implemented cert cache flushing, ipsec purgeocsp
authorMartin Willi <martin@strongswan.org>
Thu, 27 Mar 2008 06:37:29 +0000 (06:37 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 27 Mar 2008 06:37:29 +0000 (06:37 -0000)
src/charon/credentials/credential_manager.c
src/charon/credentials/credential_manager.h
src/charon/credentials/sets/cert_cache.c
src/charon/credentials/sets/cert_cache.h
src/charon/plugins/stroke/stroke_socket.c

index 35816a8..7c49d39 100644 (file)
@@ -1223,6 +1223,17 @@ static private_key_t *get_private(private_credential_manager_t *this,
 }
 
 /**
+ * Implementation of credential_manager_t.flush_cache.
+ */
+static void flush_cache(private_credential_manager_t *this,
+                                               certificate_type_t type)
+{
+       this->mutex->lock(this->mutex);
+       this->cache->flush(this->cache, type);
+       this->mutex->unlock(this->mutex);
+}
+
+/**
  * Implementation of credential_manager_t.add_set.
  */
 static void add_set(private_credential_manager_t *this,
@@ -1268,6 +1279,7 @@ credential_manager_t *credential_manager_create()
        this->public.get_shared = (shared_key_t *(*)(credential_manager_t *this,shared_key_type_t type,identification_t *me, identification_t *other))get_shared;
        this->public.get_private = (private_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_private;
        this->public.get_public = (public_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_public;
+       this->public.flush_cache = (void(*)(credential_manager_t*, certificate_type_t type))flush_cache;
        this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
        this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
        this->public.destroy = (void(*)(credential_manager_t*))destroy;
index 816b902..ca22f98 100644 (file)
@@ -160,6 +160,13 @@ struct credential_manager_t {
                                                                identification_t *id, auth_info_t *auth);
        
        /**
+        * Flush the certificate cache.
+        *
+        * @param type          type of certificate to flush, or CERT_ANY
+        */
+       void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
+               
+       /**
         * Register a credential set to the manager.
         *
         * @param set           set to register
index 5d49643..5c112c0 100644 (file)
@@ -179,6 +179,27 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
 }
 
 /**
+ * Implementation of cert_cache_t.flush.
+ */
+static void flush(private_cert_cache_t *this, certificate_type_t type)
+{
+       enumerator_t *enumerator;
+       relation_t *relation;
+       
+       enumerator = this->relations->create_enumerator(this->relations);
+       while (enumerator->enumerate(enumerator, &relation))
+       {
+               if (type == CERT_ANY ||
+                       type == relation->subject->get_type(relation->subject))
+               {
+                       this->relations->remove_at(this->relations, enumerator);
+                       relation_destroy(relation);
+               }
+       }
+       enumerator->destroy(enumerator);
+}
+
+/**
  * Implementation of cert_cache_t.destroy
  */
 static void destroy(private_cert_cache_t *this)
@@ -199,6 +220,7 @@ cert_cache_t *cert_cache_create()
        this->public.set.create_shared_enumerator = (void*)return_null;
        this->public.set.create_cdp_enumerator = (void*)return_null;
        this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
+       this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
        this->public.destroy = (void(*)(cert_cache_t*))destroy;
        
        this->relations = linked_list_create();
index 7e392ae..281189d 100644 (file)
@@ -53,6 +53,13 @@ struct cert_cache_t {
                                          certificate_t *subject, certificate_t *issuer);
        
        /**
+        * Flush the certificate cache.
+        *
+        * @param type                  type of certificate to flush, or CERT_ANY
+        */
+       void (*flush)(cert_cache_t *this, certificate_type_t type);
+               
+       /**
         * Destroy a cert_cache instance.
         */
        void (*destroy)(cert_cache_t *this);
index 60ea301..ce07251 100644 (file)
@@ -271,8 +271,8 @@ static void stroke_del_ca(private_stroke_socket_t *this,
 /**
  * show status of daemon
  */
-static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out,
-                                                 bool all)
+static void stroke_status(private_stroke_socket_t *this,
+                                                 stroke_msg_t *msg, FILE *out, bool all)
 {
        pop_string(msg, &(msg->status.name));
        
@@ -303,9 +303,11 @@ static void stroke_reread(private_stroke_socket_t *this,
 /**
  * purge various information
  */
-static void stroke_purge(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
+static void stroke_purge(private_stroke_socket_t *this,
+                                                stroke_msg_t *msg, FILE *out)
 {
-       /* TODO: flush cache */
+       charon->credentials->flush_cache(charon->credentials,
+                                                                        CERT_X509_OCSP_RESPONSE);
 }
 
 signal_t get_signal_from_logtype(char *type)