# Linux ipsec(8) completion (for FreeS/WAN and strongSwan) -*- shell-script -*-

# Complete ipsec.conf conn entries.
#
# Reads a file from stdin in the ipsec.conf(5) format.
_ipsec_connections()
{
    local keyword name
    while read -r keyword name; do
        if [[ $keyword == [#]* ]]; then continue; fi
        [[ $keyword == conn && $name != '%default' ]] && COMPREPLY+=("$name")
    done
    COMPREPLY=($(compgen -W '${COMPREPLY[@]}' -- "$cur"))
}

_ipsec_freeswan()
{
    local cur prev words cword
    _init_completion || return

    if ((cword == 1)); then
        COMPREPLY=($(compgen -W 'auto barf eroute klipsdebug look manual
            pluto ranbits rsasigkey setup showdefaults showhostkey spi spigrp
            tncfg whack' -- "$cur"))
        return
    fi

    case ${words[1]} in
        auto)
            COMPREPLY=($(compgen -W '--asynchronous --up --add --delete
                --replace --down --route --unroute --ready --status
                --rereadsecrets' -- "$cur"))
            ;;
        manual)
            COMPREPLY=($(compgen -W '--up --down --route --unroute --union' \
                -- "$cur"))
            ;;
        ranbits)
            COMPREPLY=($(compgen -W '--quick --continuous --bytes' -- "$cur"))
            ;;
        setup)
            COMPREPLY=($(compgen -W '--start --stop --restart' -- "$cur"))
            ;;
        *) ;;

    esac
}

_ipsec_strongswan()
{
    local cur prev words cword
    _init_completion || return

    if ((cword == 1)); then
        COMPREPLY=($(compgen -W 'down irdumm leases listaacerts listacerts
            listalgs listall listcacerts listcainfos listcards listcerts
            listcrls listgroups listocsp listocspcerts listpubkeys openac pki
            pluto pool purgecerts purgecrls purgeike purgeocsp ready reload
            rereadaacerts rereadacerts rereadall rereadcacerts rereadcrls
            rereadgroups rereadocspcerts rereadsecrets restart route scdecrypt
            scencrypt scepclient secrets start starter status statusall stop
            stroke unroute uci up update version whack --confdir --copyright
            --directory --help --version --versioncode' -- "$cur"))
        return
    fi

    case ${words[1]} in
        down | route | status | statusall | unroute | up)
            local confdir=$(ipsec --confdir)
            _ipsec_connections <"$confdir/ipsec.conf"
            ;;
        list*)
            COMPREPLY=($(compgen -W '--utc' -- "$cur"))
            ;;
        restart | start)
            COMPREPLY=($(compgen -W '--attach-gdb --auto-update --debug
                --debug-all --debug-more --nofork' -- "$cur"))
            ;;
        pki)
            COMPREPLY=($(compgen -W '--gen --issue --keyid --print --pub
                --req --self --signcrl --verify' -- "$cur"))
            ;;
        pool) ;;

        irdumm)
            _filedir 'rb'
            ;;
        *) ;;

    esac
}

case "$(ipsec --version 2>/dev/null)" in
    *strongSwan*)
        complete -F _ipsec_strongswan ipsec
        ;;
    *)
        complete -F _ipsec_freeswan ipsec
        ;;
esac

# ex: filetype=sh