Imported Upstream version 5.1.0

4 files changed, 171 insertions, 49 deletions

diff --git a/src/libcharon/plugins/certexpire/Makefile.am b/src/libcharon/plugins/certexpire/Makefile.am
index 9aa0daad3..2bfad9497 100644
--- a/src/libcharon/plugins/certexpire/Makefile.am
+++ b/src/libcharon/plugins/certexpire/Makefile.am
@@ -1,10 +1,12 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
+AM_CFLAGS = \
+	-rdynamic
+
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-certexpire.la
 else
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 72e2ad601..d74cb09f9 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -62,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
 	$(top_srcdir)/m4/macros/add-plugin.m4 \
-	$(top_srcdir)/configure.in
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
@@ -103,7 +103,10 @@ am_libstrongswan_certexpire_la_OBJECTS = certexpire_plugin.lo \
 	certexpire_listener.lo certexpire_export.lo certexpire_cron.lo
 libstrongswan_certexpire_la_OBJECTS =  \
 	$(am_libstrongswan_certexpire_la_OBJECTS)
-libstrongswan_certexpire_la_LINK = $(LIBTOOL) --tag=CC \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libstrongswan_certexpire_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_certexpire_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
@@ -116,13 +119,26 @@ am__depfiles_maybe = depfiles
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC    " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
 CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD  " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN   " $@;
 SOURCES = $(libstrongswan_certexpire_la_SOURCES)
 DIST_SOURCES = $(libstrongswan_certexpire_la_SOURCES)
 am__can_run_installinfo = \
@@ -136,6 +152,7 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
@@ -148,6 +165,8 @@ CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
 CHECK_CFLAGS = @CHECK_CFLAGS@
 CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
@@ -163,6 +182,7 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GENHTML = @GENHTML@
 GPERF = @GPERF@
 GPRBUILD = @GPRBUILD@
 GREP = @GREP@
@@ -171,6 +191,7 @@ INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LEX = @LEX@
@@ -217,6 +238,7 @@ SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
 VERSION = @VERSION@
 YACC = @YACC@
 YFLAGS = @YFLAGS@
@@ -245,6 +267,7 @@ charon_natt_port = @charon_natt_port@
 charon_plugins = @charon_plugins@
 charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
@@ -322,12 +345,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = -rdynamic \
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
+AM_CFLAGS = \
+	-rdynamic
+
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-certexpire.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-certexpire.la
 libstrongswan_certexpire_la_SOURCES = certexpire_plugin.h certexpire_plugin.c \
@@ -412,7 +438,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-certexpire.la: $(libstrongswan_certexpire_la_OBJECTS) $(libstrongswan_certexpire_la_DEPENDENCIES) $(EXTRA_libstrongswan_certexpire_la_DEPENDENCIES) 
-	$(libstrongswan_certexpire_la_LINK) $(am_libstrongswan_certexpire_la_rpath) $(libstrongswan_certexpire_la_OBJECTS) $(libstrongswan_certexpire_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(libstrongswan_certexpire_la_LINK) $(am_libstrongswan_certexpire_la_rpath) $(libstrongswan_certexpire_la_OBJECTS) $(libstrongswan_certexpire_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -426,25 +452,25 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certexpire_plugin.Plo@am__quote@
 
 .c.o:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
 mostlyclean-libtool:
 	-rm -f *.lo
diff --git a/src/libcharon/plugins/certexpire/certexpire_export.c b/src/libcharon/plugins/certexpire/certexpire_export.c
index e339b8004..f1205cfd8 100644
--- a/src/libcharon/plugins/certexpire/certexpire_export.c
+++ b/src/libcharon/plugins/certexpire/certexpire_export.c
@@ -88,6 +88,11 @@ struct private_certexpire_export_t {
 	 * String to use in empty fields, if using fixed_fields
 	 */
 	char *empty_string;
+
+	/**
+	 * Force export of all trustchains we have a private key for
+	 */
+	bool force;
 };
 
 /**
@@ -184,21 +189,6 @@ static void export_csv(private_certexpire_export_t *this, char *path,
 	}
 }
 
-/**
- * Export cached trustchain expiration dates to CSV files
- */
-static void cron_export(private_certexpire_export_t *this)
-{
-	if (this->local_path)
-	{
-		export_csv(this, this->local_path, this->local);
-	}
-	if (this->remote_path)
-	{
-		export_csv(this, this->remote_path, this->remote);
-	}
-}
-
 METHOD(certexpire_export_t, add, void,
 	private_certexpire_export_t *this, linked_list_t *trustchain, bool local)
 {
@@ -320,6 +310,81 @@ METHOD(certexpire_export_t, add, void,
 	enumerator->destroy(enumerator);
 }
 
