]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/cert_generators/file/certificate_db.h
2 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SSL_CERTIFICATE_DB_H
10 #define SQUID_SSL_CERTIFICATE_DB_H
12 #include "ssl/gadgets.h"
14 #if HAVE_OPENSSL_OPENSSLV_H
15 #include <openssl/opensslv.h>
21 /// maintains an exclusive blocking file-based lock
25 explicit Lock(std::string
const &filename
); ///< creates an unlocked lock
26 ~Lock(); ///< releases the lock if it is locked
27 void lock(); ///< locks the lock, may block
28 void unlock(); ///< unlocks locked lock or throws
29 bool locked() const; ///< whether our lock is locked
30 const char *name() const { return filename
.c_str(); }
34 HANDLE hFile
; ///< Windows file handle.
36 int fd
; ///< Linux file descriptor.
40 /// an exception-safe way to obtain and release a lock
44 /// locks the lock if the lock was unlocked
45 Locker(Lock
&lock
, const char *aFileName
, int lineNo
);
46 /// unlocks the lock if it was locked by us
49 bool weLocked
; ///< whether we locked the lock
50 Lock
&lock
; ///< the lock we are operating on
51 const std::string fileName
; ///< where the lock was needed
52 const int lineNo
; ///< where the lock was needed
55 /// convenience macro to pass source code location to Locker and others
56 #define Here __FILE__, __LINE__
59 * Database class for storing SSL certificates and their private keys.
60 * A database consist by:
61 * - A disk file to store current serial number
62 * - A disk file to store the current database size
63 * - A disk file which is a normal TXT_DB openSSL database
64 * - A directory under which the certificates and their private keys stored.
65 * The database before used must initialized with CertificateDb::create static method.
70 /// Names of db columns.
72 cnlKey
= 0, //< The key to use for storing/retrieving entries from DB.
80 /// A wrapper for OpenSSL database row of TXT_DB database.
84 /// Create row wrapper.
86 ///Create row wrapper for row with width items
87 Row(char **row
, size_t width
);
90 void setValue(size_t number
, char const * value
); ///< Set cell's value in row
91 char ** getRow(); ///< Raw row
92 void reset(); ///< Abandon row and don't free memory
94 char **row
; ///< Raw row
95 size_t width
; ///< Number of cells in the row
98 CertificateDb(std::string
const & db_path
, size_t aMax_db_size
, size_t aFs_block_size
);
99 /// finds matching generated certificate and its private key
100 bool find(std::string
const & key
, const Security::CertPointer
&expectedOrig
, Security::CertPointer
& cert
, Security::PrivateKeyPointer
& pkey
);
101 /// Delete a certificate from database
102 bool purgeCert(std::string
const & key
);
103 /// Save certificate to disk.
104 bool addCertAndPrivateKey(std::string
const & useKey
, const Security::CertPointer
& cert
, const Security::PrivateKeyPointer
& pkey
, const Security::CertPointer
&orig
);
106 bool IsEnabledDiskStore() const; ///< Check enabled of dist store.
108 /// Create and initialize a database under the db_path
109 static void Create(std::string
const & db_path
);
110 /// Check the database stored under the db_path.
111 static void Check(std::string
const & db_path
, size_t max_db_size
, size_t fs_block_size
);
113 void load(); ///< Load db from disk.
114 void save(); ///< Save db to disk.
115 size_t size(); ///< Get db size on disk in bytes.
116 /// Increase db size by the given file size and update size_file
117 void addSize(std::string
const & filename
);
118 /// Decrease db size by the given file size and update size_file
119 void subSize(std::string
const & filename
);
120 size_t readSize(); ///< Read size from file size_file
121 void writeSize(size_t db_size
); ///< Write size to file size_file.
122 size_t getFileSize(std::string
const & filename
); ///< get file size on disk.
123 size_t rebuildSize(); ///< Rebuild size_file
124 /// Only find certificate in current db and return it.
125 bool pure_find(std::string
const & key
, const Security::CertPointer
& expectedOrig
, Security::CertPointer
& cert
, Security::PrivateKeyPointer
& pkey
);
127 void deleteRow(const char **row
, int rowIndex
); ///< Delete a row from TXT_DB
128 bool deleteInvalidCertificate(); ///< Delete invalid certificate.
129 bool deleteOldestCertificate(); ///< Delete oldest certificate.
130 bool deleteByKey(std::string
const & key
); ///< Delete using key.
131 bool hasRows() const; ///< Whether the TXT_DB has stored items.
133 /// stores the db entry into a file
134 static bool WriteEntry(const std::string
&filename
, const Security::CertPointer
& cert
, const Security::PrivateKeyPointer
& pkey
, const Security::CertPointer
&orig
);
136 /// loads a db entry from the file
137 static bool ReadEntry(std::string filename
, Security::CertPointer
& cert
, Security::PrivateKeyPointer
& pkey
, Security::CertPointer
&orig
);
139 /// Removes the first matching row from TXT_DB. Ignores failures.
140 static void sq_TXT_DB_delete(TXT_DB
*db
, const char **row
);
141 /// Remove the row on position idx from TXT_DB. Ignores failures.
142 static void sq_TXT_DB_delete_row(TXT_DB
*db
, int idx
);
144 /// Callback hash function for serials. Used to create TXT_DB index of serials.
145 static unsigned long index_serial_hash(const char **a
);
146 /// Callback compare function for serials. Used to create TXT_DB index of serials.
147 static int index_serial_cmp(const char **a
, const char **b
);
148 /// Callback hash function for names. Used to create TXT_DB index of names..
149 static unsigned long index_name_hash(const char **a
);
150 /// Callback compare function for names. Used to create TXT_DB index of names..
151 static int index_name_cmp(const char **a
, const char **b
);
153 /// Definitions required by openSSL, to use the index_* functions defined above
154 ///with TXT_DB_create_index.
155 #if SQUID_USE_SSLLHASH_HACK
156 static unsigned long index_serial_hash_LHASH_HASH(const void *a
) {
157 return index_serial_hash((const char **)a
);
159 static int index_serial_cmp_LHASH_COMP(const void *arg1
, const void *arg2
) {
160 return index_serial_cmp((const char **)arg1
, (const char **)arg2
);
162 static unsigned long index_name_hash_LHASH_HASH(const void *a
) {
163 return index_name_hash((const char **)a
);
165 static int index_name_cmp_LHASH_COMP(const void *arg1
, const void *arg2
) {
166 return index_name_cmp((const char **)arg1
, (const char **)arg2
);
169 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash
,const char **)
170 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp
,const char **)
171 static IMPLEMENT_LHASH_HASH_FN(index_name_hash
,const char **)
172 static IMPLEMENT_LHASH_COMP_FN(index_name_cmp
,const char **)
175 static const std::string db_file
; ///< Base name of the database index file.
176 static const std::string cert_dir
; ///< Base name of the directory to store the certs.
177 static const std::string size_file
; ///< Base name of the file to store db size.
178 /// Min size of disk db. If real size < min_db_size the db will be disabled.
179 static const size_t min_db_size
;
181 const std::string db_path
; ///< The database directory.
182 const std::string db_full
; ///< Full path of the database index file.
183 const std::string cert_full
; ///< Full path of the directory to store the certs.
184 const std::string size_full
; ///< Full path of the file to store the db size.
186 TXT_DB_Pointer db
; ///< Database with certificates info.
187 const size_t max_db_size
; ///< Max size of db.
188 const size_t fs_block_size
; ///< File system block size.
189 mutable Lock dbLock
; ///< protects the database file
191 bool enabled_disk_store
; ///< The storage on the disk is enabled.
195 #endif // SQUID_SSL_CERTIFICATE_DB_H