certificate_db.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_CERTIFICATE_DB_H
10 #define SQUID_SSL_CERTIFICATE_DB_H
11 
12 #include "ssl/gadgets.h"
13 
14 #if HAVE_OPENSSL_OPENSSLV_H
15 #include <openssl/opensslv.h>
16 #endif
17 #include <string>
18 
19 namespace Ssl
20 {
22 class Lock
23 {
24 public:
25  explicit Lock(std::string const &filename);
26  ~Lock();
27  void lock();
28  void unlock();
29  bool locked() const;
30  const char *name() const { return filename.c_str(); }
31 private:
32  std::string filename;
33 #if _SQUID_WINDOWS_
34  HANDLE hFile;
35 #else
36  int fd;
37 #endif
38 };
39 
41 class Locker
42 {
43 public:
45  Locker(Lock &lock, const char *aFileName, int lineNo);
47  ~Locker();
48 private:
49  bool weLocked;
51  const std::string fileName;
52  const int lineNo;
53 };
54 
56 #define Here __FILE__, __LINE__
57 
68 {
69 public:
71  enum Columns {
72  cnlKey = 0, //< The key to use for storing/retrieving entries from DB.
78  };
79 
81  class Row
82  {
83  public:
85  Row();
87  Row(char **row, size_t width);
89  ~Row();
90  void setValue(size_t number, char const * value);
91  char ** getRow();
92  void reset();
93  private:
94  char **row;
95  size_t width;
96  };
97 
98  CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
100  bool find(std::string const & key, const Security::CertPointer &expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
102  bool purgeCert(std::string const & key);
104  bool addCertAndPrivateKey(std::string const & useKey, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
105 
106  bool IsEnabledDiskStore() const;
107 
109  static void Create(std::string const & db_path);
111  static void Check(std::string const & db_path, size_t max_db_size, size_t fs_block_size);
112 private:
113  void load();
114  void save();
115  size_t size();
116  void addSize(std::string const & filename);
119  void subSize(std::string const & filename);
120  size_t readSize();
121  void writeSize(size_t db_size);
122  size_t getFileSize(std::string const & filename);
123  size_t rebuildSize();
124  bool pure_find(std::string const & key, const Security::CertPointer & expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
126 
127  void deleteRow(const char **row, int rowIndex);
128  bool deleteInvalidCertificate();
129  bool deleteOldestCertificate();
130  bool deleteByKey(std::string const & key);
131  bool hasRows() const;
132 
134  static bool WriteEntry(const std::string &filename, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
135 
137  static bool ReadEntry(std::string filename, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, Security::CertPointer &orig);
138 
140  static void sq_TXT_DB_delete(TXT_DB *db, const char **row);
142  static void sq_TXT_DB_delete_row(TXT_DB *db, int idx);
143 
145  static unsigned long index_serial_hash(const char **a);
147  static int index_serial_cmp(const char **a, const char **b);
149  static unsigned long index_name_hash(const char **a);
151  static int index_name_cmp(const char **a, const char **b);
152 
155 #if SQUID_USE_SSLLHASH_HACK
156  static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
157  return index_serial_hash((const char **)a);
158  }
159  static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
160  return index_serial_cmp((const char **)arg1, (const char **)arg2);
161  }
162  static unsigned long index_name_hash_LHASH_HASH(const void *a) {
163  return index_name_hash((const char **)a);
164  }
165  static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
166  return index_name_cmp((const char **)arg1, (const char **)arg2);
167  }
168 #else
169  static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
170  static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
171  static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
172  static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
173 #endif
174 
175  static const std::string db_file;
176  static const std::string cert_dir;
177  static const std::string size_file;
178  static const size_t min_db_size;
180 
181  const std::string db_path;
182  const std::string db_full;
183  const std::string cert_full;
184  const std::string size_full;
185 
187  const size_t max_db_size;
188  const size_t fs_block_size;
189  mutable Lock dbLock;
190 
192 };
193 
194 } // namespace Ssl
195 #endif // SQUID_SSL_CERTIFICATE_DB_H
196 
bool deleteInvalidCertificate()
Delete invalid certificate.
static bool WriteEntry(const std::string &filename, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
stores the db entry into a file
void addSize(std::string const &filename)
Increase db size by the given file size and update size_file.
~Lock()
releases the lock if it is locked
TXT_DB_Pointer db
Database with certificates info.
static int index_name_cmp(const char **a, const char **b)
Callback compare function for names. Used to create TXT_DB index of names..
const char * name() const
Lock & lock
the lock we are operating on
an exception-safe way to obtain and release a lock
static const size_t min_db_size
Min size of disk db. If real size < min_db_size the db will be disabled.
size_t readSize()
Read size from file size_file.
static void Create(std::string const &db_path)
Create and initialize a database under the db_path.
Lock(std::string const &filename)
creates an unlocked lock
static unsigned long index_serial_hash(const char **a)
Callback hash function for serials. Used to create TXT_DB index of serials.
bool deleteOldestCertificate()
Delete oldest certificate.
bool IsEnabledDiskStore() const
Check enabled of dist store.
const size_t max_db_size
Max size of db.
static const char **static const char **static const std::string db_file
Base name of the database index file.
bool pure_find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
Only find certificate in current db and return it.
void unlock()
unlocks locked lock or throws
static void sq_TXT_DB_delete(TXT_DB *db, const char **row)
Removes the first matching row from TXT_DB. Ignores failures.
static int index_serial_cmp(const char **a, const char **b)
Callback compare function for serials. Used to create TXT_DB index of serials.
~Locker()
unlocks the lock if it was locked by us
bool locked() const
whether our lock is locked
int fd
Linux file descriptor.
bool deleteByKey(std::string const &key)
Delete using key.
size_t getFileSize(std::string const &filename)
get file size on disk.
const std::string size_full
Full path of the file to store the db size.
static void sq_TXT_DB_delete_row(TXT_DB *db, int idx)
Remove the row on position idx from TXT_DB. Ignores failures.
static void Check(std::string const &db_path, size_t max_db_size, size_t fs_block_size)
Check the database stored under the db_path.
char ** row
Raw row.
const std::string cert_full
Full path of the directory to store the certs.
Row()
Create row wrapper.
bool enabled_disk_store
The storage on the disk is enabled.
void writeSize(size_t db_size)
Write size to file size_file.
bool find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
finds matching generated certificate and its private key
maintains an exclusive blocking file-based lock
bool purgeCert(std::string const &key)
Delete a certificate from database.
size_t width
Number of cells in the row.
const std::string db_path
The database directory.
bool hasRows() const
Whether the TXT_DB has stored items.
const std::string fileName
where the lock was needed
number
Definition: testStatHist.cc:16
Locker(Lock &lock, const char *aFileName, int lineNo)
locks the lock if the lock was unlocked
void lock()
locks the lock, may block
char ** getRow()
Raw row.
bool weLocked
whether we locked the lock
const int lineNo
where the lock was needed
Lock dbLock
protects the database file
void reset()
Abandon row and don't free memory.
static unsigned long index_name_hash(const char **a)
Callback hash function for names. Used to create TXT_DB index of names..
~Row()
Delete all row.
A wrapper for OpenSSL database row of TXT_DB database.
void const cache_key * key
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *,&TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:56
static const std::string cert_dir
Base name of the directory to store the certs.
static IMPLEMENT_LHASH_HASH_FN(index_serial_hash, const char **) static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp
std::string filename
static const std::string size_file
const size_t fs_block_size
File system block size.
void save()
Save db to disk.
CertificateDb(std::string const &db_path, size_t aMax_db_size, size_t aFs_block_size)
Columns
Names of db columns.
void deleteRow(const char **row, int rowIndex)
Delete a row from TXT_DB.
void subSize(std::string const &filename)
Decrease db size by the given file size and update size_file.
void load()
Load db from disk.
bool addCertAndPrivateKey(std::string const &useKey, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
Save certificate to disk.
static bool ReadEntry(std::string filename, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, Security::CertPointer &orig)
loads a db entry from the file
const std::string db_full
Full path of the database index file.
void setValue(size_t number, char const *value)
Set cell's value in row.

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors