_t, buffer);
+       msg.purge.flags = purge_flags[kw - STROKE_PURGE_FIRST];
+       return send_stroke_msg(&msg);
+}
+
 static int set_loglevel(char *type, u_int level)
 {
        stroke_msg_t msg;
@@ -288,9 +306,11 @@ static void exit_usage(char *error)
        printf("  Show connection status:\n");
        printf("    stroke status\n");
        printf("  Show list of locally loaded certificates and crls:\n");
-       printf("    stroke listcerts|listcacerts|listcrls|listall\n");
+       printf("    stroke listcerts|listcacerts|listocspcerts|listcainfos|listcrls|listocsp|listall\n");
        printf("  Reload ca certificates and crls:\n");
        printf("    stroke rereadcacerts|rereadcrls|rereadall\n");
+       printf("  Purge ocsp cache entries:\n");
+       printf("    stroke purgeocsp\n");
        exit_error(error);
 }
 
@@ -373,7 +393,10 @@ int main(int argc, char *argv[])
                        break;
                case STROKE_LIST_CERTS:
                case STROKE_LIST_CACERTS:
+               case STROKE_LIST_OCSPCERTS:
+               case STROKE_LIST_CAINFOS:
                case STROKE_LIST_CRLS:
+               case STROKE_LIST_OCSP:
                case STROKE_LIST_ALL:
                        res = list(token->kw, argc > 2 && strcmp(argv[2], "--utc") == 0);
                        break;
@@ -382,6 +405,9 @@ int main(int argc, char *argv[])
                case STROKE_REREAD_ALL:
                        res = reread(token->kw);
                        break;
+               case STROKE_PURGE_OCSP:
+                       res = purge(token->kw);
+                       break;
                default:
                        exit_usage(NULL);
        }
index 7d3f45d..563c025 100644 (file)
@@ -40,15 +40,21 @@ typedef enum list_flag_t list_flag_t;
  */
 enum list_flag_t {
        /** don't list anything */
-       LIST_NONE =     0x0000,
+       LIST_NONE =                     0x0000,
        /** list all host/user certs */
-       LIST_CERTS =    0x0001,
+       LIST_CERTS =            0x0001,
        /** list all ca certs */
-       LIST_CACERTS =  0x0002,
+       LIST_CACERTS =          0x0002,
+       /** list all ocsp signer certs */
+       LIST_OCSPCERTS =        0x0004,
+       /** list all ca information records */
+       LIST_CAINFOS =          0x0008,
        /** list all crls */
-       LIST_CRLS =             0x0004,
+       LIST_CRLS =                     0x0010,
+       /** list all ocsp cache entries */
+       LIST_OCSP =                     0x0020,
        /** all list options */
-       LIST_ALL =              0x0007,
+       LIST_ALL =                      0x003F,
 };
 
 typedef enum reread_flag_t reread_flag_t;
@@ -59,13 +65,28 @@ typedef enum reread_flag_t reread_flag_t;
  */
 enum reread_flag_t {
        /** don't reread anything */
-       REREAD_NONE =           0x0000,
+       REREAD_NONE =           0x0000,
        /** reread all ca certs */
-       REREAD_CACERTS =        0x0001,
+       REREAD_CACERTS =        0x0001,
+       /** reread all ocsp signer certs */
+       REREAD_OCSPCERTS =      0x0002,
        /** reread all crls */
-       REREAD_CRLS =           0x0002,
+       REREAD_CRLS =           0x0004,
        /** all reread options */
-       REREAD_ALL =            0x0003,
+       REREAD_ALL =            0x0007,
+};
+
+typedef enum purge_flag_t purge_flag_t;
+
+/**
+ * Definition of the PURGE flags, currently used for
+ * the stroke purgeocsp command.
+ */
+enum purge_flag_t {
+       /** don't purge anything */
+       PURGE_NONE =            0x0000,
+       /** purge ocsp cache entries */
+       PURGE_OCSP =            0x0001,
 };
 
 typedef struct stroke_end_t stroke_end_t;
@@ -114,12 +135,18 @@ struct stroke_msg_t {
                STR_STATUS,
                /* show verbose connection status */
                STR_STATUS_ALL,
+               /* add a ca information record */
+               STR_ADD_CA,
+               /* delete ca information record */
+               STR_DEL_CA,
                /* set a log type to log/not log */
                STR_LOGLEVEL,
                /* list various objects */
                STR_LIST,
                /* reread various objects */
-               STR_REREAD
+               STR_REREAD,
+               /* purge various objects */
+               STR_PURGE
                /* more to come */
        } type;
        
@@ -130,7 +157,7 @@ struct stroke_msg_t {
                /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
                struct {
                        char *name;
-               } initiate, route, unroute, terminate, status, del_conn;
+               } initiate, route, unroute, terminate, status, del_conn, del_ca;
 
                /* data for STR_ADD_CONN */
                struct {
@@ -158,6 +185,15 @@ struct stroke_msg_t {
                        stroke_end_t me, other;
                } add_conn;
 
+               /* data for STR_ADD_CA */
+               struct {
+                       char *name;
+                       char *cacert;
+                       char *crluri;
+                       char *crluri2;
+                       char *ocspuri;
+               } add_ca;
+
                /* data for STR_LOGLEVEL */
                struct {
                        char *type;
@@ -175,6 +211,10 @@ struct stroke_msg_t {
                        reread_flag_t flags;
                } reread;
 
+               /* data for STR_PURGE */
+               struct {
+                       purge_flag_t flags;
+               } purge;
        };
        char buffer[STROKE_BUF_LEN];
 };
index d8c9632..2e7d7c3 100644 (file)
@@ -31,15 +31,21 @@ typedef enum {
        STROKE_STATUSALL,
        STROKE_LIST_CERTS,
        STROKE_LIST_CACERTS,
+       STROKE_LIST_OCSPCERTS,
+       STROKE_LIST_CAINFOS,
        STROKE_LIST_CRLS,
+       STROKE_LIST_OCSP,
        STROKE_LIST_ALL,
        STROKE_REREAD_CACERTS,
+       STROKE_REREAD_OCSPCERTS,
        STROKE_REREAD_CRLS,
-       STROKE_REREAD_ALL
+       STROKE_REREAD_ALL,
+       STROKE_PURGE_OCSP
 } stroke_keyword_t;
 
 #define STROKE_LIST_FIRST              STROKE_LIST_CERTS
 #define STROKE_REREAD_FIRST            STROKE_REREAD_CACERTS
+#define STROKE_PURGE_FIRST             STROKE_PURGE_OCSP
 
 typedef struct stroke_token stroke_token_t;
 
index b0f56dd..1e8afe1 100644 (file)
@@ -26,20 +26,25 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 %%
-add,           STROKE_ADD
-del,           STROKE_DEL
-delete,        STROKE_DELETE
-route,         STROKE_ROUTE
-unroute,       STROKE_UNROUTE
-up,            STROKE_UP
-down,          STROKE_DOWN
-loglevel,      STROKE_LOGLEVEL
-status,        STROKE_STATUS
-statusall,     STROKE_STATUSALL
-listcerts,     STROKE_LIST_CERTS
-listcacerts,   STROKE_LIST_CACERTS
-listcrls,      STROKE_LIST_CRLS
-listall,       STROKE_LIST_ALL,
-rereadcacerts, STROKE_REREAD_CACERTS,
-rereadcrls,    STROKE_REREAD_CRLS,
-rereadall,     STROKE_REREAD_ALL
+add,             STROKE_ADD
+del,             STROKE_DEL
+delete,          STROKE_DELETE
+route,           STROKE_ROUTE
+unroute,         STROKE_UNROUTE
+up,              STROKE_UP
+down,            STROKE_DOWN
+loglevel,        STROKE_LOGLEVEL
+status,          STROKE_STATUS
+statusall,       STROKE_STATUSALL
+listcerts,       STROKE_LIST_CERTS
+listcacerts,     STROKE_LIST_CACERTS
+listocspcerts,   STROKE_LIST_OCSPCERTS
+listcainfos,     STROKE_LIST_CAINFOS
+listcrls,        STROKE_LIST_CRLS
+listocsp,        STROKE_LIST_OCSP
+listall,         STROKE_LIST_ALL
+rereadcacerts,   STROKE_REREAD_CACERTS
+rereadocspcerts, STROKE_REREAD_OCSPCERTS
+rereadcrls,      STROKE_REREAD_CRLS
+rereadall,       STROKE_REREAD_ALL
+purgeocsp,       STROKE_PURGE_OCSP