+/**
+ * Add trustchains we have a private key for to the list
+ */
+static void add_local_certs(private_certexpire_export_t *this)
+{
+	enumerator_t *enumerator;
+	certificate_t *cert;
+
+	enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+											CERT_X509, KEY_ANY, NULL, FALSE);
+	while (enumerator->enumerate(enumerator, &cert))
+	{
+		linked_list_t *trustchain;
+		private_key_t *private;
+		public_key_t *public;
+		identification_t *keyid;
+		chunk_t chunk;
+		x509_t *x509 = (x509_t*)cert;
+
+		trustchain = linked_list_create();
+
+		public = cert->get_public_key(cert);
+		if (public)
+		{
+			if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
+			{
+				keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
+				private = lib->credmgr->get_private(lib->credmgr,
+										public->get_type(public), keyid, NULL);
+				keyid->destroy(keyid);
+				if (private)
+				{
+					trustchain->insert_last(trustchain, cert->get_ref(cert));
+
+					while (!(x509->get_flags(x509) & X509_SELF_SIGNED))
+					{
+						cert = lib->credmgr->get_cert(lib->credmgr, CERT_X509,
+										KEY_ANY, cert->get_issuer(cert), FALSE);
+						if (!cert)
+						{
+							break;
+						}
+						x509 = (x509_t*)cert;
+						trustchain->insert_last(trustchain, cert);
+					}
+					private->destroy(private);
+				}
+			}
+			public->destroy(public);
+		}
+		add(this, trustchain, TRUE);
+		trustchain->destroy_offset(trustchain, offsetof(certificate_t, destroy));
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Export cached trustchain expiration dates to CSV files
+ */
+static void cron_export(private_certexpire_export_t *this)
+{
+	if (this->local_path)
+	{
+		if (this->force)
+		{
+			add_local_certs(this);
+		}
+		export_csv(this, this->local_path, this->local);
+	}
+	if (this->remote_path)
+	{
+		export_csv(this, this->remote_path, this->remote);
+	}
+}
+
 METHOD(certexpire_export_t, destroy, void,
 	private_certexpire_export_t *this)
 {
@@ -382,6 +447,9 @@ certexpire_export_t *certexpire_export_create()
 		.empty_string = lib->settings->get_str(lib->settings,
 								"%s.plugins.certexpire.csv.empty_string",
 								"", charon->name),
+		.force = lib->settings->get_bool(lib->settings,
+								"%s.plugins.certexpire.csv.force",
+								TRUE, charon->name),
 	);
 
 	cron = lib->settings->get_str(lib->settings,
diff --git a/src/libcharon/plugins/certexpire/certexpire_plugin.c b/src/libcharon/plugins/certexpire/certexpire_plugin.c
index 2b4c0b68b..985fb0d76 100644
--- a/src/libcharon/plugins/certexpire/certexpire_plugin.c
+++ b/src/libcharon/plugins/certexpire/certexpire_plugin.c
@@ -49,10 +49,37 @@ METHOD(plugin_t, get_name, char*,
 	return "certexpire";
 }
 
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_certexpire_plugin_t *this,
+					  plugin_feature_t *feature, bool reg, void *cb_data)
+{
+	if (reg)
+	{
+		charon->bus->add_listener(charon->bus, &this->listener->listener);
+	}
+	else
+	{
+		charon->bus->remove_listener(charon->bus, &this->listener->listener);
+	}
+	return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+	private_certexpire_plugin_t *this, plugin_feature_t *features[])
+{
+	static plugin_feature_t f[] = {
+		PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+			PLUGIN_PROVIDE(CUSTOM, "certexpire"),
+	};
+	*features = f;
+	return countof(f);
+}
+
 METHOD(plugin_t, destroy, void,
 	private_certexpire_plugin_t *this)
 {
-	charon->bus->remove_listener(charon->bus, &this->listener->listener);
 	this->listener->destroy(this->listener);
 	this->export->destroy(this->export);
 	free(this);
@@ -69,14 +96,13 @@ plugin_t *certexpire_plugin_create()
 		.public = {
 			.plugin = {
 				.get_name = _get_name,
-				.reload = (void*)return_false,
+				.get_features = _get_features,
 				.destroy = _destroy,
 			},
 		},
 		.export = certexpire_export_create(),
 	);
-	this->listener = certexpire_listener_create(this->export),
-	charon->bus->add_listener(charon->bus, &this->listener->listener);
+	this->listener = certexpire_listener_create(this->export);
 
 	return &this->public.plugin;
 }