projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 95d2589c CT |
1 | /* |
| 2 | * $Id$ | |
| 3 | */ | |
| 4 | ||
| 5 | #ifndef SQUID_SSL_CERTIFICATE_DB_H | |
| 6 | #define SQUID_SSL_CERTIFICATE_DB_H | |
| 7 | ||
| 8 | #include "ssl/gadgets.h" | |
| 9 | #include "ssl/support.h" | |
| 10 | #if HAVE_STRING | |
| 11 | #include <string> | |
| 12 | #endif | |
| 3eee6040 CT |
13 | #if HAVE_OPENSSL_OPENSSLV_H |
| 14 | #include <openssl/opensslv.h> | |
| 15 | #endif | |
| 95d2589c CT |
16 | |
| 17 | namespace Ssl | |
| 18 | { | |
| 19 | /// Cross platform file locker. | |
| 20 | class FileLocker | |
| 21 | { | |
| 22 | public: | |
| 23 | /// Lock file | |
| 24 | FileLocker(std::string const & aFilename); | |
| 25 | /// Unlock file | |
| 26 | ~FileLocker(); | |
| 27 | private: | |
| 1191b93b | 28 | #if _SQUID_MSWIN_ |
| 95d2589c CT |
29 | HANDLE hFile; ///< Windows file handle. |
| 30 | #else | |
| 31 | int fd; ///< Linux file descriptor. | |
| 32 | #endif | |
| 33 | }; | |
| 34 | ||
| 35 | /** | |
| 36 | * Database class for storing SSL certificates and their private keys. | |
| 37 | * A database consist by: | |
| 38 | * - A disk file to store current serial number | |
| 39 | * - A disk file to store the current database size | |
| 40 | * - A disk file which is a normal TXT_DB openSSL database | |
| 41 | * - A directory under which the certificates and their private keys stored. | |
| 42 | * The database before used must initialized with CertificateDb::create static method. | |
| 43 | */ | |
| 44 | class CertificateDb | |
| 45 | { | |
| 46 | public: | |
| 47 | /// Names of db columns. | |
| 48 | enum Columns { | |
| 49 | cnlType = 0, | |
| 50 | cnlExp_date, | |
| 51 | cnlRev_date, | |
| 52 | cnlSerial, | |
| 53 | cnlFile, | |
| 54 | cnlName, | |
| 55 | cnlNumber | |
| 56 | }; | |
| 57 | ||
| 58 | /// A wrapper for OpenSSL database row of TXT_DB database. | |
| 59 | class Row | |
| 60 | { | |
| 61 | public: | |
| 62 | /// Create row wrapper. | |
| 63 | Row(); | |
| 64 | /// Delete all row. | |
| 65 | ~Row(); | |
| 66 | void setValue(size_t number, char const * value); ///< Set cell's value in row | |
| 67 | char ** getRow(); ///< Raw row | |
| 68 | void reset(); ///< Abandon row and don't free memory | |
| 69 | private: | |
| 70 | char **row; ///< Raw row | |
| 71 | size_t width; ///< Number of cells in the row | |
| 72 | }; | |
| 73 | ||
| 74 | CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size); | |
| 75 | /// Find certificate and private key for host name | |
| 76 | bool find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
| 77 | /// Save certificate to disk. | |
| 78 | bool addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
| 79 | /// Get a serial number to use for generating a new certificate. | |
| 80 | BIGNUM * getCurrentSerialNumber(); | |
| 81 | /// Create and initialize a database under the db_path | |
| 82 | static void create(std::string const & db_path, int serial); | |
| 83 | /// Check the database stored under the db_path. | |
| 84 | static void check(std::string const & db_path, size_t max_db_size); | |
| 85 | std::string getSNString() const; ///< Get serial number as string. | |
| 86 | bool IsEnabledDiskStore() const; ///< Check enabled of dist store. | |
| 87 | private: | |
| 88 | void load(); ///< Load db from disk. | |
| 89 | void save(); ///< Save db to disk. | |
| 90 | size_t size() const; ///< Get db size on disk in bytes. | |
| 91 | /// Increase db size by the given file size and update size_file | |
| 92 | void addSize(std::string const & filename); | |
| 93 | /// Decrease db size by the given file size and update size_file | |
| 94 | void subSize(std::string const & filename); | |
| 95 | size_t readSize() const; ///< Read size from file size_file | |
