[thirdparty/squid.git] / src / ssl / certificate_db.h

/*
 * $Id$
 */

#ifndef SQUID_SSL_CERTIFICATE_DB_H
#define SQUID_SSL_CERTIFICATE_DB_H

#include "ssl/gadgets.h"
#include "ssl/support.h"
#if HAVE_STRING
#include <string>
#endif

namespace Ssl
{
/// Cross platform file locker.
class FileLocker
{
public:
    /// Lock file
    FileLocker(std::string const & aFilename);
    /// Unlock file
    ~FileLocker();
private:
#if _SQUID_MSWIN_
    HANDLE hFile; ///< Windows file handle.
#else
    int fd; ///< Linux file descriptor.
#endif
};

/**
 * Database class for storing SSL certificates and their private keys.
 * A database consist by:
 *     - A disk file to store current serial number
 *     - A disk file to store the current database size
 *     - A disk file which is a normal TXT_DB openSSL database
 *     - A directory under which the certificates and their private keys stored.
 *  The database before used must initialized with CertificateDb::create static method.
 */
class CertificateDb
{
public:
    /// Names of db columns.
    enum Columns {
        cnlType = 0,
        cnlExp_date,
        cnlRev_date,
        cnlSerial,
        cnlFile,
        cnlName,
        cnlNumber
    };

    /// A wrapper for OpenSSL database row of TXT_DB database.
    class Row
    {
    public:
        /// Create row wrapper.
        Row();
        /// Delete all row.
        ~Row();
        void setValue(size_t number, char const * value); ///< Set cell's value in row
        char ** getRow(); ///< Raw row
        void reset(); ///< Abandon row and don't free memory
    private:
        char **row; ///< Raw row
        size_t width; ///< Number of cells in the row
    };

    CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
    /// Find certificate and private key for host name
    bool find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);
    /// Save certificate to disk.
    bool addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);
    /// Get a serial number to use for generating a new certificate.
    BIGNUM * getCurrentSerialNumber();
    /// Create and initialize a database  under the  db_path
    static void create(std::string const & db_path, int serial);
    /// Check the database stored under the db_path.
    static void check(std::string const & db_path, size_t max_db_size);
    std::string getSNString() const; ///< Get serial number as string.
    bool IsEnabledDiskStore() const; ///< Check enabled of dist store.
private:
    void load(); ///< Load db from disk.
    void save(); ///< Save db to disk.
    size_t size() const; ///< Get db size on disk in bytes.
    /// Increase db size by the given file size and update size_file
    void addSize(std::string const & filename);
    /// Decrease db size by the given file size and update size_file
    void subSize(std::string const & filename);
    size_t readSize() const; ///< Read size from file size_file
    void writeSize(size_t db_size); ///< Write size to file size_file.
    size_t getFileSize(std::string const & filename); ///< get file size on disk.
    /// Only find certificate in current db and return it.
    bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);

    bool deleteInvalidCertificate(); ///< Delete invalid certificate.
    bool deleteOldestCertificate(); ///< Delete oldest certificate.
    bool deleteByHostname(std::string const & host); ///< Delete using host name.

    /// Callback hash function for serials. Used to create TXT_DB index of serials.
    static unsigned long index_serial_hash(const char **a);
    /// Callback compare function for serials. Used to create TXT_DB index of serials.
    static int index_serial_cmp(const char **a, const char **b);
    /// Callback hash function for names. Used to create TXT_DB index of names..
    static unsigned long index_name_hash(const char **a);
    /// Callback compare function for  names. Used to create TXT_DB index of names..
    static int index_name_cmp(const char **a, const char **b);

    /// Definitions required by openSSL, to use the index_* functions defined above
    ///with TXT_DB_create_index.
    static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
    static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
    static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
    static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)

    static const std::string serial_file; ///< Base name of the file to store serial number.
    static const std::string db_file; ///< Base name of the database index file.
    static const std::string cert_dir; ///< Base name of the directory to store the certs.
    static const std::string size_file; ///< Base name of the file to store db size.
    /// Min size of disk db. If real size < min_db_size the  db will be disabled.
    static const size_t min_db_size;

    const std::string db_path; ///< The database directory.
    const std::string serial_full; ///< Full path of the file to store serial number.
    const std::string db_full; ///< Full path of the database index file.
    const std::string cert_full; ///< Full path of the directory to store the certs.
    const std::string size_full; ///< Full path of the file to store the db size.

    TXT_DB_Pointer db; ///< Database with certificates info.
    const size_t max_db_size; ///< Max size of db.
    const size_t fs_block_size; ///< File system block size.

    bool enabled_disk_store; ///< The storage on the disk is enabled.
};

} // namespace Ssl
#endif // SQUID_SSL_CERTIFICATE_DB_H
Commit	Line	Data
95d2589c CT	1	/*
	2	* $Id$
	3	*/
	4
	5	#ifndef SQUID_SSL_CERTIFICATE_DB_H
	6	#define SQUID_SSL_CERTIFICATE_DB_H
	7
	8	#include "ssl/gadgets.h"
	9	#include "ssl/support.h"
	10	#if HAVE_STRING
	11	#include <string>
	12	#endif
	13
	14	namespace Ssl
	15	{
	16	/// Cross platform file locker.
	17	class FileLocker
	18	{
	19	public:
	20	/// Lock file
	21	FileLocker(std::string const & aFilename);
	22	/// Unlock file
	23	~FileLocker();
	24	private:
1191b93b	25	#if _SQUID_MSWIN_
95d2589c CT	26	HANDLE hFile; ///< Windows file handle.
	27	#else
	28	int fd; ///< Linux file descriptor.
	29	#endif
	30	};
	31
	32	/**
	33	* Database class for storing SSL certificates and their private keys.
	34	* A database consist by:
	35	* - A disk file to store current serial number
	36	* - A disk file to store the current database size
	37	* - A disk file which is a normal TXT_DB openSSL database
	38	* - A directory under which the certificates and their private keys stored.
	39	* The database before used must initialized with CertificateDb::create static method.
	40	*/
	41	class CertificateDb
	42	{
	43	public:
	44	/// Names of db columns.
	45	enum Columns {
	46	cnlType = 0,
	47	cnlExp_date,
	48	cnlRev_date,
	49	cnlSerial,
	50	cnlFile,
	51	cnlName,
	52	cnlNumber
	53	};
	54
	55	/// A wrapper for OpenSSL database row of TXT_DB database.
	56	class Row
	57	{
	58	public:
	59	/// Create row wrapper.
	60	Row();
	61	/// Delete all row.
	62	~Row();
	63	void setValue(size_t number, char const * value); ///< Set cell's value in row
	64	char ** getRow(); ///< Raw row
	65	void reset(); ///< Abandon row and don't free memory
	66	private:
	67	char **row; ///< Raw row
	68	size_t width; ///< Number of cells in the row
	69	};
	70
	71	CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size);
	72	/// Find certificate and private key for host name
	73	bool find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);
	74	/// Save certificate to disk.
	75	bool addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);
	76	/// Get a serial number to use for generating a new certificate.
	77	BIGNUM * getCurrentSerialNumber();
	78	/// Create and initialize a database under the db_path
	79	static void create(std::string const & db_path, int serial);
	80	/// Check the database stored under the db_path.
	81	static void check(std::string const & db_path, size_t max_db_size);
	82	std::string getSNString() const; ///< Get serial number as string.
	83	bool IsEnabledDiskStore() const; ///< Check enabled of dist store.
	84	private:
	85	void load(); ///< Load db from disk.
	86	void save(); ///< Save db to disk.
	87	size_t size() const; ///< Get db size on disk in bytes.
	88	/// Increase db size by the given file size and update size_file
	89	void addSize(std::string const & filename);
90	/// Decrease db size by the given file size and update size_file
91	void subSize(std::string const & filename);
92	size_t readSize() const; ///< Read size from file size_file
93	void writeSize(size_t db_size); ///< Write size to file size_file.
94	size_t getFileSize(std::string const & filename); ///< get file size on disk.
95	/// Only find certificate in current db and return it.
96	bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey);
97
98	bool deleteInvalidCertificate(); ///< Delete invalid certificate.
99	bool deleteOldestCertificate(); ///< Delete oldest certificate.
100	bool deleteByHostname(std::string const & host); ///< Delete using host name.
101
102	/// Callback hash function for serials. Used to create TXT_DB index of serials.
103	static unsigned long index_serial_hash(const char **a);
104	/// Callback compare function for serials. Used to create TXT_DB index of serials.
105	static int index_serial_cmp(const char a, const char b);
106	/// Callback hash function for names. Used to create TXT_DB index of names..
107	static unsigned long index_name_hash(const char **a);
108	/// Callback compare function for names. Used to create TXT_DB index of names..
109	static int index_name_cmp(const char a, const char b);
110
111	/// Definitions required by openSSL, to use the index_* functions defined above
112	///with TXT_DB_create_index.
113	static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
114	static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
115	static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
116	static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
117
118	static const std::string serial_file; ///< Base name of the file to store serial number.
119	static const std::string db_file; ///< Base name of the database index file.
120	static const std::string cert_dir; ///< Base name of the directory to store the certs.
121	static const std::string size_file; ///< Base name of the file to store db size.
122	/// Min size of disk db. If real size < min_db_size the db will be disabled.
123	static const size_t min_db_size;
124
125	const std::string db_path; ///< The database directory.
126	const std::string serial_full; ///< Full path of the file to store serial number.
127	const std::string db_full; ///< Full path of the database index file.
128	const std::string cert_full; ///< Full path of the directory to store the certs.
129	const std::string size_full; ///< Full path of the file to store the db size.
130
131	TXT_DB_Pointer db; ///< Database with certificates info.
132	const size_t max_db_size; ///< Max size of db.
133	const size_t fs_block_size; ///< File system block size.
134
135	bool enabled_disk_store; ///< The storage on the disk is enabled.
136	};
137
138	} // namespace Ssl
139	#endif // SQUID_SSL_CERTIFICATE_DB_H