vici 5.5.0 → 6.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3de265c564a6b55e5c48184db00b3f65a9a91118
-  data.tar.gz: cd4f18ec723766443001e0593876d4c9efe5fe21
+SHA256:
+  metadata.gz: b4e651788ef7e0b51150cbd8077bd84a3eef4deb6ea9b1f280840d17b308956a
+  data.tar.gz: a699b0b81a187ebb3395b461c3060315404d79ed7d85d131e1c1fe09beb3e25e
 SHA512:
-  metadata.gz: 2abb379c57904cac9d9f90d36645c5a71a21d19dfb3c260cdda034d4dc6190aa7809ba3d8b6c6bcf112570d350cf3479e5d09d5545d653857aace6da93e681e0
-  data.tar.gz: 99229d8b51a102fc226c152358a5f8189cab95fde4d15949008502e826a2b37c69e381f8793adb1d7acbda1f7f71809c57f7ce2b2211855d286b76c94d49a5de
+  metadata.gz: fc0ef25e22963a1e74fb65b6ea81412e47b420a196a48a9060453e504f8af025d464ec8067f97250f02be3df1442f83ad157b2f05df10908423368924ff92447
+  data.tar.gz: 794d1de2f2df1d5e191cc76973813532c15032628be3b64e317d5a49ce507f86937cbc56f01f56ac52e49233decfe58f0e30e1123bdc1a39da8bc36d2837f24f

data/lib/vici.rb

@@ -3,8 +3,8 @@
 # strongSwan VICI protocol. The Connection class provides a high-level
 # interface to issue requests or listen for events.
 #
+#  Copyright (C) 2019 Tobias Brunner
 #  Copyright (C) 2014 Martin Willi
-#  Copyright (C) 2014 revosec AG
 #
 #  Permission is hereby granted, free of charge, to any person obtaining a copy
 #  of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,6 @@
 #  THE SOFTWARE.
 
 module Vici
-
   ##
   # Vici specific exception all others inherit from
   class Error < StandardError
@@ -76,12 +75,10 @@ module Vici
   class StopEventListening < Exception
   end
 
-
   ##
   # The Message class provides the low level encoding and decoding of vici
   # protocol messages. Directly using this class is usually not required.
   class Message
-
     SECTION_START = 1
     SECTION_END = 2
     KEY_VALUE = 3
@@ -90,8 +87,8 @@ module Vici
     LIST_END = 6
 
     def initialize(data = "")
-      if data == nil
-        @root = Hash.new()
+      if data.nil?
+        @root = {}
       elsif data.is_a?(Hash)
         @root = data
       else
@@ -102,18 +99,14 @@ module Vici
     ##
     # Get the raw byte encoding of an on-the-wire message
     def encoding
-      if @encoded == nil
-        @encoded = encode(@root)
-      end
+      @encoded = encode(@root) if @encoded.nil?
       @encoded
     end
 
     ##
     # Get the root element of the parsed ruby data structures
     def root
-      if @root == nil
-        @root = parse(@encoded)
-      end
+      @root = parse(@encoded) if @root.nil?
       @root
     end
 
@@ -124,9 +117,7 @@ module Vici
     end
 
     def encode_value(value)
-      if value.class != String
-        value = value.to_s
-      end
+      value = value.to_s if value.class != String
       [value.length].pack("n") << value
     end
 
@@ -150,18 +141,13 @@ module Vici
     def encode(node)
       encoding = ""
       node.each do |key, value|
-        case value.class
-          when String, Fixnum, true, false
-            encoding = encode_kv(encoding, key, value)
-          else
-            if value.is_a?(Hash)
-              encoding = encode_section(encoding, key, value)
-            elsif value.is_a?(Array)
-              encoding = encode_list(encoding, key, value)
-            else
-              encoding = encode_kv(encoding, key, value)
-            end
-        end
+        encoding = if value.is_a?(Hash)
+                     encode_section(encoding, key, value)
+                   elsif value.is_a?(Array)
+                     encode_list(encoding, key, value)
+                   else
+                     encode_kv(encoding, key, value)
+                   end
       end
       encoding
     end
@@ -169,63 +155,57 @@ module Vici
     def parse_name(encoding)
       len = encoding.unpack("c")[0]
       name = encoding[1, len]
-      return encoding[(1 + len)..-1], name
+      [encoding[(1 + len)..-1], name]
     end
 
     def parse_value(encoding)
       len = encoding.unpack("n")[0]
       value = encoding[2, len]
-      return encoding[(2 + len)..-1], value
+      [encoding[(2 + len)..-1], value]
     end
 
     def parse(encoding)
-      stack = [Hash.new]
+      stack = [{}]
       list = nil
-      while encoding.length != 0 do
+      until encoding.empty?
         type = encoding.unpack("c")[0]
         encoding = encoding[1..-1]
         case type
-          when SECTION_START
-            encoding, name = parse_name(encoding)
-            stack.push(stack[-1][name] = Hash.new)
-          when SECTION_END
-            if stack.length() == 1
-              raise ParseError, "unexpected section end"
-            end
-            stack.pop()
-          when KEY_VALUE
-            encoding, name = parse_name(encoding)
-            encoding, value = parse_value(encoding)
-            stack[-1][name] = value
-          when LIST_START
-            encoding, name = parse_name(encoding)
-            stack[-1][name] = []
-            list = name
-          when LIST_ITEM
-            raise ParseError, "unexpected list item" if list == nil
-            encoding, value = parse_value(encoding)
-            stack[-1][list].push(value)
-          when LIST_END
-            raise ParseError, "unexpected list end" if list == nil
-            list = nil
-          else
-            raise ParseError, "invalid type: #{type}"
+        when SECTION_START
+          encoding, name = parse_name(encoding)
+          stack.push(stack[-1][name] = {})
+        when SECTION_END
+          raise ParseError, "unexpected section end" if stack.length == 1
+          stack.pop
+        when KEY_VALUE
+          encoding, name = parse_name(encoding)
+          encoding, value = parse_value(encoding)
+          stack[-1][name] = value
+        when LIST_START
+          encoding, name = parse_name(encoding)
+          stack[-1][name] = []
+          list = name
+        when LIST_ITEM
+          raise ParseError, "unexpected list item" if list.nil?
+          encoding, value = parse_value(encoding)
+          stack[-1][list].push(value)
+        when LIST_END
+          raise ParseError, "unexpected list end" if list.nil?
+          list = nil
+        else
+          raise ParseError, "invalid type: #{type}"
         end
       end
-      if stack.length() > 1
-        raise ParseError, "unexpected message end"
-      end
+      raise ParseError, "unexpected message end" if stack.length > 1
       stack[0]
     end
   end
 
-
   ##
   # The Transport class implements to low level segmentation of packets
   # to the underlying transport stream.  Directly using this class is usually
   # not required.
   class Transport
-
     CMD_REQUEST = 0
     CMD_RESPONSE = 1
     CMD_UNKNOWN = 2
@@ -239,18 +219,16 @@ module Vici
     # Create a transport layer using a provided socket for communication.
     def initialize(socket)
       @socket = socket
-      @events = Hash.new
+      @events = {}
     end
 
     ##
     # Receive data from socket, until len bytes read
     def recv_all(len)
       encoding = ""
-      while encoding.length < len do
+      while encoding.length < len
         data = @socket.recv(len - encoding.length)
-        if data.empty?
-          raise TransportError, "connection closed"
-        end
+        raise TransportError, "connection closed" if data.empty?
         encoding << data
       end
       encoding
@@ -260,9 +238,7 @@ module Vici
     # Send data to socket, until all bytes sent
     def send_all(encoding)
       len = 0
-      while len < encoding.length do
-        len += @socket.send(encoding[len..-1], 0)
-      end
+      len += @socket.send(encoding[len..-1], 0) while len < encoding.length
     end
 
     ##
@@ -270,12 +246,8 @@ module Vici
     # specifies the message, the optional label and message get appended.
     def write(type, label, message)
       encoding = ""
-      if label
-        encoding << label.length << label
-      end
-      if message
-        encoding << message.encoding
-      end
+      encoding << label.length << label if label
+      encoding << message.encoding if message
       send_all([encoding.length + 1, type].pack("Nc") + encoding)
     end
 
@@ -288,18 +260,20 @@ module Vici
       type = encoding.unpack("c")[0]
       len = 1
       case type
-        when CMD_REQUEST, EVENT_REGISTER, EVENT_UNREGISTER, EVENT
-          label = encoding[2, encoding[1].unpack("c")[0]]
-          len += label.length + 1
-        when CMD_RESPONSE, CMD_UNKNOWN, EVENT_CONFIRM, EVENT_UNKNOWN
-          label = nil
-        else
-          raise TransportError, "invalid message: #{type}"
-      end
-      if encoding.length == len
-        return type, label, Message.new
+      when CMD_REQUEST, EVENT_REGISTER, EVENT_UNREGISTER, EVENT
+        label = encoding[2, encoding[1].unpack("c")[0]]
+        len += label.length + 1
+      when CMD_RESPONSE, CMD_UNKNOWN, EVENT_CONFIRM, EVENT_UNKNOWN
+        label = nil
+      else
+        raise TransportError, "invalid message: #{type}"
       end
-      return type, label, Message.new(encoding[len..-1])
+      message = if encoding.length == len
+                  Message.new
+                else
+                  Message.new(encoding[len..-1])
+                end
+      [type, label, message]
     end
 
     def dispatch_event(name, message)
@@ -310,22 +284,17 @@ module Vici
 
     def read_and_dispatch_event
       type, label, message = read
-      p
-      if type == EVENT
-        dispatch_event(label, message)
-      else
-        raise TransportError, "unexpected message: #{type}"
-      end
+      raise TransportError, "unexpected message: #{type}" if type != EVENT
+
+      dispatch_event(label, message)
     end
 
     def read_and_dispatch_events
       loop do
         type, label, message = read
-        if type == EVENT
-          dispatch_event(label, message)
-        else
-          return type, label, message
-        end
+        return type, label, message if type != EVENT
+
+        dispatch_event(label, message)
       end
     end
 
@@ -334,14 +303,14 @@ module Vici
     # the reply message on success.
     def request(name, message = nil)
       write(CMD_REQUEST, name, message)
-      type, label, message = read_and_dispatch_events
+      type, _label, message = read_and_dispatch_events
       case type
-        when CMD_RESPONSE
-          return message
-        when CMD_UNKNOWN
-          raise CommandUnknownError, name
-        else
-          raise CommandError, "invalid response for #{name}"
+      when CMD_RESPONSE
+        return message
+      when CMD_UNKNOWN
+        raise CommandUnknownError, name
+      else
+        raise CommandError, "invalid response for #{name}"
       end
     end
 
@@ -349,18 +318,18 @@ module Vici
     # Register a handler method for the given event name
     def register(name, handler)
       write(EVENT_REGISTER, name, nil)
-      type, label, message = read_and_dispatch_events
+      type, _label, _message = read_and_dispatch_events
       case type
-        when EVENT_CONFIRM
-          if @events.has_key?(name)
-            @events[name] += [handler]
-          else
-            @events[name] = [handler];
-          end
-        when EVENT_UNKNOWN
-          raise EventUnknownError, name
+      when EVENT_CONFIRM
+        if @events.key?(name)
+          @events[name] += [handler]
         else
-          raise EventError, "invalid response for #{name} register"
+          @events[name] = [handler]
+        end
+      when EVENT_UNKNOWN
+        raise EventUnknownError, name
+      else
+        raise EventError, "invalid response for #{name} register"
       end
     end
 
@@ -368,19 +337,18 @@ module Vici
     # Unregister a handler method for the given event name
     def unregister(name, handler)
       write(EVENT_UNREGISTER, name, nil)
-      type, label, message = read_and_dispatch_events
+      type, _label, _message = read_and_dispatch_events
       case type
-        when EVENT_CONFIRM
-          @events[name] -= [handler]
-        when EVENT_UNKNOWN
-          raise EventUnknownError, name
-        else
-          raise EventError, "invalid response for #{name} unregister"
+      when EVENT_CONFIRM
+        @events[name] -= [handler]
+      when EVENT_UNKNOWN
+        raise EventUnknownError, name
+      else
+        raise EventError, "invalid response for #{name} unregister"
       end
     end
   end
 
-
   ##
   # The Connection class provides the high-level interface to monitor, configure
   # and control the IKE daemon. It takes a connected stream-oriented Socket for
@@ -393,19 +361,65 @@ module Vici
   # Non-String values that are not a Hash nor an Array get converted with .to_s
   # during encoding.
   class Connection
-
+    ##
+    # Create a connection, optionally using the given socket
     def initialize(socket = nil)
-      if socket == nil
-        socket = UNIXSocket.new("/var/run/charon.vici")
-      end
+      socket = UNIXSocket.new("/var/run/charon.vici") if socket.nil?
       @transp = Transport.new(socket)
     end
 
     ##
-    # List matching loaded connections. The provided closure is invoked
-    # for each matching connection.
-    def list_conns(match = nil, &block)
-      call_with_event("list-conns", Message.new(match), "list-conn", &block)
+    # Get daemon version information
+    def version
+      call("version")
+    end
+
+    ##
+    # Get daemon statistics and information.
+    def stats
+      call("stats")
+    end
+
+    ##
+    # Reload strongswan.conf settings.
+    def reload_settings
+      call("reload-settings")
+    end
+
+    ##
+    # Initiate a connection. The provided closure is invoked for each log line.
+    def initiate(options, &block)
+      call_with_event("initiate", Message.new(options), "control-log", &block)
+    end
+
+    ##
+    # Terminate a connection. The provided closure is invoked for each log line.
+    def terminate(options, &block)
+      call_with_event("terminate", Message.new(options), "control-log", &block)
+    end
+
+    ##
+    # Initiate the rekeying of an SA.
+    def rekey(options)
+      call("rekey", Message.new(options))
+    end
+
+    ##
+    # Redirect an IKE_SA.
+    def redirect(options)
+      call("redirect", Message.new(options))
+    end
+
+    ##
+    # Install a shunt/route policy.
+    def install(policy)
+      call("install", Message.new(policy))
+    end
+
+    ##
+    # Uninstall a shunt/route policy.
+    def uninstall(policy)
+      call("uninstall", Message.new(policy))
     end
 
     ##
@@ -423,6 +437,19 @@ module Vici
                       &block)
     end
 
+    ##
+    # List matching loaded connections. The provided closure is invoked
+    # for each matching connection.
+    def list_conns(match = nil, &block)
+      call_with_event("list-conns", Message.new(match), "list-conn", &block)
+    end
+
+    ##
+    # Get the names of connections managed by vici.
+    def get_conns
+      call("get-conns")
+    end
+
     ##
     # List matching loaded certificates. The provided closure is invoked
     # for each matching certificate definition.
@@ -431,120 +458,144 @@ module Vici
     end
 
     ##
-    # Load a connection into the daemon.
-    def load_conn(conn)
-      check_success(@transp.request("load-conn", Message.new(conn)))
+    # List matching loaded certification authorities. The provided closure is
+    # invoked for each matching certification authority definition.
+    def list_authorities(match = nil, &block)
+      call_with_event("list-authorities", Message.new(match), "list-authority",
+                      &block)
     end
 
