certificate_db.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_CERTIFICATE_DB_H
10 #define SQUID_SSL_CERTIFICATE_DB_H
11 
12 #include "ssl/gadgets.h"
13 
14 #if HAVE_OPENSSL_OPENSSLV_H
15 #include <openssl/opensslv.h>
16 #endif
17 #include <string>
18 
19 namespace Ssl
20 {
22 class Lock
23 {
24 public:
25  explicit Lock(std::string const &filename);
26  ~Lock();
27  void lock();
28  void unlock();
29  bool locked() const;
30  const char *name() const { return filename.c_str(); }
31 private:
32  std::string filename;
33 #if _SQUID_WINDOWS_
34  HANDLE hFile;
35 #else
36  int fd;
37 #endif
38 };
39 
41 class Locker
42 {
43 public:
45  Locker(Lock &lock, const char *aFileName, int lineNo);
47  ~Locker();
48 private:
49  bool weLocked;
51  const std::string fileName;
52  const int lineNo;
53 };
54 
56 #define Here __FILE__, __LINE__
57 
68 {
69 public:
71  enum Columns {
72  cnlKey = 0, //< The key to use for storing/retrieving entries from DB.
78  };
79 
81  class Row
82  {
83  public:
85  Row();
87  Row(char **row, size_t width);
89  ~Row();
90  void setValue(size_t number, char const * value);
91  char ** getRow();
92  void reset();
93  private:
94  char **row;
95  size_t width;
96  };
97 
98  CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
100  bool find(std::string const & key, const Security::CertPointer &expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
102  bool purgeCert(std::string const & key);
104  bool addCertAndPrivateKey(std::string const & useKey, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
105 
107  static void Create(std::string const & db_path);
109  static void Check(std::string const & db_path, size_t max_db_size, size_t fs_block_size);
110 private:
111  void load();
112  void save();
113  size_t size();
114  void addSize(std::string const & filename);
117  void subSize(std::string const & filename);
118  size_t readSize();
119  void writeSize(size_t db_size);
120  size_t getFileSize(std::string const & filename);
121  size_t rebuildSize();
122  bool pure_find(std::string const & key, const Security::CertPointer & expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
124 
125  void deleteRow(const char **row, int rowIndex);
126  bool deleteInvalidCertificate();
127  bool deleteOldestCertificate();
128  bool deleteByKey(std::string const & key);
129  bool hasRows() const;
130 
132  static bool WriteEntry(const std::string &filename, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
133 
135  static bool ReadEntry(std::string filename, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, Security::CertPointer &orig);
136 
138  static void sq_TXT_DB_delete(TXT_DB *db, const char **row);
140  static void sq_TXT_DB_delete_row(TXT_DB *db, int idx);
141 
143  static unsigned long index_serial_hash(const char **a);
145  static int index_serial_cmp(const char **a, const char **b);
147  static unsigned long index_name_hash(const char **a);
149  static int index_name_cmp(const char **a, const char **b);
150 
153 #if SQUID_USE_SSLLHASH_HACK
154  static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
155  return index_serial_hash((const char **)a);
156  }
157  static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
158  return index_serial_cmp((const char **)arg1, (const char **)arg2);
159  }
160  static unsigned long index_name_hash_LHASH_HASH(const void *a) {
161  return index_name_hash((const char **)a);
162  }
163  static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
164  return index_name_cmp((const char **)arg1, (const char **)arg2);
165  }
166 #else
167  static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
168  static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
169  static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
170  static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
171 #endif
172 
173  static const std::string db_file;
174  static const std::string cert_dir;
175  static const std::string size_file;
176  static const size_t min_db_size;
178 
179  const std::string db_path;
180  const std::string db_full;
181  const std::string cert_full;
182  const std::string size_full;
183 
185  const size_t max_db_size;
186  const size_t fs_block_size;
187  mutable Lock dbLock;
188 };
189 
190 } // namespace Ssl
191 #endif // SQUID_SSL_CERTIFICATE_DB_H
192 
bool deleteInvalidCertificate()
Delete invalid certificate.
static bool WriteEntry(const std::string &filename, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
stores the db entry into a file
void addSize(std::string const &filename)
Increase db size by the given file size and update size_file.
~Lock()
releases the lock if it is locked
TXT_DB_Pointer db
Database with certificates info.
static int index_name_cmp(const char **a, const char **b)
Callback compare function for names. Used to create TXT_DB index of names..
const char * name() const
Lock & lock
the lock we are operating on
an exception-safe way to obtain and release a lock
static const size_t min_db_size
Min size of disk db. If real size &lt; min_db_size the db will be disabled.
size_t readSize()
Read size from file size_file.
static void Create(std::string const &db_path)
Create and initialize a database under the db_path.
Lock(std::string const &filename)
creates an unlocked lock
static unsigned long index_serial_hash(const char **a)
Callback hash function for serials. Used to create TXT_DB index of serials.
bool deleteOldestCertificate()
Delete oldest certificate.
const size_t max_db_size
Max size of db.
static const char **static const char **static const std::string db_file
Base name of the database index file.
bool pure_find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
Only find certificate in current db and return it.
void unlock()
unlocks locked lock or throws
static void sq_TXT_DB_delete(TXT_DB *db, const char **row)
Removes the first matching row from TXT_DB. Ignores failures.
static int index_serial_cmp(const char **a, const char **b)
Callback compare function for serials. Used to create TXT_DB index of serials.
~Locker()
unlocks the lock if it was locked by us
bool locked() const
whether our lock is locked
int fd
Linux file descriptor.
bool deleteByKey(std::string const &key)
Delete using key.
size_t getFileSize(std::string const &filename)
get file size on disk.
const std::string size_full
Full path of the file to store the db size.
static void sq_TXT_DB_delete_row(TXT_DB *db, int idx)
Remove the row on position idx from TXT_DB. Ignores failures.
static void Check(std::string const &db_path, size_t max_db_size, size_t fs_block_size)
Check the database stored under the db_path.
char ** row
Raw row.
const std::string cert_full
Full path of the directory to store the certs.
Row()
Create row wrapper.
void writeSize(size_t db_size)
Write size to file size_file.
bool find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
finds matching generated certificate and its private key
maintains an exclusive blocking file-based lock
bool purgeCert(std::string const &key)
Delete a certificate from database.
size_t width
Number of cells in the row.
const std::string db_path
The database directory.
bool hasRows() const
Whether the TXT_DB has stored items.
const std::string fileName
where the lock was needed
number
Definition: testStatHist.cc:16
Locker(Lock &lock, const char *aFileName, int lineNo)
locks the lock if the lock was unlocked
void lock()
locks the lock, may block
char ** getRow()
Raw row.
bool weLocked
whether we locked the lock
const int lineNo
where the lock was needed
Lock dbLock
protects the database file
void reset()
Abandon row and don&#39;t free memory.
static unsigned long index_name_hash(const char **a)
Callback hash function for names. Used to create TXT_DB index of names..
~Row()
Delete all row.
A wrapper for OpenSSL database row of TXT_DB database.
int a
Definition: membanger.c:50
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *,&TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:56
static const std::string cert_dir
Base name of the directory to store the certs.
static IMPLEMENT_LHASH_HASH_FN(index_serial_hash, const char **) static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp
std::string filename
static const std::string size_file
const size_t fs_block_size
File system block size.
void save()
Save db to disk.
CertificateDb(std::string const &db_path, size_t aMax_db_size, size_t aFs_block_size)
Columns
Names of db columns.
void deleteRow(const char **row, int rowIndex)
Delete a row from TXT_DB.
void subSize(std::string const &filename)
Decrease db size by the given file size and update size_file.
void load()
Load db from disk.
bool addCertAndPrivateKey(std::string const &useKey, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
Save certificate to disk.
static bool ReadEntry(std::string filename, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, Security::CertPointer &orig)
loads a db entry from the file
const std::string db_full
Full path of the database index file.
void setValue(size_t number, char const *value)
Set cell&#39;s value in row.

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors