# Linux ipsec(8) completion (for FreeS/WAN and strongSwan) -*- shell-script -*-

# Complete ipsec.conf conn entries.
#
# Reads a file from stdin in the ipsec.conf(5) format.
_ipsec_connections()
{
    local keyword name
    while read -r keyword name; do
        if [[ $keyword = [#]* ]]; then continue; fi
        [[ $keyword == conn && $name != '%default' ]] && COMPREPLY+=( "$name" )
    done
    COMPREPLY=( $( compgen -W '${COMPREPLY[@]}' -- "$cur" ) )
}

_ipsec_freeswan()
{
    local cur prev words cword
    _init_completion || return

    if [[ $cword -eq 1 ]]; then
        COMPREPLY=( $( compgen -W 'auto barf eroute klipsdebug look manual \
            pluto ranbits rsasigkey setup showdefaults showhostkey spi spigrp \
            tncfg whack' -- "$cur" ) )
        return 0
    fi

    case ${words[1]} in
        auto)
            COMPREPLY=( $( compgen -W '--asynchronous --up --add --delete \
                --replace --down --route --unroute \
                --ready --status --rereadsecrets' \
                -- "$cur" ) )
            ;;
        manual)
            COMPREPLY=( $( compgen -W '--up --down --route --unroute \
                --union' -- "$cur" ) )
            ;;
        ranbits)
            COMPREPLY=( $( compgen -W '--quick --continuous --bytes' \
                -- "$cur" ) )
            ;;
        setup)
            COMPREPLY=( $( compgen -W '--start --stop --restart' -- "$cur" ) )
            ;;
        *)
            ;;
    esac

    return 0
}

_ipsec_strongswan()
{
    local cur prev words cword
    _init_completion || return

    if [[ $cword -eq 1 ]]; then
        COMPREPLY=( $( compgen -W 'down irdumm leases listaacerts listacerts \
            listalgs listall listcacerts listcainfos listcards listcerts \
            listcrls listgroups listocsp listocspcerts listpubkeys openac pki
            pluto pool purgecerts purgecrls purgeike purgeocsp ready reload \
            rereadaacerts rereadacerts rereadall rereadcacerts rereadcrls \
            rereadgroups rereadocspcerts rereadsecrets restart route scdecrypt \
            scencrypt scepclient secrets start starter status statusall stop \
            stroke unroute uci up update version whack --confdir --copyright \
            --directory --help --version --versioncode' -- "$cur" ) )
        return 0
    fi

    case ${words[1]} in
        down|route|status|statusall|unroute|up)
            local confdir=$( ipsec --confdir )
            _ipsec_connections < "$confdir/ipsec.conf"
            ;;
        list*)
            COMPREPLY=( $( compgen -W '--utc' -- "$cur" ) )
            ;;
        restart|start)
            COMPREPLY=( $( compgen -W '--attach-gdb --auto-update --debug \
                --debug-all --debug-more --nofork' -- "$cur" ) )
            ;;
        pki)
            COMPREPLY=( $( compgen -W '--gen --issue --keyid --print --pub \
                --req --self --signcrl --verify' -- "$cur" ) )
            ;;
        pool)
            ;;
        irdumm)
            _filedir 'rb'
            ;;
        *)
            ;;
    esac

    return 0
}

case "$( ipsec --version 2>/dev/null )" in
    *strongSwan*)
        complete -F _ipsec_strongswan ipsec
        ;;
    *)
        complete -F _ipsec_freeswan ipsec
        ;;
esac

# ex: ts=4 sw=4 et filetype=sh
