00001 #ifndef __XRD_TLSCONTEXT_HH__ 00002 #define __XRD_TLSCONTEXT_HH__ 00003 //------------------------------------------------------------------------------ 00004 // Copyright (c) 2011-2018 by European Organization for Nuclear Research (CERN) 00005 // Author: Michal Simon <simonm@cern.ch> 00006 //------------------------------------------------------------------------------ 00007 // XRootD is free software: you can redistribute it and/or modify 00008 // it under the terms of the GNU Lesser General Public License as published by 00009 // the Free Software Foundation, either version 3 of the License, or 00010 // (at your option) any later version. 00011 // 00012 // XRootD is distributed in the hope that it will be useful, 00013 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 // GNU General Public License for more details. 00016 // 00017 // You should have received a copy of the GNU Lesser General Public License 00018 // along with XRootD. If not, see <http://www.gnu.org/licenses/>. 00019 //------------------------------------------------------------------------------ 00020 00021 #include <cstdint> 00022 //#include <string> 00023 00024 //---------------------------------------------------------------------------- 00025 // Forward declarations 00026 //---------------------------------------------------------------------------- 00027 00028 class XrdSysLogger; 00029 struct XrdTlsContextImpl; 00030 struct XrdTlsSocket; 00031 00032 /******************************************************************************/ 00033 /* X r d T l s C o n t e x t */ 00034 /******************************************************************************/ 00035 00036 class XrdTlsContext 00037 { 00038 public: 00039 00040 //------------------------------------------------------------------------ 00053 //------------------------------------------------------------------------ 00054 00055 XrdTlsContext *Clone(bool full=true); 00056 00057 //------------------------------------------------------------------------ 00061 //------------------------------------------------------------------------ 00062 00063 void *Context(); 00064 00065 //------------------------------------------------------------------------ 00069 //------------------------------------------------------------------------ 00070 00071 struct CTX_Params 00072 {std::string cert; 00073 std::string pkey; 00074 std::string cadir; 00075 std::string cafile; 00076 uint64_t opts; 00077 int crlRT; 00078 int rsvd; 00079 00080 CTX_Params() : opts(0), crlRT(8*60*60), rsvd(0) {} 00081 ~CTX_Params() {} 00082 }; 00083 00084 const 00085 CTX_Params *GetParams(); 00086 00087 //------------------------------------------------------------------------ 00095 //------------------------------------------------------------------------ 00096 static 00097 const char *Init(); 00098 00099 //------------------------------------------------------------------------ 00103 //------------------------------------------------------------------------ 00104 00105 bool isOK(); 00106 00107 //------------------------------------------------------------------------ 00111 //------------------------------------------------------------------------ 00112 00113 void *Session(); 00114 00115 //------------------------------------------------------------------------ 00127 //------------------------------------------------------------------------ 00128 00129 static const int scNone = 0x00000000; 00130 static const int scOff = 0x00010000; 00131 static const int scSrvr = 0x00020000; 00132 static const int scClnt = 0x00040000; 00133 static const int scKeep = 0x40000000; 00134 static const int scIdErr= 0x80000000; 00135 static const int scFMax = 0x00007fff; 00136 00137 00138 int SessionCache(int opts=scNone, const char *id=0, int idlen=0); 00139 00140 //------------------------------------------------------------------------ 00147 //------------------------------------------------------------------------ 00148 00149 bool SetContextCiphers(const char *ciphers); 00150 00151 //------------------------------------------------------------------------ 00155 //------------------------------------------------------------------------ 00156 static 00157 void SetDefaultCiphers(const char *ciphers); 00158 00159 //------------------------------------------------------------------------ 00169 //------------------------------------------------------------------------ 00170 00171 bool SetCrlRefresh(int refsec=-1); 00172 00173 //------------------------------------------------------------------------ 00177 //------------------------------------------------------------------------ 00178 00179 bool x509Verify(); 00180 00181 //------------------------------------------------------------------------ 00222 //------------------------------------------------------------------------ 00223 00224 static const uint64_t hsto = 0x00000000000000ff; 00225 static const uint64_t vdept = 0x000000000000ff00; 00226 static const int vdepS = 8; 00227 static const uint64_t logVF = 0x0000000800000000; 00228 static const uint64_t servr = 0x0000000400000000; 00229 static const uint64_t dnsok = 0x0000000200000000; 00230 static const uint64_t nopxy = 0x0000000100000000; 00231 static const uint64_t crlON = 0x0000008000000000; 00232 static const uint64_t crlFC = 0x000000C000000000; 00233 static const uint64_t crlRF = 0x000000003fff0000; 00234 static const int crlRS = 16; 00235 static const uint64_t artON = 0x0000002000000000; 00236 00237 XrdTlsContext(const char *cert=0, const char *key=0, 00238 const char *cadir=0, const char *cafile=0, 00239 uint64_t opts=0, std::string *eMsg=0); 00240 00241 //------------------------------------------------------------------------ 00243 //------------------------------------------------------------------------ 00244 00245 ~XrdTlsContext(); 00246 00247 //------------------------------------------------------------------------ 00249 //------------------------------------------------------------------------ 00250 00251 XrdTlsContext( const XrdTlsContext &ctx ) = delete; 00252 XrdTlsContext( XrdTlsContext &&ctx ) = delete; 00253 00254 XrdTlsContext& operator=( const XrdTlsContext &ctx ) = delete; 00255 XrdTlsContext& operator=( XrdTlsContext &&ctx ) = delete; 00256 00257 private: 00258 XrdTlsContextImpl *pImpl; 00259 }; 00260 00261 /******************************************************************************/ 00262 /* O p t i o n M a n i p u l a t i o n M a c r o s */ 00263 /******************************************************************************/ 00264 00265 //------------------------------------------------------------------------ 00270 //------------------------------------------------------------------------ 00271 00272 #define TLS_SET_HSTO(cOpts,hstv) \ 00273 ((cOpts & ~XrdTlsContext::hsto) | (hstv & XrdTlsContext::hsto)) 00274 00275 //------------------------------------------------------------------------ 00282 //------------------------------------------------------------------------ 00283 00284 #define TLS_SET_REFINT(cOpts,refi) ((cOpts & ~XrdTlsContext::crlRF) |\ 00285 (XrdTlsContext::crlRF & (refi <<XrdTlsContext::crlRS))) 00286 00287 //------------------------------------------------------------------------ 00294 //------------------------------------------------------------------------ 00295 00296 #define TLS_SET_VDEPTH(cOpts,vdv) ((cOpts & ~XrdTlsContext::vdept) |\ 00297 (XrdTlsContext::vdept & (vdv <<XrdTlsContext::vdepS))) 00298 00299 #endif // __XRD_TLSCONTEXT_HH__