xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
XrdTlsContext.hh
Go to the documentation of this file.
1 #ifndef __XRD_TLSCONTEXT_HH__
2 #define __XRD_TLSCONTEXT_HH__
3 //------------------------------------------------------------------------------
4 // Copyright (c) 2011-2018 by European Organization for Nuclear Research (CERN)
5 // Author: Michal Simon <simonm@cern.ch>
6 //------------------------------------------------------------------------------
7 // XRootD is free software: you can redistribute it and/or modify
8 // it under the terms of the GNU Lesser General Public License as published by
9 // the Free Software Foundation, either version 3 of the License, or
10 // (at your option) any later version.
11 //
12 // XRootD is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
16 //
17 // You should have received a copy of the GNU Lesser General Public License
18 // along with XRootD. If not, see <http://www.gnu.org/licenses/>.
19 //------------------------------------------------------------------------------
20 
21 #include <cstdint>
22 //#include <string>
23 
24 //----------------------------------------------------------------------------
25 // Forward declarations
26 //----------------------------------------------------------------------------
27 
28 class XrdSysLogger;
29 struct XrdTlsContextImpl;
30 struct XrdTlsSocket;
31 
32 /******************************************************************************/
33 /* X r d T l s C o n t e x t */
34 /******************************************************************************/
35 
37 {
38 public:
39 
40 //------------------------------------------------------------------------
53 //------------------------------------------------------------------------
54 
55 XrdTlsContext *Clone(bool full=true);
56 
57 //------------------------------------------------------------------------
61 //------------------------------------------------------------------------
62 
63 void *Context();
64 
65 //------------------------------------------------------------------------
69 //------------------------------------------------------------------------
70 
71 struct CTX_Params
72  {std::string cert;
73  std::string pkey;
74  std::string cadir;
75  std::string cafile;
76  uint64_t opts;
77  int crlRT;
78  int rsvd;
79 
80  CTX_Params() : opts(0), crlRT(8*60*60), rsvd(0) {}
82  };
83 
84 const
85 CTX_Params *GetParams();
86 
87 //------------------------------------------------------------------------
95 //------------------------------------------------------------------------
96 static
97 const char *Init();
98 
99 //------------------------------------------------------------------------
103 //------------------------------------------------------------------------
104 
105 bool isOK();
106 
107 //------------------------------------------------------------------------
111 //------------------------------------------------------------------------
112 
113 void *Session();
114 
115 //------------------------------------------------------------------------
127 //------------------------------------------------------------------------
128 
129 static const int scNone = 0x00000000;
130 static const int scOff = 0x00010000;
131 static const int scSrvr = 0x00020000;
132 static const int scClnt = 0x00040000;
133 static const int scKeep = 0x40000000;
134 static const int scIdErr= 0x80000000;
135 static const int scFMax = 0x00007fff;
136 
138  int SessionCache(int opts=scNone, const char *id=0, int idlen=0);
139 
140 //------------------------------------------------------------------------
147 //------------------------------------------------------------------------
148 
149 bool SetContextCiphers(const char *ciphers);
150 
151 //------------------------------------------------------------------------
155 //------------------------------------------------------------------------
156 static
157 void SetDefaultCiphers(const char *ciphers);
158 
159 //------------------------------------------------------------------------
169 //------------------------------------------------------------------------
170 
171  bool SetCrlRefresh(int refsec=-1);
172 
173 //------------------------------------------------------------------------
177 //------------------------------------------------------------------------
178 
179  bool x509Verify();
180 
181 //------------------------------------------------------------------------
222 //------------------------------------------------------------------------
223 
224 static const uint64_t hsto = 0x00000000000000ff;
225 static const uint64_t vdept = 0x000000000000ff00;
226 static const int vdepS = 8;
227 static const uint64_t logVF = 0x0000000800000000;
228 static const uint64_t servr = 0x0000000400000000;
229 static const uint64_t dnsok = 0x0000000200000000;
230 static const uint64_t nopxy = 0x0000000100000000;
231 static const uint64_t crlON = 0x0000008000000000;
232 static const uint64_t crlFC = 0x000000C000000000;
233 static const uint64_t crlRF = 0x000000003fff0000;
234 static const int crlRS = 16;
235 static const uint64_t artON = 0x0000002000000000;
236 
237  XrdTlsContext(const char *cert=0, const char *key=0,
238  const char *cadir=0, const char *cafile=0,
239  uint64_t opts=0, std::string *eMsg=0);
240 
241 //------------------------------------------------------------------------
243 //------------------------------------------------------------------------
244 
245  ~XrdTlsContext();
246 
247 //------------------------------------------------------------------------
249 //------------------------------------------------------------------------
250 
251  XrdTlsContext( const XrdTlsContext &ctx ) = delete;
252  XrdTlsContext( XrdTlsContext &&ctx ) = delete;
253 
254  XrdTlsContext& operator=( const XrdTlsContext &ctx ) = delete;
255  XrdTlsContext& operator=( XrdTlsContext &&ctx ) = delete;
256 
257 private:
258  XrdTlsContextImpl *pImpl;
259 };
260 
261 /******************************************************************************/
262 /* O p t i o n M a n i p u l a t i o n M a c r o s */
263 /******************************************************************************/
264 
265 //------------------------------------------------------------------------
270 //------------------------------------------------------------------------
271 
272 #define TLS_SET_HSTO(cOpts,hstv) \
273  ((cOpts & ~XrdTlsContext::hsto) | (hstv & XrdTlsContext::hsto))
274 
275 //------------------------------------------------------------------------
282 //------------------------------------------------------------------------
283 
284 #define TLS_SET_REFINT(cOpts,refi) ((cOpts & ~XrdTlsContext::crlRF) |\
285  (XrdTlsContext::crlRF & (refi <<XrdTlsContext::crlRS)))
286 
287 //------------------------------------------------------------------------
294 //------------------------------------------------------------------------
295 
296 #define TLS_SET_VDEPTH(cOpts,vdv) ((cOpts & ~XrdTlsContext::vdept) |\
297  (XrdTlsContext::vdept & (vdv <<XrdTlsContext::vdepS)))
298 
299 #endif // __XRD_TLSCONTEXT_HH__
bool SetContextCiphers(const char *ciphers)
static const int vdepS
Bits to shift vdept.
Definition: XrdTlsContext.hh:226
int SessionCache(int opts=scNone, const char *id=0, int idlen=0)
bool x509Verify()
CTX_Params()
Definition: XrdTlsContext.hh:80
bool SetCrlRefresh(int refsec=-1)
std::string cadir
-&gt; ca cert directory.
Definition: XrdTlsContext.hh:74
std::string pkey
-&gt; private key path.
Definition: XrdTlsContext.hh:73
static const uint64_t crlON
Enables crl checking.
Definition: XrdTlsContext.hh:231
Socket wrapper for TLS I/O.
Definition: XrdTlsSocket.hh:39
XrdTlsContext * Clone(bool full=true)
XrdTlsContextImpl * pImpl
Definition: XrdTlsContext.hh:258
const CTX_Params * GetParams()
static const uint64_t nopxy
Do not allow proxy certs.
Definition: XrdTlsContext.hh:230
static const int crlRS
Bits to shift vdept.
Definition: XrdTlsContext.hh:234
static const int scClnt
Turn on cache client mode.
Definition: XrdTlsContext.hh:132
static const int scNone
Do not change any option settings.
Definition: XrdTlsContext.hh:129
XrdTlsContext(const char *cert=0, const char *key=0, const char *cadir=0, const char *cafile=0, uint64_t opts=0, std::string *eMsg=0)
int crlRT
crl refresh interval time in seconds
Definition: XrdTlsContext.hh:77
static const uint64_t servr
This is a server context.
Definition: XrdTlsContext.hh:228
XrdTlsContext & operator=(const XrdTlsContext &ctx)=delete
~CTX_Params()
Definition: XrdTlsContext.hh:81
void * Session()
void * Context()
uint64_t opts
Options as passed to the constructor.
Definition: XrdTlsContext.hh:76
static const char * Init()
static const uint64_t crlFC
Full crl chain checking.
Definition: XrdTlsContext.hh:232
Definition: XrdSysLogger.hh:52
static const int scFMax
Definition: XrdTlsContext.hh:135
static const int scSrvr
Turn on cache server mode (default)
Definition: XrdTlsContext.hh:131
Definition: XrdTlsContext.hh:36
static const int scKeep
Info: TLS-controlled flush disabled.
Definition: XrdTlsContext.hh:133
std::string cafile
-&gt; ca cert file.
Definition: XrdTlsContext.hh:75
static const uint64_t vdept
Mask to isolate vdept.
Definition: XrdTlsContext.hh:225
std::string cert
-&gt; certificate path.
Definition: XrdTlsContext.hh:72
static const uint64_t artON
Auto retry Handshake.
Definition: XrdTlsContext.hh:235
static const uint64_t hsto
Mask to isolate the hsto.
Definition: XrdTlsContext.hh:224
int rsvd
Definition: XrdTlsContext.hh:78
static const uint64_t dnsok
Trust DNS for host name.
Definition: XrdTlsContext.hh:229
~XrdTlsContext()
Destructor.
static const int scOff
Turn off cache.
Definition: XrdTlsContext.hh:130
static const uint64_t logVF
Log verify failures.
Definition: XrdTlsContext.hh:227
Definition: XrdTlsContext.hh:71
static void SetDefaultCiphers(const char *ciphers)
static const int scIdErr
Info: Id not set, is too long.
Definition: XrdTlsContext.hh:134
static const uint64_t crlRF
Init crl refresh in Min.
Definition: XrdTlsContext.hh:233