xrootd
XrdTlsContext.hh
Go to the documentation of this file.
1#ifndef __XRD_TLSCONTEXT_HH__
2#define __XRD_TLSCONTEXT_HH__
3//------------------------------------------------------------------------------
4// Copyright (c) 2011-2018 by European Organization for Nuclear Research (CERN)
5// Author: Michal Simon <simonm@cern.ch>
6//------------------------------------------------------------------------------
7// XRootD is free software: you can redistribute it and/or modify
8// it under the terms of the GNU Lesser General Public License as published by
9// the Free Software Foundation, either version 3 of the License, or
10// (at your option) any later version.
11//
12// XRootD is distributed in the hope that it will be useful,
13// but WITHOUT ANY WARRANTY; without even the implied warranty of
14// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15// GNU General Public License for more details.
16//
17// You should have received a copy of the GNU Lesser General Public License
18// along with XRootD. If not, see <http://www.gnu.org/licenses/>.
19//------------------------------------------------------------------------------
20
21#include <cstdint>
22//#include <string>
23
24//----------------------------------------------------------------------------
25// Forward declarations
26//----------------------------------------------------------------------------
27
28class XrdSysLogger;
29struct XrdTlsContextImpl;
30struct XrdTlsSocket;
31
32/******************************************************************************/
33/* X r d T l s C o n t e x t */
34/******************************************************************************/
35
37{
38public:
39
40//------------------------------------------------------------------------
53//------------------------------------------------------------------------
54
55XrdTlsContext *Clone(bool full=true);
56
57//------------------------------------------------------------------------
61//------------------------------------------------------------------------
62
63void *Context();
64
65//------------------------------------------------------------------------
69//------------------------------------------------------------------------
70
72 {std::string cert;
73 std::string pkey;
74 std::string cadir;
75 std::string cafile;
76 uint64_t opts;
77 int crlRT;
78 int rsvd;
79
80 CTX_Params() : opts(0), crlRT(8*60*60), rsvd(0) {}
82 };
83
84const
86
87//------------------------------------------------------------------------
95//------------------------------------------------------------------------
96static
97const char *Init();
98
99//------------------------------------------------------------------------
103//------------------------------------------------------------------------
104
105bool isOK();
106
107//------------------------------------------------------------------------
111//------------------------------------------------------------------------
112
113void *Session();
114
115//------------------------------------------------------------------------
127//------------------------------------------------------------------------
128
129static const int scNone = 0x00000000;
130static const int scOff = 0x00010000;
131static const int scSrvr = 0x00020000;
132static const int scClnt = 0x00040000;
133static const int scKeep = 0x40000000;
134static const int scIdErr= 0x80000000;
135static const int scFMax = 0x00007fff;
137
138 int SessionCache(int opts=scNone, const char *id=0, int idlen=0);
139
140//------------------------------------------------------------------------
147//------------------------------------------------------------------------
148
149bool SetContextCiphers(const char *ciphers);
150
151//------------------------------------------------------------------------
155//------------------------------------------------------------------------
156static
157void SetDefaultCiphers(const char *ciphers);
158
159//------------------------------------------------------------------------
169//------------------------------------------------------------------------
170
171 bool SetCrlRefresh(int refsec=-1);
172
173//------------------------------------------------------------------------
177//------------------------------------------------------------------------
178
180
181//------------------------------------------------------------------------
222//------------------------------------------------------------------------
223
224static const uint64_t hsto = 0x00000000000000ff;
225static const uint64_t vdept = 0x000000000000ff00;
226static const int vdepS = 8;
227static const uint64_t logVF = 0x0000000800000000;
228static const uint64_t servr = 0x0000000400000000;
229static const uint64_t dnsok = 0x0000000200000000;
230static const uint64_t nopxy = 0x0000000100000000;
231static const uint64_t crlON = 0x0000008000000000;
232static const uint64_t crlFC = 0x000000C000000000;
233static const uint64_t crlRF = 0x000000003fff0000;
234static const int crlRS = 16;
235static const uint64_t artON = 0x0000002000000000;
236
237 XrdTlsContext(const char *cert=0, const char *key=0,
238 const char *cadir=0, const char *cafile=0,
239 uint64_t opts=0, std::string *eMsg=0);
240
241//------------------------------------------------------------------------
243//------------------------------------------------------------------------
244
246
247//------------------------------------------------------------------------
249//------------------------------------------------------------------------
250
251 XrdTlsContext( const XrdTlsContext &ctx ) = delete;
252 XrdTlsContext( XrdTlsContext &&ctx ) = delete;
253
254 XrdTlsContext& operator=( const XrdTlsContext &ctx ) = delete;
256
257private:
258 XrdTlsContextImpl *pImpl;
259};
260
261/******************************************************************************/
262/* O p t i o n M a n i p u l a t i o n M a c r o s */
263/******************************************************************************/
264
265//------------------------------------------------------------------------
270//------------------------------------------------------------------------
271
272#define TLS_SET_HSTO(cOpts,hstv) \
273 ((cOpts & ~XrdTlsContext::hsto) | (hstv & XrdTlsContext::hsto))
274
275//------------------------------------------------------------------------
282//------------------------------------------------------------------------
283
284#define TLS_SET_REFINT(cOpts,refi) ((cOpts & ~XrdTlsContext::crlRF) |\
285 (XrdTlsContext::crlRF & (refi <<XrdTlsContext::crlRS)))
286
287//------------------------------------------------------------------------
294//------------------------------------------------------------------------
295
296#define TLS_SET_VDEPTH(cOpts,vdv) ((cOpts & ~XrdTlsContext::vdept) |\
297 (XrdTlsContext::vdept & (vdv <<XrdTlsContext::vdepS)))
298
299#endif // __XRD_TLSCONTEXT_HH__
Definition: XrdSysLogger.hh:53
Definition: XrdTlsContext.hh:37
static const char * Init()
static const int scIdErr
Info: Id not set, is too long.
Definition: XrdTlsContext.hh:134
XrdTlsContext & operator=(const XrdTlsContext &ctx)=delete
~XrdTlsContext()
Destructor.
static void SetDefaultCiphers(const char *ciphers)
static const uint64_t hsto
Mask to isolate the hsto.
Definition: XrdTlsContext.hh:224
static const uint64_t vdept
Mask to isolate vdept.
Definition: XrdTlsContext.hh:225
static const int crlRS
Bits to shift vdept.
Definition: XrdTlsContext.hh:234
int SessionCache(int opts=scNone, const char *id=0, int idlen=0)
XrdTlsContext(const char *cert=0, const char *key=0, const char *cadir=0, const char *cafile=0, uint64_t opts=0, std::string *eMsg=0)
static const int scClnt
Turn on cache client mode.
Definition: XrdTlsContext.hh:132
static const uint64_t servr
This is a server context.
Definition: XrdTlsContext.hh:228
static const int scKeep
Info: TLS-controlled flush disabled.
Definition: XrdTlsContext.hh:133
static const uint64_t nopxy
Do not allow proxy certs.
Definition: XrdTlsContext.hh:230
static const int scNone
Do not change any option settings.
Definition: XrdTlsContext.hh:129
XrdTlsContext(const XrdTlsContext &ctx)=delete
Disallow any copies of this object.
static const uint64_t logVF
Log verify failures.
Definition: XrdTlsContext.hh:227
static const uint64_t crlFC
Full crl chain checking.
Definition: XrdTlsContext.hh:232
bool x509Verify()
static const uint64_t crlON
Enables crl checking.
Definition: XrdTlsContext.hh:231
static const uint64_t artON
Auto retry Handshake.
Definition: XrdTlsContext.hh:235
void * Session()
void * Context()
XrdTlsContext(XrdTlsContext &&ctx)=delete
static const int vdepS
Bits to shift vdept.
Definition: XrdTlsContext.hh:226
static const int scOff
Turn off cache.
Definition: XrdTlsContext.hh:130
XrdTlsContext & operator=(XrdTlsContext &&ctx)=delete
static const uint64_t dnsok
Trust DNS for host name.
Definition: XrdTlsContext.hh:229
bool SetContextCiphers(const char *ciphers)
static const int scFMax
Definition: XrdTlsContext.hh:135
XrdTlsContextImpl * pImpl
Definition: XrdTlsContext.hh:258
XrdTlsContext * Clone(bool full=true)
bool SetCrlRefresh(int refsec=-1)
static const int scSrvr
Turn on cache server mode (default)
Definition: XrdTlsContext.hh:131
static const uint64_t crlRF
Init crl refresh in Min.
Definition: XrdTlsContext.hh:233
const CTX_Params * GetParams()
Socket wrapper for TLS I/O.
Definition: XrdTlsSocket.hh:40
Definition: XrdTlsContext.hh:72
std::string cafile
-> ca cert file.
Definition: XrdTlsContext.hh:75
~CTX_Params()
Definition: XrdTlsContext.hh:81
uint64_t opts
Options as passed to the constructor.
Definition: XrdTlsContext.hh:76
std::string cadir
-> ca cert directory.
Definition: XrdTlsContext.hh:74
int rsvd
Definition: XrdTlsContext.hh:78
int crlRT
crl refresh interval time in seconds
Definition: XrdTlsContext.hh:77
std::string pkey
-> private key path.
Definition: XrdTlsContext.hh:73
std::string cert
-> certificate path.
Definition: XrdTlsContext.hh:72
CTX_Params()
Definition: XrdTlsContext.hh:80