]>
Commit | Line | Data |
---|---|---|
95d2589c CT |
1 | /* |
2 | * $Id$ | |
3 | */ | |
4 | ||
5 | #ifndef SQUID_SSL_CERTIFICATE_DB_H | |
6 | #define SQUID_SSL_CERTIFICATE_DB_H | |
7 | ||
8 | #include "ssl/gadgets.h" | |
9 | #include "ssl/support.h" | |
10 | #if HAVE_STRING | |
11 | #include <string> | |
12 | #endif | |
3eee6040 CT |
13 | #if HAVE_OPENSSL_OPENSSLV_H |
14 | #include <openssl/opensslv.h> | |
15 | #endif | |
95d2589c CT |
16 | |
17 | namespace Ssl | |
18 | { | |
19 | /// Cross platform file locker. | |
20 | class FileLocker | |
21 | { | |
22 | public: | |
23 | /// Lock file | |
24 | FileLocker(std::string const & aFilename); | |
25 | /// Unlock file | |
26 | ~FileLocker(); | |
27 | private: | |
1191b93b | 28 | #if _SQUID_MSWIN_ |
95d2589c CT |
29 | HANDLE hFile; ///< Windows file handle. |
30 | #else | |
31 | int fd; ///< Linux file descriptor. | |
32 | #endif | |
33 | }; | |
34 | ||
35 | /** | |
36 | * Database class for storing SSL certificates and their private keys. | |
37 | * A database consist by: | |
38 | * - A disk file to store current serial number | |
39 | * - A disk file to store the current database size | |
40 | * - A disk file which is a normal TXT_DB openSSL database | |
41 | * - A directory under which the certificates and their private keys stored. | |
42 | * The database before used must initialized with CertificateDb::create static method. | |
43 | */ | |
44 | class CertificateDb | |
45 | { | |
46 | public: | |
47 | /// Names of db columns. | |
48 | enum Columns { | |
49 | cnlType = 0, | |
50 | cnlExp_date, | |
51 | cnlRev_date, | |
52 | cnlSerial, | |
53 | cnlFile, | |
54 | cnlName, | |
55 | cnlNumber | |
56 | }; | |
57 | ||
58 | /// A wrapper for OpenSSL database row of TXT_DB database. | |
59 | class Row | |
60 | { | |
61 | public: | |
62 | /// Create row wrapper. | |
63 | Row(); | |
64 | /// Delete all row. | |
65 | ~Row(); | |
66 | void setValue(size_t number, char const * value); ///< Set cell's value in row | |
67 | char ** getRow(); ///< Raw row | |
68 | void reset(); ///< Abandon row and don't free memory | |
69 | private: | |
70 | char **row; ///< Raw row | |
71 | size_t width; ///< Number of cells in the row | |
72 | }; | |
73 | ||
74 | CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size); | |
75 | /// Find certificate and private key for host name | |
76 | bool find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
77 | /// Save certificate to disk. | |
78 | bool addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
79 | /// Get a serial number to use for generating a new certificate. | |
80 | BIGNUM * getCurrentSerialNumber(); | |
81 | /// Create and initialize a database under the db_path | |
82 | static void create(std::string const & db_path, int serial); | |
83 | /// Check the database stored under the db_path. | |
84 | static void check(std::string const & db_path, size_t max_db_size); | |
85 | std::string getSNString() const; ///< Get serial number as string. | |
86 | bool IsEnabledDiskStore() const; ///< Check enabled of dist store. | |
87 | private: | |
88 | void load(); ///< Load db from disk. | |
89 | void save(); ///< Save db to disk. | |
90 | size_t size() const; ///< Get db size on disk in bytes. | |
91 | /// Increase db size by the given file size and update size_file | |
92 | void addSize(std::string const & filename); | |
93 | /// Decrease db size by the given file size and update size_file | |
94 | void subSize(std::string const & filename); | |
95 | size_t readSize() const; ///< Read size from file size_file | |
96 | void writeSize(size_t db_size); ///< Write size to file size_file. | |
97 | size_t getFileSize(std::string const & filename); ///< get file size on disk. | |
98 | /// Only find certificate in current db and return it. | |
99 | bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
100 | ||
101 | bool deleteInvalidCertificate(); ///< Delete invalid certificate. | |
102 | bool deleteOldestCertificate(); ///< Delete oldest certificate. | |
103 | bool deleteByHostname(std::string const & host); ///< Delete using host name. | |
104 | ||
105 | /// Callback hash function for serials. Used to create TXT_DB index of serials. | |
106 | static unsigned long index_serial_hash(const char **a); | |
107 | /// Callback compare function for serials. Used to create TXT_DB index of serials. | |
108 | static int index_serial_cmp(const char **a, const char **b); | |
109 | /// Callback hash function for names. Used to create TXT_DB index of names.. | |
110 | static unsigned long index_name_hash(const char **a); | |
111 | /// Callback compare function for names. Used to create TXT_DB index of names.. | |
112 | static int index_name_cmp(const char **a, const char **b); | |
113 | ||
114 | /// Definitions required by openSSL, to use the index_* functions defined above | |
115 | ///with TXT_DB_create_index. | |
3eee6040 CT |
116 | #if OPENSSL_VERSION_NUMBER > 0x10000000L |
117 | static unsigned long index_serial_LHASH_HASH(const void *a) { | |
118 | return index_serial_hash((const char **)a); | |
119 | } | |
aa818c4e | 120 | static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) { |
3eee6040 CT |
121 | return index_serial_cmp((const char **)arg1, (const char **)arg2); |
122 | } | |
123 | static unsigned long index_name_LHASH_HASH(const void *a) { | |
124 | return index_name_hash((const char **)a); | |
125 | } | |
126 | static int index_name_LHASH_COMP(const void *arg1, const void *arg2) { | |
127 | return index_name_cmp((const char **)arg1, (const char **)arg2); | |
128 | } | |
129 | #else | |
95d2589c CT |
130 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) |
131 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | |
132 | static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) | |
133 | static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) | |
3eee6040 | 134 | #endif |
95d2589c CT |
135 | |
136 | static const std::string serial_file; ///< Base name of the file to store serial number. | |
137 | static const std::string db_file; ///< Base name of the database index file. | |
138 | static const std::string cert_dir; ///< Base name of the directory to store the certs. | |
139 | static const std::string size_file; ///< Base name of the file to store db size. | |
140 | /// Min size of disk db. If real size < min_db_size the db will be disabled. | |
141 | static const size_t min_db_size; | |
142 | ||
143 | const std::string db_path; ///< The database directory. | |
144 | const std::string serial_full; ///< Full path of the file to store serial number. | |
145 | const std::string db_full; ///< Full path of the database index file. | |
146 | const std::string cert_full; ///< Full path of the directory to store the certs. | |
147 | const std::string size_full; ///< Full path of the file to store the db size. | |
148 | ||
149 | TXT_DB_Pointer db; ///< Database with certificates info. | |
150 | const size_t max_db_size; ///< Max size of db. | |
151 | const size_t fs_block_size; ///< File system block size. | |
152 | ||
153 | bool enabled_disk_store; ///< The storage on the disk is enabled. | |
154 | }; | |
155 | ||
156 | } // namespace Ssl | |
157 | #endif // SQUID_SSL_CERTIFICATE_DB_H |