implemented cert cache flushing, ipsec purgeocsp

2008-03-27 06:37:29 +00:00 · 2008-03-27 06:37:29 +00:00 · f957f7dfb3
parent d61bd27a9a
commit f957f7dfb3
5 changed files with 54 additions and 4 deletions
--- a/src/charon/credentials/credential_manager.c
+++ b/src/charon/credentials/credential_manager.c
@ -1222,6 +1222,17 @@ static private_key_t *get_private(private_credential_manager_t *this,
 	return private;
 }

+/**
+ * Implementation of credential_manager_t.flush_cache.
+ */
+static void flush_cache(private_credential_manager_t *this,
+						certificate_type_t type)
+{
+	this->mutex->lock(this->mutex);
+	this->cache->flush(this->cache, type);
+	this->mutex->unlock(this->mutex);
+}
+
 /**
 * Implementation of credential_manager_t.add_set.
 */
@ -1268,6 +1279,7 @@ credential_manager_t *credential_manager_create()
 	this->public.get_shared = (shared_key_t *(*)(credential_manager_t *this,shared_key_type_t type,identification_t *me, identification_t *other))get_shared;
 	this->public.get_private = (private_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_private;
 	this->public.get_public = (public_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_public;
+	this->public.flush_cache = (void(*)(credential_manager_t*, certificate_type_t type))flush_cache;
 	this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
 	this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
 	this->public.destroy = (void(*)(credential_manager_t*))destroy;
--- a/src/charon/credentials/credential_manager.h
+++ b/src/charon/credentials/credential_manager.h
@ -159,6 +159,13 @@ struct credential_manager_t {
 	public_key_t* (*get_public)(credential_manager_t *this, key_type_t type,
 								identification_t *id, auth_info_t *auth);
 	
+	/**
+	 * Flush the certificate cache.
+	 *
+	 * @param type		type of certificate to flush, or CERT_ANY
+	 */
+	void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
+		
 	/**
 	 * Register a credential set to the manager.
 	 *
--- a/src/charon/credentials/sets/cert_cache.c
+++ b/src/charon/credentials/sets/cert_cache.c
@ -178,6 +178,27 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
 							(void*)certs_filter, data, (void*)free);
 }

+/**
+ * Implementation of cert_cache_t.flush.
+ */
+static void flush(private_cert_cache_t *this, certificate_type_t type)
+{
+	enumerator_t *enumerator;
+	relation_t *relation;
+	
+	enumerator = this->relations->create_enumerator(this->relations);
+	while (enumerator->enumerate(enumerator, &relation))
+	{
+		if (type == CERT_ANY ||
+			type == relation->subject->get_type(relation->subject))
+		{
+			this->relations->remove_at(this->relations, enumerator);
+			relation_destroy(relation);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
 /**
 * Implementation of cert_cache_t.destroy
 */
@ -199,6 +220,7 @@ cert_cache_t *cert_cache_create()
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
 	this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
+	this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
 	this->public.destroy = (void(*)(cert_cache_t*))destroy;
 	
 	this->relations = linked_list_create();
--- a/src/charon/credentials/sets/cert_cache.h
+++ b/src/charon/credentials/sets/cert_cache.h
@ -52,6 +52,13 @@ struct cert_cache_t {
 	bool (*issued_by)(cert_cache_t *this,
 					  certificate_t *subject, certificate_t *issuer);
 	
+	/**
+	 * Flush the certificate cache.
+	 *
+	 * @param type			type of certificate to flush, or CERT_ANY
+	 */
+	void (*flush)(cert_cache_t *this, certificate_type_t type);
+		
 	/**
 	 * Destroy a cert_cache instance.
 	 */
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/charon/plugins/stroke/stroke_socket.c
@ -271,8 +271,8 @@ static void stroke_del_ca(private_stroke_socket_t *this,
 /**
 * show status of daemon
 */
-static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out,
-						  bool all)
+static void stroke_status(private_stroke_socket_t *this,
+						  stroke_msg_t *msg, FILE *out, bool all)
 {
 	pop_string(msg, &(msg->status.name));
 	
@ -303,9 +303,11 @@ static void stroke_reread(private_stroke_socket_t *this,
 /**
 * purge various information
 */
-static void stroke_purge(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
+static void stroke_purge(private_stroke_socket_t *this,
+						 stroke_msg_t *msg, FILE *out)
 {
-	/* TODO: flush cache */
+	charon->credentials->flush_cache(charon->credentials,
+									 CERT_X509_OCSP_RESPONSE);
 }

 signal_t get_signal_from_logtype(char *type)