certificate_db.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_CERTIFICATE_DB_H
10 #define SQUID_SSL_CERTIFICATE_DB_H
11 
12 #include "base/Here.h"
13 #include "ssl/gadgets.h"
14 
15 #include <string>
16 
17 namespace Ssl
18 {
20 class Lock
21 {
22 public:
23  explicit Lock(std::string const &filename);
24  ~Lock();
25  void lock();
26  void unlock();
27  bool locked() const;
28  const char *name() const { return filename.c_str(); }
29 private:
30  std::string filename;
31 #if _SQUID_WINDOWS_
32  HANDLE hFile;
33 #else
34  int fd;
35 #endif
36 };
37 
39 class Locker
40 {
41 public:
43  Locker(Lock &, const SourceLocation &);
45  ~Locker();
46 private:
47  bool weLocked;
48  Lock &lock;
49 
51  const SourceLocation caller;
52 };
53 
63 class CertificateDb
64 {
65 public:
67  enum Columns {
68  cnlKey = 0, //< The key to use for storing/retrieving entries from DB.
69  cnlExp_date,
70  cnlRev_date,
71  cnlSerial,
72  cnlName,
73  cnlNumber
74  };
75 
77  class Row
78  {
79  public:
81  Row();
83  Row(char **row, size_t width);
85  ~Row();
86  void setValue(size_t number, char const * value);
87  char ** getRow();
88  void reset();
89  private:
90  char **row;
91  size_t width;
92  };
93 
94  CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
96  bool find(std::string const & key, const Security::CertPointer &expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
98  bool purgeCert(std::string const & key);
100  bool addCertAndPrivateKey(std::string const & useKey, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
101 
103  static void Create(std::string const & db_path);
105  static void Check(std::string const & db_path, size_t max_db_size, size_t fs_block_size);
106 private:
107  void load();
108  void save();
109  size_t size();
111  void addSize(std::string const & filename);
113  void subSize(std::string const & filename);
114  size_t readSize();
115  void writeSize(size_t db_size);
116  size_t getFileSize(std::string const & filename);
117  size_t rebuildSize();
119  bool pure_find(std::string const & key, const Security::CertPointer & expectedOrig, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey);
120 
121  void deleteRow(const char **row, int rowIndex);
122  bool deleteInvalidCertificate();
123  bool deleteOldestCertificate();
124  bool deleteByKey(std::string const & key);
125  bool hasRows() const;
126 
128  static bool WriteEntry(const std::string &filename, const Security::CertPointer & cert, const Security::PrivateKeyPointer & pkey, const Security::CertPointer &orig);
129 
131  static bool ReadEntry(std::string filename, Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, Security::CertPointer &orig);
132 
134  static void sq_TXT_DB_delete(TXT_DB *db, const char **row);
136  static void sq_TXT_DB_delete_row(TXT_DB *db, int idx);
137 
139  static unsigned long index_serial_hash(const char **a);
141  static int index_serial_cmp(const char **a, const char **b);
143  static unsigned long index_name_hash(const char **a);
145  static int index_name_cmp(const char **a, const char **b);
146 
149 #if SQUID_USE_SSLLHASH_HACK
150  static unsigned long index_serial_hash_LHASH_HASH(const void *a) {
151  return index_serial_hash((const char **)a);
152  }
153  static int index_serial_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
154  return index_serial_cmp((const char **)arg1, (const char **)arg2);
155  }
156  static unsigned long index_name_hash_LHASH_HASH(const void *a) {
157  return index_name_hash((const char **)a);
158  }
159  static int index_name_cmp_LHASH_COMP(const void *arg1, const void *arg2) {
160  return index_name_cmp((const char **)arg1, (const char **)arg2);
161  }
162 #else
163  static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
164  static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
165  static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
166  static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
167 #endif
168 
169  static const std::string db_file;
170  static const std::string cert_dir;
171  static const std::string size_file;
173  static const size_t min_db_size;
174 
175  const std::string db_path;
176  const std::string db_full;
177  const std::string cert_full;
178  const std::string size_full;
179 
180  TXT_DB_Pointer db;
181  const size_t max_db_size;
182  const size_t fs_block_size;
183  mutable Lock dbLock;
184 };
185 
186 } // namespace Ssl
187 #endif // SQUID_SSL_CERTIFICATE_DB_H
188 
SourceLocation
a source code location that is cheap to create, copy, and store
Definition: Here.h:30
Ssl::CertificateDb::Row
A wrapper for OpenSSL database row of TXT_DB database.
Definition: certificate_db.h:78
Ssl::CertificateDb::Row::setValue
void setValue(size_t number, char const *value)
Set cell's value in row.
Definition: certificate_db.cc:157
Ssl::CertificateDb::Row::width
size_t width
Number of cells in the row.
Definition: certificate_db.h:91
Ssl::CertificateDb::Row::Row
Row()
Create row wrapper.
Definition: certificate_db.cc:116
Ssl::CertificateDb::Row::reset
void reset()
Abandon row and don't free memory.
Definition: certificate_db.cc:152
Ssl::CertificateDb::Row::getRow
char ** getRow()
Raw row.
Definition: certificate_db.cc:170
Ssl::CertificateDb::deleteByKey
bool deleteByKey(std::string const &key)
Delete using key.
Definition: certificate_db.cc:591
Ssl::CertificateDb::fs_block_size
const size_t fs_block_size
File system block size.
Definition: certificate_db.h:182
Ssl::CertificateDb::WriteEntry
static bool WriteEntry(const std::string &filename, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
stores the db entry into a file
Definition: certificate_db.cc:629
Ssl::CertificateDb::index_serial_cmp
static int index_serial_cmp(const char **a, const char **b)
Callback compare function for serials. Used to create TXT_DB index of serials.
Definition: certificate_db.cc:234
Ssl::CertificateDb::Create
static void Create(std::string const &db_path)
Create and initialize a database under the db_path.
Definition: certificate_db.cc:366
Ssl::CertificateDb::deleteRow
void deleteRow(const char **row, int rowIndex)
Delete a row from TXT_DB.
Definition: certificate_db.cc:531
Ssl::CertificateDb::size_full
const std::string size_full
Full path of the file to store the db size.
Definition: certificate_db.h:178
Ssl::CertificateDb::IMPLEMENT_LHASH_HASH_FN
static IMPLEMENT_LHASH_HASH_FN(index_serial_hash, const char **) static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp
Ssl::CertificateDb::db
TXT_DB_Pointer db
Database with certificates info.
Definition: certificate_db.h:180
Ssl::CertificateDb::pure_find
bool pure_find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
Only find certificate in current db and return it.
Definition: certificate_db.cc:421
Ssl::CertificateDb::writeSize
void writeSize(size_t db_size)
Write size to file size_file.
Definition: certificate_db.cc:475
Ssl::CertificateDb::index_serial_hash
static unsigned long index_serial_hash(const char **a)
Callback hash function for serials. Used to create TXT_DB index of serials.
Definition: certificate_db.cc:227
Ssl::CertificateDb::purgeCert
bool purgeCert(std::string const &key)
Delete a certificate from database.
Definition: certificate_db.cc:271
Ssl::CertificateDb::cert_dir
static const std::string cert_dir
Base name of the directory to store the certs.
Definition: certificate_db.h:170
Ssl::CertificateDb::cert_full
const std::string cert_full
Full path of the directory to store the certs.
Definition: certificate_db.h:177
Ssl::CertificateDb::subSize
void subSize(std::string const &filename)
Decrease db size by the given file size and update size_file.
Definition: certificate_db.cc:459
Ssl::CertificateDb::deleteOldestCertificate
bool deleteOldestCertificate()
Delete oldest certificate.
Definition: certificate_db.cc:570
Ssl::CertificateDb::index_name_hash
static unsigned long index_name_hash(const char **a)
Callback hash function for names. Used to create TXT_DB index of names..
Definition: certificate_db.cc:241
Ssl::CertificateDb::addSize
void addSize(std::string const &filename)
Increase db size by the given file size and update size_file.
Definition: certificate_db.cc:452
Ssl::CertificateDb::ReadEntry
static bool ReadEntry(std::string filename, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, Security::CertPointer &orig)
loads a db entry from the file
Definition: certificate_db.cc:644
Ssl::CertificateDb::readSize
size_t readSize()
Read size from file size_file.
Definition: certificate_db.cc:467
Ssl::CertificateDb::hasRows
bool hasRows() const
Whether the TXT_DB has stored items.
Definition: certificate_db.cc:614
Ssl::CertificateDb::index_name_cmp
static int index_name_cmp(const char **a, const char **b)
Callback compare function for names. Used to create TXT_DB index of names..
Definition: certificate_db.cc:245
Ssl::CertificateDb::max_db_size
const size_t max_db_size
Max size of db.
Definition: certificate_db.h:181
Ssl::CertificateDb::save
void save()
Save db to disk.
