8 files changed, 136 insertions, 69 deletions

diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c
index 644fb2cd2..603334089 100755
--- a/src/libstrongswan/crypto/crl.c
+++ b/src/libstrongswan/crypto/crl.c
@@ -332,6 +332,14 @@ static err_t is_valid(const private_crl_t *this, time_t *until, bool strict)
 }
 
 /**
+ * Implements crl_t.is_newer
+ */
+static bool is_newer(const private_crl_t *this, const private_crl_t *other)
+{
+	return (this->nextUpdate > other->nextUpdate);
+}
+
+/**
  * Implements crl_t.get_issuer
  */
 static identification_t *get_issuer(const private_crl_t *this)
@@ -435,7 +443,8 @@ crl_t *crl_create_from_chunk(chunk_t chunk)
 	this->public.is_valid = (err_t (*) (const crl_t*,time_t*))is_valid;
 	this->public.destroy = (void (*) (crl_t*))destroy;
 	this->public.get_issuer = (identification_t* (*) (const crl_t*))get_issuer;
-	this->public.equals_issuer = (bool (*) (const crl_t*, const crl_t*))equals_issuer;
+	this->public.equals_issuer = (bool (*) (const crl_t*,const crl_t*))equals_issuer;
+	this->public.is_newer = (bool (*) (const crl_t*,const crl_t*))is_newer;
 	this->public.log_crl = (void (*) (const crl_t*,logger_t*,bool,bool))log_crl;
 
 	/* we do not use a per-instance logger right now, since its not always accessible */
diff --git a/src/libstrongswan/crypto/crl.h b/src/libstrongswan/crypto/crl.h
index ecfb2ede1..4cecee737 100755
--- a/src/libstrongswan/crypto/crl.h
+++ b/src/libstrongswan/crypto/crl.h
@@ -77,14 +77,23 @@ struct crl_t {
 	/**
 	 * @brief Checks the validity interval of the crl
 	 * 
-	 * @param this			certificate being examined
+	 * @param this			calling object
 	 * @param until			until = min(until, nextUpdate) if strict == TRUE
-	 * @param strict		nextUpdate restricts the validiat
+	 * @param strict		nextUpdate restricts the validity
 	 * @return				NULL if the crl is valid
 	 */
 	err_t (*is_valid) (const crl_t *this, time_t *until, bool strict);
 	
 	/**
+	 * @brief Checks if this crl is newer (thisUpdate) than the other crl
+	 * 
+	 * @param this			calling object
+	 * @param other			other crl object
+	 * @return				TRUE if this was issued more recently than other
+	 */
+	bool (*is_newer) (const crl_t *this, const crl_t *other);
+	
+	/**
 	 * @brief Check if a certificate has been revoked.
 	 * 
 	 * This function uses the certificate's serialNumber
diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c
index 6d5bace81..ede651f2a 100644
--- a/src/libstrongswan/utils/linked_list.c
+++ b/src/libstrongswan/utils/linked_list.c
@@ -665,7 +665,7 @@ static status_t get_last(private_linked_list_t *this, void **item)
 /**
  * Implementation of linked_list_t.create_iterator.
  */
-static iterator_t *create_iterator (private_linked_list_t *linked_list,bool forward)
+static iterator_t *create_iterator (private_linked_list_t *linked_list, bool forward)
 {
 	private_iterator_t *this = malloc_thing(private_iterator_t);
 
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 7d9e67403..8cce1950c 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -193,6 +193,22 @@ static int list(stroke_keyword_t kw, bool utc)
 	return send_stroke_msg(&msg);
 }
 
+static int reread_flags[] = {
+	REREAD_CACERTS,
+	REREAD_CRLS,
+	REREAD_ALL
+};
+
+static int reread(stroke_keyword_t kw)
+{
+	stroke_msg_t msg;
+	
+	msg.type = STR_REREAD;
+	msg.length = offsetof(stroke_msg_t, buffer);
+	msg.reread.flags = reread_flags[kw - STROKE_REREAD_FIRST];
+	return send_stroke_msg(&msg);
+}
+
 static int set_logtype(char *context, char *type, int enable)
 {
 	stroke_msg_t msg;
@@ -257,8 +273,10 @@ static void exit_usage(char *error)
 	printf("           LEVEL is 0|1|2|3\n");
 	printf("  Show connection status:\n");
 	printf("    stroke status\n");
-	printf("  Show list of locally loaded certificates:\n");
-	printf("    stroke listcerts\n");
+	printf("  Show list of locally loaded certificates and crls:\n");
+	printf("    stroke listcerts|listcacerts|listcrls|listall\n");
+	printf("  Reload ca certificates and crls:\n");
+	printf("    stroke rereadcacerts|rereadcrls|rereadall\n");
 	exit_error(error);
 }
 
@@ -338,6 +356,11 @@ int main(int argc, char *argv[])
 		case STROKE_LIST_ALL:
 			res = list(token->kw, argc > 2 && streq(argv[2], "--utc"));
 			break;
+		case STROKE_REREAD_CACERTS:
+		case STROKE_REREAD_CRLS:
+		case STROKE_REREAD_ALL:
+			res = reread(token->kw);
+			break;
 		default:
 			exit_usage(NULL);
 	}
diff --git a/src/stroke/stroke.h b/src/stroke/stroke.h
index 64a538bbd..0f2f1d030 100644
--- a/src/stroke/stroke.h
+++ b/src/stroke/stroke.h
@@ -39,6 +39,14 @@
 #define LIST_CRLS		0x0004	/* list all crls */
 #define LIST_ALL		0x0007	/* all list options */
 
+/**
+  * Definition of the REREAD flags
+  */
+#define REREAD_NONE		0x0000	/* don't reread anything */
+#define REREAD_CACERTS	0x0001	/* reread all ca certs */
+#define REREAD_CRLS		0x0002	/* reread all crls */
+#define REREAD_ALL		0x0003	/* all reread options */
+
 typedef struct stroke_end_t stroke_end_t;
 
 struct stroke_end_t {
@@ -80,8 +88,10 @@ struct stroke_msg_t {
 		STR_LOGTYPE,
 		/* set the verbosity of a logging context */
 		STR_LOGLEVEL,
-		/* show list of locally loaded certificates */
-		STR_LIST
+		/* list various objects */
+		STR_LIST,
+		/* reread various objects */
+		STR_REREAD
 		/* more to come */
 	} type;
 