     ##
-    # Unload a connection from the daemon.
-    def unload_conn(conn)
-      check_success(@transp.request("unload-conn", Message.new(conn)))
+    # Get the names of certification authorities managed by vici.
+    def get_authorities
+      call("get-authorities")
     end
 
     ##
-    # Get the names of connections managed by vici.
-    def get_conns()
-      @transp.request("get-conns").root
+    # Load a connection into the daemon.
+    def load_conn(conn)
+      call("load-conn", Message.new(conn))
     end
 
     ##
-    # Clear all loaded credentials.
-    def clear_creds()
-      check_success(@transp.request("clear-creds"))
+    # Unload a connection from the daemon.
+    def unload_conn(conn)
+      call("unload-conn", Message.new(conn))
     end
 
     ##
     # Load a certificate into the daemon.
     def load_cert(cert)
-      check_success(@transp.request("load-cert", Message.new(cert)))
+      call("load-cert", Message.new(cert))
     end
 
     ##
     # Load a private key into the daemon.
     def load_key(key)
-      check_success(@transp.request("load-key", Message.new(key)))
+      call("load-key", Message.new(key))
+    end
+
+    ##
+    # Unload a private key from the daemon.
+    def unload_key(key)
+      call("unload-key", Message.new(key))
+    end
+
+    ##
+    # Get the identifiers of private keys loaded via vici.
+    def get_keys
+      call("get-keys")
+    end
+
+    ##
+    # Load a private key located on a token into the daemon.
+    def load_token(token)
+      call("load-token", Message.new(token))
     end
 
     ##
     # Load a shared key into the daemon.
     def load_shared(shared)
-      check_success(@transp.request("load-shared", Message.new(shared)))
+      call("load-shared", Message.new(shared))
     end
 
     ##
-    # Load a virtual IP / attribute pool
-    def load_pool(pool)
-      check_success(@transp.request("load-pool", Message.new(pool)))
+    # Unload a shared key from the daemon.
+    def unload_shared(shared)
+      call("unload-shared", Message.new(shared))
     end
 
     ##
-    # Unload a virtual IP / attribute pool
-    def unload_pool(pool)
-      check_success(@transp.request("unload-pool", Message.new(pool)))
+    # Get the unique identifiers of shared keys loaded via vici.
+    def get_shared
+      call("get-shared")
     end
 
     ##
-    # Get the currently loaded pools.
-    def get_pools()
-      @transp.request("get-pools").root
+    # Flush credential cache.
+    def flush_certs(match = nil)
+      call("flush-certs", Message.new(match))
     end
 
     ##
-    # Initiate a connection. The provided closure is invoked for each log line.
-    def initiate(options, &block)
-      check_success(call_with_event("initiate", Message.new(options),
-                    "control-log", &block))
+    # Clear all loaded credentials.
+    def clear_creds
+      call("clear-creds")
     end
 
     ##
-    # Terminate a connection. The provided closure is invoked for each log line.
-    def terminate(options, &block)
-      check_success(call_with_event("terminate", Message.new(options),
-                    "control-log", &block))
+    # Load a certification authority into the daemon.
+    def load_authority(authority)
+      call("load-authority", Message.new(authority))
     end
 
     ##
-    # Redirect an IKE_SA.
-    def redirect(options)
-      check_success(@transp.request("redirect", Message.new(options)))
+    # Unload a certification authority from the daemon.
+    def unload_authority(authority)
+      call("unload-authority", Message.new(authority))
     end
 
     ##
-    # Install a shunt/route policy.
-    def install(policy)
-      check_success(@transp.request("install", Message.new(policy)))
+    # Load a virtual IP / attribute pool into the daemon.
+    def load_pool(pool)
+      call("load-pool", Message.new(pool))
     end
 
     ##
-    # Uninstall a shunt/route policy.
-    def uninstall(policy)
-      check_success(@transp.request("uninstall", Message.new(policy)))
+    # Unload a virtual IP / attribute pool from the daemon.
+    def unload_pool(pool)
+      call("unload-pool", Message.new(pool))
     end
 
     ##
-    # Reload strongswan.conf settings.
-    def reload_settings
-      check_success(@transp.request("reload-settings", nil))
+    # Get the currently loaded pools.
+    def get_pools(options)
+      call("get-pools", Message.new(options))
     end
 
     ##
-    # Get daemon statistics and information.
-    def stats
-      @transp.request("stats", nil).root
+    # Get currently loaded algorithms and their implementation.
+    def get_algorithms
+      call("get-algorithms")
     end
 
     ##
-    # Get daemon version information
-    def version
-      @transp.request("version", nil).root
+    # Get global or connection-specific counters for IKE events.
+    def get_counters(options = nil)
+      call("get-counters", Message.new(options))
+    end
+
+    ##
+    # Reset global or connection-specific IKE event counters.
+    def reset_counters(options = nil)
+      call("reset-counters", Message.new(options))
     end
 
     ##
     # Listen for a set of event messages. This call is blocking, and invokes
     # the passed closure for each event received. The closure receives the
     # event name and the event message as argument. To stop listening, the
-    # closure may raise a StopEventListening exception, the only catched
+    # closure may raise a StopEventListening exception, the only caught
     # exception.
     def listen_events(events, &block)
       self.class.instance_eval do
@@ -567,6 +618,13 @@ module Vici
       end
     end
 
+    ##
+    # Issue a command request. Checks if the reply of a command indicates
+    # "success", otherwise raises a CommandExecError exception.
+    def call(command, request = nil)
+      check_success(@transp.request(command, request))
+    end
+
     ##
     # Issue a command request, but register for a specific event while the
     # command is active. VICI uses this mechanism to stream potentially large
@@ -574,7 +632,7 @@ module Vici
     # event messages.
     def call_with_event(command, request, event, &block)
       self.class.instance_eval do
-        define_method(:call_event) do |label, message|
+        define_method(:call_event) do |_label, message|
           block.call(message.root)
         end
       end
@@ -584,7 +642,7 @@ module Vici
       ensure
         @transp.unregister(event, method(:call_event))
       end
-      reply
+      check_success(reply)
     end
 
     ##
@@ -592,9 +650,10 @@ module Vici
     # CommandExecError exception
     def check_success(reply)
       root = reply.root
-      if root["success"] != "yes"
+      if root.key?("success") && root["success"] != "yes"
         raise CommandExecError, root["errmsg"]
       end
+
       root
     end
   end

metadata

@@ -1,31 +1,31 @@
 --- !ruby/object:Gem::Specification
 name: vici
 version: !ruby/object:Gem::Version
-  version: 5.5.0
+  version: 6.0.1
 platform: ruby
 authors:
-- Martin Willi
-autorequire: 
+- strongSwan Project
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-08-15 00:00:00.000000000 Z
+date: 2025-03-11 00:00:00.000000000 Z
 dependencies: []
-description: "\n     The strongSwan VICI protocol allows external application to monitor,\n
-  \    configure and control the IKE daemon charon. This ruby gem provides a\n     native
-  client side implementation of the VICI protocol, well suited to\n     script automated
-  tasks in a relaible way.\n  "
+description: "\n    The strongSwan VICI protocol allows external application to monitor,\n
+  \   configure and control the IKE daemon charon. This Ruby Gem provides a\n    native
+  client side implementation of the VICI protocol, well suited to\n    script automated
+  tasks in a reliable way.\n  "
 email:
-- martin@strongswan.org
+- info@strongswan.org
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - lib/vici.rb
-homepage: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
+homepage: https://docs.strongswan.org/docs/latest/plugins/vici.html
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -40,9 +40,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
-signing_key: 
+rubygems_version: 3.4.20
+signing_key:
 specification_version: 4
-summary: Native ruby interface for strongSwan VICI
+summary: Native Ruby interface for strongSwan VICI
 test_files: []