Definition: certificate_db.cc:517
Ssl::CertificateDb::Check
static void Check(std::string const &db_path, size_t max_db_size, size_t fs_block_size)
Check the database stored under the db_path.
Definition: certificate_db.cc:390
Ssl::CertificateDb::Columns
Columns
Names of db columns.
Definition: certificate_db.h:67
Ssl::CertificateDb::CertificateDb
CertificateDb(std::string const &db_path, size_t aMax_db_size, size_t aFs_block_size)
Definition: certificate_db.cc:253
Ssl::CertificateDb::addCertAndPrivateKey
bool addCertAndPrivateKey(std::string const &useKey, const Security::CertPointer &cert, const Security::PrivateKeyPointer &pkey, const Security::CertPointer &orig)
Save certificate to disk.
Definition: certificate_db.cc:285
Ssl::CertificateDb::size_file
static const std::string size_file
Definition: certificate_db.h:171
Ssl::CertificateDb::find
bool find(std::string const &key, const Security::CertPointer &expectedOrig, Security::CertPointer &cert, Security::PrivateKeyPointer &pkey)
finds matching generated certificate and its private key
Definition: certificate_db.cc:264
Ssl::CertificateDb::db_full
const std::string db_full
Full path of the database index file.
Definition: certificate_db.h:176
Ssl::CertificateDb::db_file
static const char **static const char **static const std::string db_file
Base name of the database index file.
Definition: certificate_db.h:169
Ssl::CertificateDb::db_path
const std::string db_path
The database directory.
Definition: certificate_db.h:175
Ssl::CertificateDb::deleteInvalidCertificate
bool deleteInvalidCertificate()
Delete invalid certificate.
Definition: certificate_db.cc:541
Ssl::CertificateDb::sq_TXT_DB_delete
static void sq_TXT_DB_delete(TXT_DB *db, const char **row)
Removes the first matching row from TXT_DB. Ignores failures.
Definition: certificate_db.cc:175
Ssl::CertificateDb::min_db_size
static const size_t min_db_size
Min size of disk db. If real size < min_db_size the db will be disabled.
Definition: certificate_db.h:173
Ssl::CertificateDb::dbLock
Lock dbLock
protects the database file
Definition: certificate_db.h:183
Ssl::CertificateDb::sq_TXT_DB_delete_row
static void sq_TXT_DB_delete_row(TXT_DB *db, int idx)
Remove the row on position idx from TXT_DB. Ignores failures.
Definition: certificate_db.cc:199
Ssl::CertificateDb::getFileSize
size_t getFileSize(std::string const &filename)
get file size on disk.
Definition: certificate_db.cc:482
Ssl::CertificateDb::load
void load()
Load db from disk.
Definition: certificate_db.cc:493
Ssl::Lock
maintains an exclusive blocking file-based lock
Definition: certificate_db.h:21
Ssl::Lock::name
const char * name() const
Definition: certificate_db.h:28
Ssl::Lock::Lock
Lock(std::string const &filename)
creates an unlocked lock
Definition: certificate_db.cc:29
Ssl::Lock::fd
int fd
Linux file descriptor.
Definition: certificate_db.h:34
Ssl::Lock::~Lock
~Lock()
releases the lock if it is locked
Definition: certificate_db.cc:93
Ssl::Lock::locked
bool locked() const
whether our lock is locked
Definition: certificate_db.cc:39
Ssl::Lock::lock
void lock()
locks the lock, may block
Definition: certificate_db.cc:48
Ssl::Lock::unlock
void unlock()
unlocks locked lock or throws
Definition: certificate_db.cc:70
Ssl::Lock::filename
std::string filename
Definition: certificate_db.h:30
Ssl::Locker
an exception-safe way to obtain and release a lock
Definition: certificate_db.h:40
Ssl::Locker::~Locker
~Locker()
unlocks the lock if it was locked by us
Definition: certificate_db.cc:110
Ssl::Locker::Locker
Locker(Lock &, const SourceLocation &)
locks the lock if the lock was unlocked
Definition: certificate_db.cc:99
Ssl::Locker::caller
const SourceLocation caller
where the lock was needed (currently not reported anywhere)
Definition: certificate_db.h:51
Ssl::Locker::lock
Lock & lock
the lock we are operating on
Definition: certificate_db.h:48
Ssl::Locker::weLocked
bool weLocked
whether we locked the lock
Definition: certificate_db.h:47
Ssl
Definition: Xaction.cc:48
Ssl::TXT_DB_Pointer
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:57
number
number
Definition: testStatHist.cc:16

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors