certificate_db.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_CERTIFICATE_DB_H
10 #define SQUID_SSL_CERTIFICATE_DB_H
11 
12 #include "ssl/gadgets.h"
13 
14 #include <string>
15 
16 namespace Ssl
17 {
19 class Lock
20 {
21 public:
22  explicit Lock(std::string const &filename);
23  ~Lock();
24  void lock();
25  void unlock();
26  bool locked() const;
27  const char *name() const { return filename.c_str(); }
28 private:
29  std::string filename;
30 #if _SQUID_WINDOWS_
31  HANDLE hFile;
32 #else
33  int fd;
34 #endif
35 };
36 
38 class Locker
39 {
40 public:
42  Locker(Lock &lock, const char *aFileName, int lineNo);
44  ~Locker();
45 private:
46  bool weLocked;
47  Lock &lock;
48  const std::string fileName;
49  const int lineNo;
50 };
51 
53 #define Here __FILE__, __LINE__
54 
64 class CertificateDb
65 {
66 public:
68  enum Columns {
69  cnlKey = 0, //< The key to use for storing/retrieving entries from DB.
70  cnlExp_date,
71  cnlRev_date,
72  cnlSerial,
73  cnlName,
74  cnlNumber
75  };
76 
78  class Row
79  {
80  public:
82  Row();
84  Row(char **row, size_t width);
86  ~Row();
87  void setValue(size_t number, char const * value);
88  char ** getRow();
89  void reset();
90  private:
91  char **row;
92  size_t width;
93  };
94 
95  CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
97  bool find(std::string const & key, const Security::CertPointer &expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
99  bool purgeCert(std::string const & key);
101  bool addCertAndPrivateKey(std::string const & useKey, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
102 
104  static void Create(std::string const & db_path);
106  static void Check(std::string const & db_path, size_t max_db_size, size_t fs_block_size);
107 private:
108  void load();
109  void save();
110  size_t size();
111  void addSize(std::string const & filename);
114  void subSize(std::string const & filename);
115  size_t readSize();
116  void writeSize(size_t db_size);
117  size_t getFileSize(std::string const & filename);
118  size_t rebuildSize();
119  bool pure_find(std::string const & key, const Security::CertPointer & expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
121 
122  void deleteRow(const char **row, int rowIndex);
123  bool deleteInvalidCertificate();
124  bool deleteOldestCertificate();
125  bool deleteByKey(std::string const & key);
126  bool hasRows() const;
127 
129  static bool WriteEntry(const std::string &filename, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
130 
132  static bool ReadEntry(std::string filename, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, Security::CertPointer &orig);
133 
135  static void sq_TXT_DB_delete(TXT_DB *db, const char **row);
137  static void sq_TXT_DB_delete_row(TXT_DB *db, int idx);
138 
140  static unsigned long index_serial_hash(const char **a);
142  static int index_serial_cmp(const char **a, const char **b);
144  static unsigned long index_name_hash(const char **a);
146  static int index_name_cmp(const char **a, const char **b);
147 
150 #if SQUID_USE_SSLLHASH_HACK
151  static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
152  return index_serial_hash((const char **)a);
153  }
154  static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
155  return index_serial_cmp((const char **)arg1, (const char **)arg2);
156  }
157  static unsigned long index_name_hash_LHASH_HASH(const void *a) {
158  return index_name_hash((const char **)a);
159  }
160  static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
161  return index_name_cmp((const char **)arg1, (const char **)arg2);
162  }
163 #else
164  static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
165  static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
166  static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
167  static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
168 #endif
169 
170  static const std::string db_file;
171  static const std::string cert_dir;
172  static const std::string size_file;
173  static const size_t min_db_size;
175 
176  const std::string db_path;
177  const std::string db_full;
178  const std::string cert_full;
179  const std::string size_full;
180 
181  TXT_DB_Pointer db;
182  const size_t max_db_size;
183  const size_t fs_block_size;
184  mutable Lock dbLock;
185 };
186 
187 } // namespace Ssl
188 #endif // SQUID_SSL_CERTIFICATE_DB_H
189 
Ssl::Lock::~Lock
~Lock()
releases the lock if it is locked
Definition: certificate_db.cc:93
Ssl::CertificateDb::db
TXT_DB_Pointer db
Database with certificates info.
Definition: certificate_db.h:181
Ssl::Locker::lock
Lock & lock
the lock we are operating on
Definition: certificate_db.h:47
Ssl::Locker
an exception-safe way to obtain and release a lock
Definition: certificate_db.h:38
Ssl::Lock::Lock
Lock(std::string const &filename)
creates an unlocked lock
Definition: certificate_db.cc:29
Ssl::CertificateDb::max_db_size
const size_t max_db_size
Max size of db.
Definition: certificate_db.h:182
Ssl::CertificateDb::db_file
static const char **static const char **static const std::string db_file
Base name of the database index file.
Definition: certificate_db.h:170
Ssl::Lock::unlock
void unlock()
unlocks locked lock or throws
Definition: certificate_db.cc:70
Ssl::Lock::fd
int fd
Linux file descriptor.
Definition: certificate_db.h:33
Ssl::CertificateDb::size_full
const std::string size_full
Full path of the file to store the db size.
Definition: certificate_db.h:179
Ssl::CertificateDb::Row::row
char ** row
Raw row.
Definition: certificate_db.h:91
Ssl::CertificateDb::cert_full
const std::string cert_full
Full path of the directory to store the certs.
Definition: certificate_db.h:178
Ssl::Lock
maintains an exclusive blocking file-based lock
Definition: certificate_db.h:19
Ssl::Lock::name
const char * name() const
Definition: certificate_db.h:27
Ssl::CertificateDb::Row::width
size_t width
Number of cells in the row.
Definition: certificate_db.h:92
Ssl::CertificateDb::db_path
const std::string db_path
The database directory.
Definition: certificate_db.h:176
Ssl::Locker::fileName
const std::string fileName
where the lock was needed
Definition: certificate_db.h:48
number
number
Definition: testStatHist.cc:16
Ssl
Definition: Xaction.cc:47
Ssl::Lock::lock
void lock()
locks the lock, may block
Definition: certificate_db.cc:48
Ssl::Locker::weLocked
bool weLocked
whether we locked the lock
Definition: certificate_db.h:46
Ssl::Locker::lineNo
const int lineNo
where the lock was needed
Definition: certificate_db.h:49
Ssl::CertificateDb::dbLock
Lock dbLock
protects the database file
Definition: certificate_db.h:184
db_path
char * db_path
Definition: ext_session_acl.cc:63
Ssl::CertificateDb::Row
A wrapper for OpenSSL database row of TXT_DB database.
Definition: certificate_db.h:78
Ssl::Lock::locked
bool locked() const
whether our lock is locked
Definition: certificate_db.cc:39
Ssl::TXT_DB_Pointer
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:56
Ssl::CertificateDb::cert_dir
static const std::string cert_dir
Base name of the directory to store the certs.
Definition: certificate_db.h:171
Ssl::Lock::filename
std::string filename
Definition: certificate_db.h:29
Ssl::CertificateDb::size_file
static const std::string size_file
Definition: certificate_db.h:172
Ssl::CertificateDb::fs_block_size
const size_t fs_block_size
File system block size.
Definition: certificate_db.h:183
Ssl::CertificateDb::Columns
Columns
Names of db columns.
Definition: certificate_db.h:68
db
TDB_CONTEXT * db
Definition: ext_time_quota_acl.cc:55
size
int size
Definition: ModDevPoll.cc:77
Ssl::CertificateDb::db_full
const std::string db_full
Full path of the database index file.
Definition: certificate_db.h:177

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors