implemented cert cache flushing, ipsec purgeocsp

5 files changed, 54 insertions, 4 deletions

diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c
index 35816a820..7c49d39a0 100644
--- a/src/charon/credentials/credential_manager.c
+++ b/src/charon/credentials/credential_manager.c
@@ -1223,6 +1223,17 @@ static private_key_t *get_private(private_credential_manager_t *this,
 }
 
 /**
+ * Implementation of credential_manager_t.flush_cache.
+ */
+static void flush_cache(private_credential_manager_t *this,
+						certificate_type_t type)
+{
+	this->mutex->lock(this->mutex);
+	this->cache->flush(this->cache, type);
+	this->mutex->unlock(this->mutex);
+}
+
+/**
  * Implementation of credential_manager_t.add_set.
  */
 static void add_set(private_credential_manager_t *this,
@@ -1268,6 +1279,7 @@ credential_manager_t *credential_manager_create()
 	this->public.get_shared = (shared_key_t *(*)(credential_manager_t *this,shared_key_type_t type,identification_t *me, identification_t *other))get_shared;
 	this->public.get_private = (private_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_private;
 	this->public.get_public = (public_key_t*(*)(credential_manager_t*, key_type_t type, identification_t *, auth_info_t*))get_public;
+	this->public.flush_cache = (void(*)(credential_manager_t*, certificate_type_t type))flush_cache;
 	this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
 	this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
 	this->public.destroy = (void(*)(credential_manager_t*))destroy;
diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h
index 816b9028e..ca22f98a2 100644
--- a/src/charon/credentials/credential_manager.h
+++ b/src/charon/credentials/credential_manager.h
@@ -160,6 +160,13 @@ struct credential_manager_t {
 								identification_t *id, auth_info_t *auth);
 	
 	/**
+	 * Flush the certificate cache.
+	 *
+	 * @param type		type of certificate to flush, or CERT_ANY
+	 */
+	void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
+		
+	/**
 	 * Register a credential set to the manager.
 	 *
 	 * @param set		set to register
diff --git a/src/charon/credentials/sets/cert_cache.c b/src/charon/credentials/sets/cert_cache.c
index 5d4964314..5c112c084 100644
--- a/src/charon/credentials/sets/cert_cache.c
+++ b/src/charon/credentials/sets/cert_cache.c
@@ -179,6 +179,27 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
 }
 
 /**
+ * Implementation of cert_cache_t.flush.
+ */
+static void flush(private_cert_cache_t *this, certificate_type_t type)
+{
+	enumerator_t *enumerator;
+	relation_t *relation;
+	
+	enumerator = this->relations->create_enumerator(this->relations);
+	while (enumerator->enumerate(enumerator, &relation))
+	{
+		if (type == CERT_ANY ||
+			type == relation->subject->get_type(relation->subject))
+		{
+			this->relations->remove_at(this->relations, enumerator);
+			relation_destroy(relation);
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
  * Implementation of cert_cache_t.destroy
  */
 static void destroy(private_cert_cache_t *this)
@@ -199,6 +220,7 @@ cert_cache_t *cert_cache_create()
 	this->public.set.create_shared_enumerator = (void*)return_null;
 	this->public.set.create_cdp_enumerator = (void*)return_null;
 	this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
+	this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
 	this->public.destroy = (void(*)(cert_cache_t*))destroy;
 	
 	this->relations = linked_list_create();
diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h
index 7e392ae87..281189d53 100644
--- a/src/charon/credentials/sets/cert_cache.h
+++ b/src/charon/credentials/sets/cert_cache.h
@@ -53,6 +53,13 @@ struct cert_cache_t {
 					  certificate_t *subject, certificate_t *issuer);
 	
 	/**
+	 * Flush the certificate cache.
+	 *
+	 * @param type			type of certificate to flush, or CERT_ANY
+	 */
+	void (*flush)(cert_cache_t *this, certificate_type_t type);
+		
+	/**
 	 * Destroy a cert_cache instance.
 	 */
 	void (*destroy)(cert_cache_t *this);
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c
index 60ea3019c..ce0725196 100644
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/charon/plugins/stroke/stroke_socket.c
@@ -271,8 +271,8 @@ static void stroke_del_ca(private_stroke_socket_t *this,
 /**
  * show status of daemon
  */
-static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out,
-						  bool all)
+static void stroke_status(private_stroke_socket_t *this,
+						  stroke_msg_t *msg, FILE *out, bool all)
 {
 	pop_string(msg, &(msg->status.name));
 	
@@ -303,9 +303,11 @@ static void stroke_reread(private_stroke_socket_t *this,
 /**
  * purge various information
  */
-static void stroke_purge(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
+static void stroke_purge(private_stroke_socket_t *this,
+						 stroke_msg_t *msg, FILE *out)
 {
-	/* TODO: flush cache */
+	charon->credentials->flush_cache(charon->credentials,
+									 CERT_X509_OCSP_RESPONSE);
 }
 
 signal_t get_signal_from_logtype(char *type)