| 96 | void writeSize(size_t db_size); ///< Write size to file size_file. | |
| 97 | size_t getFileSize(std::string const & filename); ///< get file size on disk. | |
| 98 | /// Only find certificate in current db and return it. | |
| 99 | bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
| 100 | ||
| 101 | bool deleteInvalidCertificate(); ///< Delete invalid certificate. | |
| 102 | bool deleteOldestCertificate(); ///< Delete oldest certificate. | |
| 103 | bool deleteByHostname(std::string const & host); ///< Delete using host name. | |
| 104 | ||
| 105 | /// Callback hash function for serials. Used to create TXT_DB index of serials. | |
| 106 | static unsigned long index_serial_hash(const char **a); | |
| 107 | /// Callback compare function for serials. Used to create TXT_DB index of serials. | |
| 108 | static int index_serial_cmp(const char **a, const char **b); | |
| 109 | /// Callback hash function for names. Used to create TXT_DB index of names.. | |
| 110 | static unsigned long index_name_hash(const char **a); | |
| 111 | /// Callback compare function for names. Used to create TXT_DB index of names.. | |
| 112 | static int index_name_cmp(const char **a, const char **b); | |
| 113 | ||
| 114 | /// Definitions required by openSSL, to use the index_* functions defined above | |
| 115 | ///with TXT_DB_create_index. | |
| 3eee6040 CT |
116 | #if OPENSSL_VERSION_NUMBER > 0x10000000L |
| 117 | static unsigned long index_serial_LHASH_HASH(const void *a) { | |
| 118 | return index_serial_hash((const char **)a); | |
| 119 | } | |
| aa818c4e | 120 | static int index_serial_LHASH_COMP(const void *arg1, const void *arg2) { |
| 3eee6040 CT |
121 | return index_serial_cmp((const char **)arg1, (const char **)arg2); |
| 122 | } | |
| 123 | static unsigned long index_name_LHASH_HASH(const void *a) { | |
| 124 | return index_name_hash((const char **)a); | |
| 125 | } | |
| 126 | static int index_name_LHASH_COMP(const void *arg1, const void *arg2) { | |
| 127 | return index_name_cmp((const char **)arg1, (const char **)arg2); | |
| 128 | } | |
| 129 | #else | |
| 95d2589c CT |
130 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) |
| 131 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | |
| 132 | static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) | |
| 133 | static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) | |
| 3eee6040 | 134 | #endif |
| 95d2589c CT |
135 | |
| 136 | static const std::string serial_file; ///< Base name of the file to store serial number. | |
| 137 | static const std::string db_file; ///< Base name of the database index file. | |
| 138 | static const std::string cert_dir; ///< Base name of the directory to store the certs. | |
| 139 | static const std::string size_file; ///< Base name of the file to store db size. | |
| 140 | /// Min size of disk db. If real size < min_db_size the db will be disabled. | |
| 141 | static const size_t min_db_size; | |
| 142 | ||
| 143 | const std::string db_path; ///< The database directory. | |
| 144 | const std::string serial_full; ///< Full path of the file to store serial number. | |
| 145 | const std::string db_full; ///< Full path of the database index file. | |
| 146 | const std::string cert_full; ///< Full path of the directory to store the certs. | |
| 147 | const std::string size_full; ///< Full path of the file to store the db size. | |
| 148 | ||
| 149 | TXT_DB_Pointer db; ///< Database with certificates info. | |
| 150 | const size_t max_db_size; ///< Max size of db. | |
| 151 | const size_t fs_block_size; ///< File system block size. | |
| 152 | ||
| 153 | bool enabled_disk_store; ///< The storage on the disk is enabled. | |
| 154 | }; | |
| 155 | ||
| 156 | } // namespace Ssl | |
| 157 | #endif // SQUID_SSL_CERTIFICATE_DB_H |