- added separate implementation for connection_store, credential_store, policy_store

- added folder structure to config
- credentials are fetched solely on IDs now

2 files changed, 88 insertions, 488 deletions

diff --git a/Source/charon/threads/stroke_interface.c b/Source/charon/threads/stroke_interface.c
index 2881cb26a..77c15283f 100755
--- a/Source/charon/threads/stroke_interface.c
+++ b/Source/charon/threads/stroke_interface.c
@@ -42,20 +42,15 @@
 
 struct sockaddr_un socket_addr = { AF_UNIX, STROKE_SOCKET};
 
-typedef struct configuration_entry_t configuration_entry_t;
+typedef struct connection_entry_t connection_entry_t;
 
 /**
- * A configuration entry combines a configuration name with a connection
- * and a policy.
- * 
- * @b Constructors:
- *  - configuration_entry_create()
+ * A connection entry combines a connection name with a connection.
  */
-struct configuration_entry_t {
+struct connection_entry_t {
 	
 	/**
-	 * Configuration name.
-	 *
+	 * connection name.
 	 */
 	char *name;
 	
@@ -63,64 +58,8 @@ struct configuration_entry_t {
 	 * Configuration for IKE_SA_INIT exchange.
 	 */
 	connection_t *connection;
-
-	/**
-	 * Configuration for all phases after IKE_SA_INIT exchange.
-	 */
-	policy_t *policy;
-	
-	/**
-	 * Public key of other peer
-	 */
-	rsa_public_key_t *public_key;
-	
-	/**
-	 * Own private key
-	 */
-	rsa_private_key_t *private_key;
-	
-	/**
-	 * Destroys a configuration_entry_t
-	 */
-	void (*destroy) (configuration_entry_t *this);
 };
 
-/**
- * Implementation of configuration_entry_t.destroy.
- */
-static void configuration_entry_destroy (configuration_entry_t *this)
-{
-	this->connection->destroy(this->connection);
-	this->policy->destroy(this->policy);
-	if (this->public_key)
-	{
-		this->public_key->destroy(this->public_key);
-	}
-	free(this->name);
-	free(this);
-}
-
-/**
- * Creates a configuration_entry_t object.
- */
-static configuration_entry_t * configuration_entry_create(char *name, connection_t* connection, policy_t *policy, 
-														  rsa_private_key_t *private_key, rsa_public_key_t *public_key)
-{
-	configuration_entry_t *entry = malloc_thing(configuration_entry_t);
-
-	/* functions */
-	entry->destroy = configuration_entry_destroy;
-
-	/* private data */
-	entry->connection = connection;
-	entry->policy = policy;
-	entry->public_key = public_key;
-	entry->private_key = private_key;
-	entry->name = malloc(strlen(name) + 1);
-	strcpy(entry->name, name);
-	
-	return entry;
-}
 
 typedef struct private_stroke_t private_stroke_t;
 
@@ -135,14 +74,9 @@ struct private_stroke_t {
 	stroke_t public;
 
 	/**
-	 * Holding all configurations.
+	 * Holding all connections as connection_entry_t's.
 	 */
-	linked_list_t *configurations;
-	
-	/**
-	 * The list of RSA private keys accessible through crendial_store_t interface
-	 */
-	linked_list_t *private_keys;
+	linked_list_t *connections;
 
 	/**
 	 * Assigned logger_t object in charon.
@@ -203,73 +137,6 @@ static void pop_string(stroke_msg_t *msg, char **string)
 }
 
 /**
- * Find the private key for a public key
- */
-static rsa_private_key_t *find_private_key(private_stroke_t *this, rsa_public_key_t *public_key)
-{
-	rsa_private_key_t *private_key = NULL;
-	iterator_t *iterator;
-	
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Looking up private key by public key...");
-	
-	iterator = this->private_keys->create_iterator(this->private_keys, TRUE);
-	while (iterator->has_next(iterator))
-	{
-		iterator->current(iterator, (void**)&private_key);
-		if (private_key->belongs_to(private_key, public_key))
-		{
-			this->logger->log(this->logger, CONTROL|LEVEL2, "found a match");
-			break;
-		}
-		this->logger->log(this->logger, CONTROL|LEVEL2, "this one did not match");
-	}
-	iterator->destroy(iterator);
-	return private_key;
-}
-
-/**
- * Load all private keys form "/etc/ipsec.d/private/"
- */
-static void load_private_keys(private_stroke_t *this)
-{
-	struct dirent* entry;
-	struct stat stb;
-	DIR* dir;
-	rsa_private_key_t *key;
-	
-	/* currently only unencrypted binary DER files are loaded */
-	dir = opendir(PRIVATE_KEY_DIR);
-	if (dir == NULL || chdir(PRIVATE_KEY_DIR) == -1) {
-		this->logger->log(this->logger, ERROR, "error opening private key directory \"%s\"", PRIVATE_KEY_DIR);
-		return;
-	}
-	while ((entry = readdir(dir)) != NULL)
-	{
-		if (stat(entry->d_name, &stb) == -1)
-		{
-			continue;
-		}
-		/* try to parse all regular files */
-		if (stb.st_mode & S_IFREG)
-		{
-			key = rsa_private_key_create_from_file(entry->d_name, NULL);
-			if (key)
-			{
-				this->private_keys->insert_last(this->private_keys, (void*)key);
-				this->logger->log(this->logger, CONTROL|LEVEL1, "loaded private key \"%s%s\"", 
-								  PRIVATE_KEY_DIR, entry->d_name);
-			}
-			else
-			{
-				this->logger->log(this->logger, ERROR, "private key \"%s%s\" invalid, skipped", 
-								  PRIVATE_KEY_DIR, entry->d_name);
-			}
-		}
-	}
-	closedir(dir);
-}
-
-/**
  * Add a connection to the configuration list
  */
 static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
@@ -280,9 +147,8 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 	host_t *my_host, *other_host, *my_subnet, *other_subnet;
 	proposal_t *proposal;
 	traffic_selector_t *my_ts, *other_ts;
-	x509_t *my_cert, *other_cert;
-	rsa_private_key_t *private_key = NULL;
-	rsa_public_key_t *public_key = NULL;
+	connection_entry_t *entry;
+	x509_t *cert;
 				
 	pop_string(msg, &msg->add_conn.name);
 	pop_string(msg, &msg->add_conn.me.address);
@@ -360,12 +226,12 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 	if (charon->socket->is_listening_on(charon->socket, other_host))
 	{
 		this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "left is other host, switching");
-					
+		
 		host_t *tmp_host = my_host;
 		identification_t *tmp_id = my_id;
 		traffic_selector_t *tmp_ts = my_ts;
 		char *tmp_cert = msg->add_conn.me.cert;
-					
+		
 		my_host = other_host;
 		other_host = tmp_host;
 		my_id = other_id;
@@ -382,7 +248,7 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 	else
 	{
 		this->stroke_logger->log(this->stroke_logger, ERROR, "left nor right host is our, aborting");
-					
+		
 		my_host->destroy(my_host);
 		other_host->destroy(other_host);
 		my_id->destroy(my_id);
@@ -392,7 +258,39 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 		return;
 	}
 	
-				
+	if (msg->add_conn.me.cert)
+	{
+		char file[128];
+		snprintf(file, sizeof(file), "%s%s", CERTIFICATE_DIR,  msg->add_conn.me.cert);
+		cert = x509_create_from_file(file);
+		if (cert)
+		{
+			my_id->destroy(my_id);
+			my_id = cert->get_subject(cert);
+			my_id = my_id->clone(my_id);
+			cert->destroy(cert);
+			this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, 
+									"defined a valid certificate, using its ID \"%s\"",
+									my_id->get_string(my_id));
+		}
+	}
+	if (msg->add_conn.other.cert)
+	{
+		char file[128];
+		snprintf(file, sizeof(file), "%s%s", CERTIFICATE_DIR,  msg->add_conn.other.cert);
+		cert = x509_create_from_file(file);
+		if (cert)
+		{
+			other_id->destroy(other_id);
+			other_id = cert->get_subject(cert);
+			other_id = other_id->clone(other_id);
+			cert->destroy(cert);
+			this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, 
+									 "defined a valid certificate, using its ID \"%s\"",
+									 other_id->get_string(other_id));
+		}
+	}
+	
 	connection = connection_create(my_host, other_host, my_id->clone(my_id), other_id->clone(other_id), 
 								   RSA_DIGITAL_SIGNATURE);
 	proposal = proposal_create(1);
@@ -407,7 +305,14 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 	proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
 	proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
 	connection->add_proposal(connection, proposal);
-				
+	/* add in our list, so we can manipulate the connection further via name */
+	entry = malloc_thing(connection_entry_t);
+	entry->name = strdup(msg->add_conn.name);
+	entry->connection = connection;
+	this->connections->insert_last(this->connections, entry);
+	/* add to global connection list */
+	charon->connections->add_connection(charon->connections, connection);
+	
 	policy = policy_create(my_id, other_id);
 	proposal = proposal_create(1);
 	proposal->add_algorithm(proposal, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
@@ -416,53 +321,10 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
 	policy->add_proposal(policy, proposal);
 	policy->add_my_traffic_selector(policy, my_ts);
 	policy->add_other_traffic_selector(policy, other_ts);
-				
-				
-	chdir(CERTIFICATE_DIR);
-	my_cert = x509_create_from_file(msg->add_conn.me.cert);
-	if (my_cert == NULL)
-	{
-		this->stroke_logger->log(this->stroke_logger, ERROR, "loading own certificate \"%s%s\" failed", 
-						  CERTIFICATE_DIR, msg->add_conn.me.cert);
-	}
-	else
-	{
-		public_key = my_cert->get_public_key(my_cert);
-		private_key = find_private_key(this, public_key);
-		public_key->destroy(public_key);
-		if (private_key)
-		{
-			this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "found private key for certificate \"%s%s\"", 
-							  CERTIFICATE_DIR, msg->add_conn.me.cert);
-		}
-		else
-		{
-			this->stroke_logger->log(this->stroke_logger, ERROR, "no private key for certificate \"%s%s\" found", 
-							  CERTIFICATE_DIR, msg->add_conn.me.cert);
-		}
-		my_cert->destroy(my_cert);
-	}
-	other_cert = x509_create_from_file(msg->add_conn.other.cert);
-	public_key = NULL;
-	if (other_cert == NULL)
-	{
-		this->stroke_logger->log(this->stroke_logger, ERROR, "loading peers certificate \"%s%s\" failed", 
-						  CERTIFICATE_DIR, msg->add_conn.other.cert);
-	}
-	else
-	{
-		public_key = other_cert->get_public_key(other_cert);
-		this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "loaded certificate \"%s%s\" (%p)", 
-						  CERTIFICATE_DIR, msg->add_conn.other.cert, public_key);
-		other_cert->destroy(other_cert);
-	}
-				
-	this->configurations->insert_last(this->configurations, 
-									  configuration_entry_create(msg->add_conn.name, connection, policy, private_key, public_key));
-				
-	this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "connection \"%s\" added (%d in store)", 
-					  msg->add_conn.name,
-					  this->configurations->get_count(this->configurations));
+	/* add to global policy list */
+	charon->policies->add_policy(charon->policies, policy);
+	
+	this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "connection \"%s\" added", msg->add_conn.name);
 }
 
 /**
@@ -550,22 +412,30 @@ static void stroke_status(private_stroke_t *this, stroke_msg_t *msg)
 		status = charon->ike_sa_manager->checkout(charon->ike_sa_manager, ike_sa_id, &ike_sa);
 		if (status == SUCCESS)
 		{
-			host_t *me, *other;
-			me = ike_sa->get_my_host(ike_sa);
-			other = ike_sa->get_other_host(ike_sa);
-			
+			host_t *my_host, *other_host;
+			identification_t *my_id, *other_id;
+			my_host = ike_sa->get_my_host(ike_sa);
+			other_host = ike_sa->get_other_host(ike_sa);
+			my_id = ike_sa->get_my_id(ike_sa);
+			other_id = ike_sa->get_other_id(ike_sa);
 			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, "IKE SA in state %s as %s",
-									 mapping_find(ike_sa_state_m, ike_sa->get_state(ike_sa)),
-									 ike_sa_id->is_initiator ? "initiator" : "responder");
+			this->stroke_logger->log(this->stroke_logger, CONTROL, "IKE_SA in state %s ",
+									 mapping_find(ike_sa_state_m, ike_sa->get_state(ike_sa)));
 			
-			this->stroke_logger->log(this->stroke_logger, CONTROL, " SPIs: %15lld - %-15lld",
-									 ike_sa_id->get_initiator_spi(ike_sa_id),
+			this->stroke_logger->log(this->stroke_logger, CONTROL, " SPIs: %lld",
+									 ike_sa_id->get_initiator_spi(ike_sa_id));
+			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %lld",
 									 ike_sa_id->get_responder_spi(ike_sa_id));
 			
-
-			this->stroke_logger->log(this->stroke_logger, CONTROL, " Addr: %15s - %-15s",
-									 me->get_address(me), other->get_address(other));
+			this->stroke_logger->log(this->stroke_logger, CONTROL, " Addr: %s",
+									 my_host->get_address(my_host));
+			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
+									 other_host->get_address(other_host));
+			
+			this->stroke_logger->log(this->stroke_logger, CONTROL, " ID:   %s",
+									 my_id->get_string(my_id));
+			this->stroke_logger->log(this->stroke_logger, CONTROL, "       %s",
+									 other_id->get_string(other_id));
 						
 			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 		}
@@ -785,117 +655,6 @@ static void stroke_receive(private_stroke_t *this)
 	}
 }
 
-/**
- * Implementation of connection_store_t.get_connection_by_hosts.
- */
-static connection_t *get_connection_by_hosts(connection_store_t *store, host_t *my_host, host_t *other_host)
-{
-	private_stroke_t *this = (private_stroke_t*)((u_int8_t*)store - offsetof(stroke_t, connections));
-	iterator_t *iterator;
-	connection_t *found = NULL;
-	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
-					  my_host->get_address(my_host), other_host->get_address(other_host));
-	
-	iterator = this->configurations->create_iterator(this->configurations,TRUE);
-	while (iterator->has_next(iterator))
-	{
-		configuration_entry_t *entry;
-		host_t *config_my_host, *config_other_host;
-		
-		iterator->current(iterator,(void **) &entry);
-
-		config_my_host = entry->connection->get_my_host(entry->connection);
-		config_other_host = entry->connection->get_other_host(entry->connection);
-
-		/* first check if ip is equal */
-		if(config_other_host->ip_equals(config_other_host, other_host))
-		{
-			this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
-						config_other_host->get_address(config_other_host));
-			/* could be right one, check my_host for default route*/
-			if (config_my_host->is_default_route(config_my_host))
-			{
-				found = entry->connection->clone(entry->connection);
-				break;
-			}
-			/* check now if host informations are the same */
-			else if (config_my_host->ip_equals(config_my_host,my_host))
-			{
-				found = entry->connection->clone(entry->connection);
-				break;
-			}
-			
-		}
-		/* Then check for wildcard hosts!
-		 * TODO
-		 * actually its only checked if other host with default route can be found! */
-		else if (config_other_host->is_default_route(config_other_host))
-		{
-			/* could be right one, check my_host for default route*/
-			if (config_my_host->is_default_route(config_my_host))
-			{
-				found = entry->connection->clone(entry->connection);
-				break;
-			}
-			/* check now if host informations are the same */
-			else if (config_my_host->ip_equals(config_my_host,my_host))
-			{
-				found = entry->connection->clone(entry->connection);
-				break;
-			}
-		}
-	}
-	iterator->destroy(iterator);
-	
-	/* apply hosts as they are supplied since my_host may be %defaultroute, and other_host may be %any. */
-	if (found)
-	{
-		found->update_my_host(found, my_host->clone(my_host));
-		found->update_other_host(found, other_host->clone(other_host));
-	}
-	
-	return found;
-}
-
-/**
- * Implementation of connection_store_t.get_connection_by_ids.
- */
-static connection_t *get_connection_by_ids(connection_store_t *store, identification_t *my_id, identification_t *other_id)
-{
-	private_stroke_t *this = (private_stroke_t*)((u_int8_t*)store - offsetof(stroke_t, connections));
-	iterator_t *iterator;
-	connection_t *found = NULL;
-	
-	this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for ids %s - %s", 
-					  my_id->get_string(my_id), other_id->get_string(other_id));
-	
-	iterator = this->configurations->create_iterator(this->configurations,TRUE);
-	while (iterator->has_next(iterator))
-	{
-		configuration_entry_t *entry;
-		identification_t *config_my_id, *config_other_id;
-		
-		iterator->current(iterator,(void **) &entry);
-		
-		config_my_id = entry->connection->get_my_id(entry->connection);
-		config_other_id = entry->connection->get_other_id(entry->connection);
-
-		/* first check if ids are equal 
-		* TODO: Add wildcard checks */
-		if (config_other_id->equals(config_other_id, other_id) &&
-			config_my_id->equals(config_my_id, my_id))
-		{
-			this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote id %s", 
-							  config_other_id->get_string(config_other_id));
-			found = entry->connection->clone(entry->connection);
-			break;
-		}
-	}
-	iterator->destroy(iterator);
-	
-	return found;
-}
 
 /**
  * Implementation of private_stroke_t.get_connection_by_name.
@@ -905,10 +664,10 @@ static connection_t *get_connection_by_name(private_stroke_t *this, char *name)
 	iterator_t *iterator;
 	connection_t *found = NULL;
 	
-	iterator = this->configurations->create_iterator(this->configurations, TRUE);
+	iterator = this->connections->create_iterator(this->connections, TRUE);
 	while (iterator->has_next(iterator))
 	{
-		configuration_entry_t *entry;
+		connection_entry_t *entry;
 		iterator->current(iterator,(void **) &entry);
 
 		if (strcmp(entry->name,name) == 0)
@@ -924,165 +683,28 @@ static connection_t *get_connection_by_name(private_stroke_t *this, char *name)
 }
 
 /**
- * Implementation of policy_store_t.get_policy.
- */
-static policy_t *get_policy(policy_store_t *store,identification_t *my_id, identification_t *other_id)
-{	
-	private_stroke_t *this = (private_stroke_t*)((u_int8_t*)store - offsetof(stroke_t, policies));
-	iterator_t *iterator;
-	policy_t *found = NULL;
-	
-	iterator = this->configurations->create_iterator(this->configurations, TRUE);
-	while (iterator->has_next(iterator))
-	{
-		configuration_entry_t *entry;
-		iterator->current(iterator,(void **) &entry);
-		identification_t *config_my_id = entry->policy->get_my_id(entry->policy);
-		identification_t *config_other_id = entry->policy->get_other_id(entry->policy);
-		
-		/* check other host first */
-		if (config_other_id->belongs_to(config_other_id, other_id))
-		{		
-			/* get it if my_id not specified */
-			if (my_id == NULL)
-			{
-				found = entry->policy->clone(entry->policy);
-				break;
-			}
-
-			if (config_my_id->belongs_to(config_my_id, my_id))
-			{
-				found = entry->policy->clone(entry->policy);
-				break;
-			}
-		}
-	}
-	iterator->destroy(iterator);
-	
-	/* apply IDs as they are requsted, since they may be configured as %any or such */
-	if (found)
-	{
-		if (my_id)
-		{
-			found->update_my_id(found, my_id->clone(my_id));
-		}
-		found->update_other_id(found, other_id->clone(other_id));
-	}
-	return found;
-}
-
-/**
- * Implementation of credential_store_t.get_shared_secret.
- */	
-static status_t get_shared_secret(credential_store_t *this, identification_t *identification, chunk_t *preshared_secret)
-{
-	char *secret = "schluessel\n";
-	preshared_secret->ptr = secret;
-	preshared_secret->len = strlen(secret) + 1;
-	
-	*preshared_secret = chunk_clone(*preshared_secret);
-	return SUCCESS;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_public_key.
- */
-static status_t get_rsa_public_key(credential_store_t *store, identification_t *identification, rsa_public_key_t **public_key)
-{
-	private_stroke_t *this = (private_stroke_t*)((u_int8_t*)store - offsetof(stroke_t, credentials));
-	iterator_t *iterator;
-	
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Looking for public key for %s",
-					  identification->get_string(identification));
-	iterator = this->configurations->create_iterator(this->configurations, TRUE);
-	while (iterator->has_next(iterator))
-	{
-		configuration_entry_t *config;
-		iterator->current(iterator, (void**)&config);
-		identification_t *stored = config->policy->get_other_id(config->policy);
-		this->logger->log(this->logger, CONTROL|LEVEL2, "there is one for %s",
-						  stored->get_string(stored));
-		if (identification->equals(identification, stored))
-		{
-			this->logger->log(this->logger, CONTROL|LEVEL2, "found a match: %p",
-							  config->public_key);
-			if (config->public_key)
-			{
-				iterator->destroy(iterator);
-				*public_key = config->public_key->clone(config->public_key);
-				return SUCCESS;
-			}
-		}
-	}
-	iterator->destroy(iterator);
-	return NOT_FOUND;
-}
-
-/**
- * Implementation of credential_store_t.get_rsa_private_key.
- */
-static status_t get_rsa_private_key(credential_store_t *store, identification_t *identification, rsa_private_key_t **private_key)
-{
-	private_stroke_t *this = (private_stroke_t*)((u_int8_t*)store - offsetof(stroke_t, credentials));
-	iterator_t *iterator;
-	
-	iterator = this->configurations->create_iterator(this->configurations, TRUE);
-	while (iterator->has_next(iterator))
-	{
-		configuration_entry_t *config;
-		iterator->current(iterator, (void**)&config);
-		identification_t *stored = config->policy->get_my_id(config->policy);
-		if (identification->equals(identification, stored))
-		{
-			if (config->private_key)
-			{
-				iterator->destroy(iterator);
-				*private_key = config->private_key->clone(config->private_key);
-				return SUCCESS;
-			}
-		}
-	}
-	iterator->destroy(iterator);
-	return NOT_FOUND;
-}
-
-/**
  * Implementation of stroke_t.destroy.
  */
 static void destroy(private_stroke_t *this)
 {
-	configuration_entry_t *entry;
-	rsa_private_key_t *priv_key;
+	connection_entry_t *entry;
 	
 	pthread_cancel(this->assigned_thread);
 	pthread_join(this->assigned_thread, NULL);
 	
-	while (this->configurations->remove_first(this->configurations, (void **)&entry) == SUCCESS)
-	{
-		entry->destroy(entry);
-	}
-	this->configurations->destroy(this->configurations);
-	
-	while (this->private_keys->remove_first(this->private_keys, (void **)&priv_key) == SUCCESS)
+	while (this->connections->remove_first(this->connections, (void **)&entry) == SUCCESS)
 	{
-		priv_key->destroy(priv_key);
+		/* connection is destroyed by global list */
+		free(entry->name);
+		free(entry);
 	}
-	this->private_keys->destroy(this->private_keys);
+	this->connections->destroy(this->connections);
 
 	close(this->socket);
 	unlink(socket_addr.sun_path);
 	free(this);
 }
 
-/**
- * Dummy function which does nothing.
- * Used for connection_store_t.destroy and policy_store_t.destroy,
- * since destruction is done in store_t's destructor...
- */
-void do_nothing(void *nothing)
-{
-	return;
-}
 
 /*
  * Described in header-file
@@ -1093,15 +715,6 @@ stroke_t *stroke_create()
 	mode_t old;
 
 	/* public functions */
-	this->public.connections.get_connection_by_ids = get_connection_by_ids;
-	this->public.connections.get_connection_by_hosts = get_connection_by_hosts;
-	this->public.connections.destroy = (void (*) (connection_store_t*))do_nothing;
-	this->public.policies.get_policy = get_policy;
-	this->public.policies.destroy = (void (*) (policy_store_t*))do_nothing;
-	this->public.credentials.get_shared_secret = (status_t (*)(credential_store_t*,identification_t*,chunk_t*))get_shared_secret;
-	this->public.credentials.get_rsa_public_key = (status_t (*)(credential_store_t*,identification_t*,rsa_public_key_t**))get_rsa_public_key;
-	this->public.credentials.get_rsa_private_key = (status_t (*)(credential_store_t*,identification_t*,rsa_private_key_t**))get_rsa_private_key;
-	this->public.credentials.destroy = (void (*) (credential_store_t*))do_nothing;
 	this->public.destroy = (void (*)(stroke_t*))destroy;
 	
 	/* private functions */
@@ -1149,10 +762,7 @@ stroke_t *stroke_create()
 	}
 	
 	/* private variables */
-	this->configurations = linked_list_create();
-	this->private_keys = linked_list_create();
-	
-	load_private_keys(this);
+	this->connections = linked_list_create();
 	
 	return (&this->public);
 }
diff --git a/Source/charon/threads/stroke_interface.h b/Source/charon/threads/stroke_interface.h
index 0bb0bb48b..f8efc9c67 100644
--- a/Source/charon/threads/stroke_interface.h
+++ b/Source/charon/threads/stroke_interface.h
@@ -23,14 +23,9 @@
 #ifndef STROKE_INTERFACE_H_
 #define STROKE_INTERFACE_H_
 
-#include <config/policy_store.h>
-#include <config/connection_store.h>
-#include <config/credential_store.h>
-
-
-#define IPSEC_DIR "/etc/ipsec.d/"
-#define PRIVATE_KEY_DIR IPSEC_DIR "private/"
-#define CERTIFICATE_DIR IPSEC_DIR "certs/"
+#include <config/policies/policy_store.h>
+#include <config/connections/connection_store.h>
+#include <config/credentials/credential_store.h>
 
 
 typedef struct stroke_t stroke_t;
@@ -59,11 +54,6 @@ typedef struct stroke_t stroke_t;
  * @ingroup threads
  */
 struct stroke_t {
-
-	/**
-	 * Implements connection_store_t interface
-	 */
-	connection_store_t connections;
 	
 	/**
 	 * Implements policy_store_t interface