@@ -127,6 +137,12 @@ struct stroke_msg_t {
 			u_int flags;
 			bool  utc;
 		} list;
+
+		/* data for STR_REREAD */
+		struct {
+			u_int flags;
+		} reread;
+
 	};
 	char buffer[STROKE_BUF_LEN];
 };
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index 55693e8fb..f622d2dee 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -56,12 +56,12 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 
-#define TOTAL_KEYWORDS 14
+#define TOTAL_KEYWORDS 17
 #define MIN_WORD_LENGTH 2
-#define MAX_WORD_LENGTH 11
+#define MAX_WORD_LENGTH 13
 #define MIN_HASH_VALUE 2
-#define MAX_HASH_VALUE 21
-/* maximum key range = 20, duplicates = 0 */
+#define MAX_HASH_VALUE 23
+/* maximum key range = 22, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -77,32 +77,32 @@ hash (str, len)
 {
   static const unsigned char asso_values[] =
     {
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-       0, 15, 22, 22, 22,  5, 22, 22, 22, 22,
-      22,  0,  0, 22, 22, 22,  0, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
-      22, 22, 22, 22, 22, 22
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      20,  0, 24, 24, 24, 10, 24, 24, 24, 24,
+      24,  0,  0, 24, 24, 24,  5, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+      24, 24, 24, 24, 24, 24
     };
   return len + asso_values[(unsigned char)str[1]];
 }
@@ -110,24 +110,27 @@ hash (str, len)
 static const struct stroke_token wordlist[] =
   {
     {""}, {""},
-    {"up",           STROKE_UP},
-    {"add",          STROKE_ADD},
-    {"down",         STROKE_DOWN},
-    {"route",        STROKE_ROUTE},
-    {"status",       STROKE_STATUS},
-    {"logtype",      STROKE_LOGTYPE},
-    {"loglevel",     STROKE_LOGLEVEL},
-    {"statusall",    STROKE_STATUSALL},
+    {"up",            STROKE_UP},
+    {"del",           STROKE_DEL},
+    {"down",          STROKE_DOWN},
+    {"route",         STROKE_ROUTE},
+    {"delete",        STROKE_DELETE},
+    {"logtype",       STROKE_LOGTYPE},
+    {"loglevel",      STROKE_LOGLEVEL},
+    {"rereadall",     STROKE_REREAD_ALL},
+    {"rereadcrls",    STROKE_REREAD_CRLS,},
+    {"status",        STROKE_STATUS},
+    {""},
+    {"rereadcacerts", STROKE_REREAD_CACERTS,},
+    {"statusall",     STROKE_STATUSALL},
     {""}, {""},
-    {"listall",      STROKE_LIST_ALL},
-    {"listcrls",     STROKE_LIST_CRLS},
-    {"listcerts",    STROKE_LIST_CERTS},
+    {"listall",       STROKE_LIST_ALL,},
+    {"listcrls",      STROKE_LIST_CRLS},
+    {"listcerts",     STROKE_LIST_CERTS},
     {""},
-    {"listcacerts",  STROKE_LIST_CACERTS},
+    {"listcacerts",   STROKE_LIST_CACERTS},
     {""},
-    {"del",          STROKE_DEL},
-    {""}, {""},
-    {"delete",       STROKE_DELETE}
+    {"add",           STROKE_ADD}
   };
 
 #ifdef __GNUC__
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 778d5bb49..c40bed3af 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -32,10 +32,14 @@ typedef enum {
 	STROKE_LIST_CERTS,
 	STROKE_LIST_CACERTS,
 	STROKE_LIST_CRLS,
-	STROKE_LIST_ALL
+	STROKE_LIST_ALL,
+	STROKE_REREAD_CACERTS,
+	STROKE_REREAD_CRLS,
+	STROKE_REREAD_ALL
 } stroke_keyword_t;
 
-#define STROKE_LIST_FIRST	STROKE_LIST_CERTS
+#define STROKE_LIST_FIRST		STROKE_LIST_CERTS
+#define STROKE_REREAD_FIRST		STROKE_REREAD_CACERTS
 
 typedef struct stroke_token stroke_token_t;
 
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index 5bd984479..9b380ae66 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -26,17 +26,20 @@ struct stroke_token {
     stroke_keyword_t kw;
 };
 %%
-add,          STROKE_ADD
-del,          STROKE_DEL
-delete,       STROKE_DELETE
-route,        STROKE_ROUTE
-up,           STROKE_UP
-down,         STROKE_DOWN
-logtype,      STROKE_LOGTYPE
-loglevel,     STROKE_LOGLEVEL
-status,       STROKE_STATUS
-statusall,    STROKE_STATUSALL
-listcerts,    STROKE_LIST_CERTS
-listcacerts,  STROKE_LIST_CACERTS
-listcrls,     STROKE_LIST_CRLS
-listall,      STROKE_LIST_ALL
+add,           STROKE_ADD
+del,           STROKE_DEL
+delete,        STROKE_DELETE
+route,         STROKE_ROUTE
+up,            STROKE_UP
+down,          STROKE_DOWN
+logtype,       STROKE_LOGTYPE
+loglevel,      STROKE_LOGLEVEL
+status,        STROKE_STATUS
+statusall,     STROKE_STATUSALL
+listcerts,     STROKE_LIST_CERTS
+listcacerts,   STROKE_LIST_CACERTS
+listcrls,      STROKE_LIST_CRLS
+listall,       STROKE_LIST_ALL,
+rereadcacerts, STROKE_REREAD_CACERTS,
+rereadcrls,    STROKE_REREAD_CRLS,
+rereadall,     STROKE_REREAD_ALL