Class: Vici::Connection

Inherits:

Object

• Object
• Vici::Connection

Defined in:

lib/vici.rb

Overview

The Connection class provides the high-level interface to monitor, configure and control the IKE daemon. It takes a connected stream-oriented Socket for the communication with the IKE daemon.

This class takes and returns ruby objects for the exchanged message data.

• Sections get encoded as Hash, containing other sections as Hash, or

• Key/Values, where the values are Strings as Hash values

• Lists get encoded as Arrays with String values

Non-String values that are not a Hash nor an Array get converted with .to_s during encoding.

Instance Method Summary

• #call(command, request = nil) ⇒ Object

  Issue a command request.

• #call_with_event(command, request, event, &block) ⇒ Object

  Issue a command request, but register for a specific event while the command is active.

• #check_success(reply) ⇒ Object

  Check if the reply of a command indicates “success”, otherwise raise a CommandExecError exception.

• #clear_creds ⇒ Object

  Clear all loaded credentials.

• #flush_certs(match = nil) ⇒ Object

  Flush credential cache.

• #get_algorithms ⇒ Object

  Get currently loaded algorithms and their implementation.

• #get_authorities ⇒ Object

  Get the names of certification authorities managed by vici.

• #get_conns ⇒ Object

  Get the names of connections managed by vici.

• #get_counters(options = nil) ⇒ Object

  Get global or connection-specific counters for IKE events.

• #get_keys ⇒ Object

  Get the identifiers of private keys loaded via vici.

• #get_pools(options) ⇒ Object

  Get the currently loaded pools.

• #get_shared ⇒ Object

  Get the unique identifiers of shared keys loaded via vici.

• #initialize(socket = nil) ⇒ Connection constructor

  Create a connection, optionally using the given socket.

• #initiate(options, &block) ⇒ Object

  Initiate a connection.

• #install(policy) ⇒ Object

  Install a shunt/route policy.

• #list_authorities(match = nil, &block) ⇒ Object

  List matching loaded certification authorities.

• #list_certs(match = nil, &block) ⇒ Object

  List matching loaded certificates.

• #list_conns(match = nil, &block) ⇒ Object

  List matching loaded connections.

• #list_policies(match, &block) ⇒ Object

  List matching installed policies.

• #list_sas(match = nil, &block) ⇒ Object

  List matching active SAs.

• #listen_events(events, &block) ⇒ Object

  Listen for a set of event messages.

• #load_authority(authority) ⇒ Object

  Load a certification authority into the daemon.

• #load_cert(cert) ⇒ Object

  Load a certificate into the daemon.

• #load_conn(conn) ⇒ Object

  Load a connection into the daemon.

• #load_key(key) ⇒ Object

  Load a private key into the daemon.

• #load_pool(pool) ⇒ Object

  Load a virtual IP / attribute pool into the daemon.

• #load_shared(shared) ⇒ Object

  Load a shared key into the daemon.

• #load_token(token) ⇒ Object

  Load a private key located on a token into the daemon.

• #redirect(options) ⇒ Object

  Redirect an IKE_SA.

• #rekey(options) ⇒ Object

  Initiate the rekeying of an SA.

• #reload_settings ⇒ Object

  Reload strongswan.conf settings.

• #reset_counters(options = nil) ⇒ Object

  Reset global or connection-specific IKE event counters.

• #stats ⇒ Object

  Get daemon statistics and information.

• #terminate(options, &block) ⇒ Object

  Terminate a connection.

• #uninstall(policy) ⇒ Object

  Uninstall a shunt/route policy.

• #unload_authority(authority) ⇒ Object

  Unload a certification authority from the daemon.

• #unload_conn(conn) ⇒ Object

  Unload a connection from the daemon.

• #unload_key(key) ⇒ Object

  Unload a private key from the daemon.

• #unload_pool(pool) ⇒ Object

  Unload a virtual IP / attribute pool from the daemon.

• #unload_shared(shared) ⇒ Object

  Unload a shared key from the daemon.

• #version ⇒ Object

  Get daemon version information.

Constructor Details

#initialize(socket = nil) ⇒ Connection

Create a connection, optionally using the given socket

# File 'lib/vici.rb', line 366

def initialize(socket = nil)
  socket = UNIXSocket.new("/var/run/charon.vici") if socket.nil?
  @transp = Transport.new(socket)
end

Instance Method Details

#call(command, request = nil) ⇒ Object

Issue a command request. Checks if the reply of a command indicates “success”, otherwise raises a CommandExecError exception.

# File 'lib/vici.rb', line 624

def call(command, request = nil)
  check_success(@transp.request(command, request))
end

#call_with_event(command, request, event, &block) ⇒ Object

Issue a command request, but register for a specific event while the command is active. VICI uses this mechanism to stream potentially large data objects continuously. The provided closure is invoked for all event messages.

# File 'lib/vici.rb', line 633

def call_with_event(command, request, event, &block)
  self.class.instance_eval do
    define_method(:call_event) do |_label, message|
      block.call(message.root)
    end
  end
  @transp.register(event, method(:call_event))
  begin
    reply = @transp.request(command, request)
  ensure
    @transp.unregister(event, method(:call_event))
  end
  check_success(reply)
end

#check_success(reply) ⇒ Object

Check if the reply of a command indicates “success”, otherwise raise a CommandExecError exception

# File 'lib/vici.rb', line 651

def check_success(reply)
  root = reply.root
  if root.key?("success") && root["success"] != "yes"
    raise CommandExecError, root["errmsg"]
  end

  root
end

#clear_creds ⇒ Object

Clear all loaded credentials.

# File 'lib/vici.rb', line 542

def clear_creds
  call("clear-creds")
end

#flush_certs(match = nil) ⇒ Object

Flush credential cache.

# File 'lib/vici.rb', line 536

def flush_certs(match = nil)
  call("flush-certs", Message.new(match))
end

#get_algorithms ⇒ Object

Get currently loaded algorithms and their implementation.

# File 'lib/vici.rb', line 578

def get_algorithms
  call("get-algorithms")
end

#get_authorities ⇒ Object

Get the names of certification authorities managed by vici.

# File 'lib/vici.rb', line 470

def get_authorities
  call("get-authorities")
end

#get_conns ⇒ Object

Get the names of connections managed by vici.

# File 'lib/vici.rb', line 449

def get_conns
  call("get-conns")
end

#get_counters(options = nil) ⇒ Object

Get global or connection-specific counters for IKE events.

# File 'lib/vici.rb', line 584

def get_counters(options = nil)
  call("get-counters", Message.new(options))
end

#get_keys ⇒ Object

Get the identifiers of private keys loaded via vici.

# File 'lib/vici.rb', line 506

def get_keys
  call("get-keys")
end

#get_pools(options) ⇒ Object

Get the currently loaded pools.

# File 'lib/vici.rb', line 572

def get_pools(options)
  call("get-pools", Message.new(options))
end

#get_shared ⇒ Object

Get the unique identifiers of shared keys loaded via vici.

# File 'lib/vici.rb', line 530

def get_shared
  call("get-shared")
end

#initiate(options, &block) ⇒ Object

Initiate a connection. The provided closure is invoked for each log line.

# File 'lib/vici.rb', line 391

def initiate(options, &block)
  call_with_event("initiate", Message.new(options), "control-log", &block)
end

#install(policy) ⇒ Object

Install a shunt/route policy.

# File 'lib/vici.rb', line 415

def install(policy)
  call("install", Message.new(policy))
end

#list_authorities(match = nil, &block) ⇒ Object

List matching loaded certification authorities. The provided closure is invoked for each matching certification authority definition.

# File 'lib/vici.rb', line 463

def list_authorities(match = nil, &block)
  call_with_event("list-authorities", Message.new(match), "list-authority",
                  &block)
end

#list_certs(match = nil, &block) ⇒ Object

List matching loaded certificates. The provided closure is invoked for each matching certificate definition.

# File 'lib/vici.rb', line 456

def list_certs(match = nil, &block)
  call_with_event("list-certs", Message.new(match), "list-cert", &block)
end

#list_conns(match = nil, &block) ⇒ Object

List matching loaded connections. The provided closure is invoked for each matching connection.

# File 'lib/vici.rb', line 443

def list_conns(match = nil, &block)
  call_with_event("list-conns", Message.new(match), "list-conn", &block)
end

#list_policies(match, &block) ⇒ Object

List matching installed policies. The provided closure is invoked for each matching policy.

# File 'lib/vici.rb', line 435

def list_policies(match, &block)
  call_with_event("list-policies", Message.new(match), "list-policy",
                  &block)
end

#list_sas(match = nil, &block) ⇒ Object

List matching active SAs. The provided closure is invoked for each matching SA.

