]>
Commit | Line | Data |
---|---|---|
95d2589c CT |
1 | /* |
2 | * $Id$ | |
3 | */ | |
4 | ||
5 | #ifndef SQUID_SSL_CERTIFICATE_DB_H | |
6 | #define SQUID_SSL_CERTIFICATE_DB_H | |
7 | ||
8 | #include "ssl/gadgets.h" | |
9 | #include "ssl/support.h" | |
10 | #if HAVE_STRING | |
11 | #include <string> | |
12 | #endif | |
13 | ||
14 | namespace Ssl | |
15 | { | |
16 | /// Cross platform file locker. | |
17 | class FileLocker | |
18 | { | |
19 | public: | |
20 | /// Lock file | |
21 | FileLocker(std::string const & aFilename); | |
22 | /// Unlock file | |
23 | ~FileLocker(); | |
24 | private: | |
1191b93b | 25 | #if _SQUID_MSWIN_ |
95d2589c CT |
26 | HANDLE hFile; ///< Windows file handle. |
27 | #else | |
28 | int fd; ///< Linux file descriptor. | |
29 | #endif | |
30 | }; | |
31 | ||
32 | /** | |
33 | * Database class for storing SSL certificates and their private keys. | |
34 | * A database consist by: | |
35 | * - A disk file to store current serial number | |
36 | * - A disk file to store the current database size | |
37 | * - A disk file which is a normal TXT_DB openSSL database | |
38 | * - A directory under which the certificates and their private keys stored. | |
39 | * The database before used must initialized with CertificateDb::create static method. | |
40 | */ | |
41 | class CertificateDb | |
42 | { | |
43 | public: | |
44 | /// Names of db columns. | |
45 | enum Columns { | |
46 | cnlType = 0, | |
47 | cnlExp_date, | |
48 | cnlRev_date, | |
49 | cnlSerial, | |
50 | cnlFile, | |
51 | cnlName, | |
52 | cnlNumber | |
53 | }; | |
54 | ||
55 | /// A wrapper for OpenSSL database row of TXT_DB database. | |
56 | class Row | |
57 | { | |
58 | public: | |
59 | /// Create row wrapper. | |
60 | Row(); | |
61 | /// Delete all row. | |
62 | ~Row(); | |
63 | void setValue(size_t number, char const * value); ///< Set cell's value in row | |
64 | char ** getRow(); ///< Raw row | |
65 | void reset(); ///< Abandon row and don't free memory | |
66 | private: | |
67 | char **row; ///< Raw row | |
68 | size_t width; ///< Number of cells in the row | |
69 | }; | |
70 | ||
71 | CertificateDb(std::string const & db_path, size_t aMax_db_size, size_t aFs_block_size); | |
72 | /// Find certificate and private key for host name | |
73 | bool find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
74 | /// Save certificate to disk. | |
75 | bool addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
76 | /// Get a serial number to use for generating a new certificate. | |
77 | BIGNUM * getCurrentSerialNumber(); | |
78 | /// Create and initialize a database under the db_path | |
79 | static void create(std::string const & db_path, int serial); | |
80 | /// Check the database stored under the db_path. | |
81 | static void check(std::string const & db_path, size_t max_db_size); | |
82 | std::string getSNString() const; ///< Get serial number as string. | |
83 | bool IsEnabledDiskStore() const; ///< Check enabled of dist store. | |
84 | private: | |
85 | void load(); ///< Load db from disk. | |
86 | void save(); ///< Save db to disk. | |
87 | size_t size() const; ///< Get db size on disk in bytes. | |
88 | /// Increase db size by the given file size and update size_file | |
89 | void addSize(std::string const & filename); | |
90 | /// Decrease db size by the given file size and update size_file | |
91 | void subSize(std::string const & filename); | |
92 | size_t readSize() const; ///< Read size from file size_file | |
93 | void writeSize(size_t db_size); ///< Write size to file size_file. | |
94 | size_t getFileSize(std::string const & filename); ///< get file size on disk. | |
95 | /// Only find certificate in current db and return it. | |
96 | bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); | |
97 | ||
98 | bool deleteInvalidCertificate(); ///< Delete invalid certificate. | |
99 | bool deleteOldestCertificate(); ///< Delete oldest certificate. | |
100 | bool deleteByHostname(std::string const & host); ///< Delete using host name. | |
101 | ||
102 | /// Callback hash function for serials. Used to create TXT_DB index of serials. | |
103 | static unsigned long index_serial_hash(const char **a); | |
104 | /// Callback compare function for serials. Used to create TXT_DB index of serials. | |
105 | static int index_serial_cmp(const char **a, const char **b); | |
106 | /// Callback hash function for names. Used to create TXT_DB index of names.. | |
107 | static unsigned long index_name_hash(const char **a); | |
108 | /// Callback compare function for names. Used to create TXT_DB index of names.. | |
109 | static int index_name_cmp(const char **a, const char **b); | |
110 | ||
111 | /// Definitions required by openSSL, to use the index_* functions defined above | |
112 | ///with TXT_DB_create_index. | |
113 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) | |
114 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | |
115 | static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) | |
116 | static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) | |
117 | ||
118 | static const std::string serial_file; ///< Base name of the file to store serial number. | |
119 | static const std::string db_file; ///< Base name of the database index file. | |
120 | static const std::string cert_dir; ///< Base name of the directory to store the certs. | |
121 | static const std::string size_file; ///< Base name of the file to store db size. | |
122 | /// Min size of disk db. If real size < min_db_size the db will be disabled. | |
123 | static const size_t min_db_size; | |
124 | ||
125 | const std::string db_path; ///< The database directory. | |
126 | const std::string serial_full; ///< Full path of the file to store serial number. | |
127 | const std::string db_full; ///< Full path of the database index file. | |
128 | const std::string cert_full; ///< Full path of the directory to store the certs. | |
129 | const std::string size_full; ///< Full path of the file to store the db size. | |
130 | ||
131 | TXT_DB_Pointer db; ///< Database with certificates info. | |
132 | const size_t max_db_size; ///< Max size of db. | |
133 | const size_t fs_block_size; ///< File system block size. | |
134 | ||
135 | bool enabled_disk_store; ///< The storage on the disk is enabled. | |
136 | }; | |
137 | ||
138 | } // namespace Ssl | |
139 | #endif // SQUID_SSL_CERTIFICATE_DB_H |