# File 'lib/vici.rb', line 428

def list_sas(match = nil, &block)
  call_with_event("list-sas", Message.new(match), "list-sa", &block)
end

#listen_events(events, &block) ⇒ Object

Listen for a set of event messages. This call is blocking, and invokes the passed closure for each event received. The closure receives the event name and the event message as argument. To stop listening, the closure may raise a StopEventListening exception, the only caught exception.

# File 'lib/vici.rb', line 600

def listen_events(events, &block)
  self.class.instance_eval do
    define_method(:listen_event) do |label, message|
      block.call(label, message.root)
    end
  end
  events.each do |event|
    @transp.register(event, method(:listen_event))
  end
  begin
    loop do
      @transp.read_and_dispatch_event
    end
  rescue StopEventListening
  ensure
    events.each do |event|
      @transp.unregister(event, method(:listen_event))
    end
  end
end

#load_authority(authority) ⇒ Object

Load a certification authority into the daemon.

# File 'lib/vici.rb', line 548

def load_authority(authority)
  call("load-authority", Message.new(authority))
end

#load_cert(cert) ⇒ Object

Load a certificate into the daemon.

# File 'lib/vici.rb', line 488

def load_cert(cert)
  call("load-cert", Message.new(cert))
end

#load_conn(conn) ⇒ Object

Load a connection into the daemon.

# File 'lib/vici.rb', line 476

def load_conn(conn)
  call("load-conn", Message.new(conn))
end

#load_key(key) ⇒ Object

Load a private key into the daemon.

# File 'lib/vici.rb', line 494

def load_key(key)
  call("load-key", Message.new(key))
end

#load_pool(pool) ⇒ Object

Load a virtual IP / attribute pool into the daemon.

# File 'lib/vici.rb', line 560

def load_pool(pool)
  call("load-pool", Message.new(pool))
end

#load_shared(shared) ⇒ Object

Load a shared key into the daemon.

# File 'lib/vici.rb', line 518

def load_shared(shared)
  call("load-shared", Message.new(shared))
end

#load_token(token) ⇒ Object

Load a private key located on a token into the daemon.

# File 'lib/vici.rb', line 512

def load_token(token)
  call("load-token", Message.new(token))
end

#redirect(options) ⇒ Object

Redirect an IKE_SA.

# File 'lib/vici.rb', line 409

def redirect(options)
  call("redirect", Message.new(options))
end

#rekey(options) ⇒ Object

Initiate the rekeying of an SA.

# File 'lib/vici.rb', line 403

def rekey(options)
  call("rekey", Message.new(options))
end

#reload_settings ⇒ Object

Reload strongswan.conf settings.

# File 'lib/vici.rb', line 385

def reload_settings
  call("reload-settings")
end

#reset_counters(options = nil) ⇒ Object

Reset global or connection-specific IKE event counters.

# File 'lib/vici.rb', line 590

def reset_counters(options = nil)
  call("reset-counters", Message.new(options))
end

#stats ⇒ Object

Get daemon statistics and information.

# File 'lib/vici.rb', line 379

def stats
  call("stats")
end

#terminate(options, &block) ⇒ Object

Terminate a connection. The provided closure is invoked for each log line.

# File 'lib/vici.rb', line 397

def terminate(options, &block)
  call_with_event("terminate", Message.new(options), "control-log", &block)
end

#uninstall(policy) ⇒ Object

Uninstall a shunt/route policy.

# File 'lib/vici.rb', line 421

def uninstall(policy)
  call("uninstall", Message.new(policy))
end

#unload_authority(authority) ⇒ Object

Unload a certification authority from the daemon.

# File 'lib/vici.rb', line 554

def unload_authority(authority)
  call("unload-authority", Message.new(authority))
end

#unload_conn(conn) ⇒ Object

Unload a connection from the daemon.

# File 'lib/vici.rb', line 482

def unload_conn(conn)
  call("unload-conn", Message.new(conn))
end

#unload_key(key) ⇒ Object

Unload a private key from the daemon.

# File 'lib/vici.rb', line 500

def unload_key(key)
  call("unload-key", Message.new(key))
end

#unload_pool(pool) ⇒ Object

Unload a virtual IP / attribute pool from the daemon.

# File 'lib/vici.rb', line 566

def unload_pool(pool)
  call("unload-pool", Message.new(pool))
end

#unload_shared(shared) ⇒ Object

Unload a shared key from the daemon.

# File 'lib/vici.rb', line 524

def unload_shared(shared)
  call("unload-shared", Message.new(shared))
end

#version ⇒ Object

Get daemon version information

# File 'lib/vici.rb', line 373

def version
  call("version")
end