CernVM-FS  2.12.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
whitelist.h
Go to the documentation of this file.
1 
5 #ifndef CVMFS_WHITELIST_H_
6 #define CVMFS_WHITELIST_H_
7 
8 #include <gtest/gtest_prod.h>
9 #include <inttypes.h>
10 
11 #include <ctime>
12 #include <string>
13 #include <vector>
14 
15 #include "crypto/hash.h"
16 
17 namespace download {
18 class DownloadManager;
19 }
20 
21 namespace signature {
22 class SignatureManager;
23 }
24 
25 
26 namespace whitelist {
27 
28 enum Failures {
29  kFailOk = 0,
44 
46 };
47 
48 
49 inline const char *Code2Ascii(const Failures error) {
50  const char *texts[kFailNumEntries + 1];
51  texts[0] = "OK";
52  texts[1] = "failed to download whitelist";
53  texts[2] = "empty whitelist";
54  texts[3] = "malformed whitelist";
55  texts[4] = "repository name mismatch on whitelist";
56  texts[5] = "expired whitelist";
57  texts[6] = "invalid whitelist signature";
58  texts[7] = "failed to download whitelist (pkcs7)";
59  texts[8] = "empty whitelist (pkcs7)";
60  texts[9] = "malformed whitelist (pkcs7)";
61  texts[10] = "invalid whitelist signer (pkcs7)";
62  texts[11] = "invalid whitelist (pkcs7)";
63  texts[12] = "failed to verify CA chain";
64  texts[13] = "certificate not on whitelist";
65  texts[14] = "certificate blacklisted";
66  texts[15] = "no text";
67  return texts[error];
68 }
69 
70 
71 class Whitelist {
72  FRIEND_TEST(T_Whitelist, ParseWhitelist);
73 
74  public:
75  enum Status {
78  };
79 
80  static std::string CreateString(
81  const std::string &fqrn,
82  int validity_days,
83  shash::Algorithms hash_algorithm,
84  signature::SignatureManager *signature_manager);
85 
86  Whitelist(const std::string &fqrn,
87  download::DownloadManager *download_manager,
88  signature::SignatureManager *signature_manager);
89  ~Whitelist();
90  explicit Whitelist(const Whitelist &other);
91  Whitelist &operator= (const Whitelist &other);
92  Failures LoadUrl(const std::string &base_url);
93  Failures LoadMem(const std::string &whitelist);
94 
95  void CopyBuffers(unsigned *plain_size, unsigned char **plain_buf,
96  unsigned *pkcs7_size, unsigned char **pkcs7_buf) const;
97  time_t expires() const;
98  bool IsExpired() const;
100 
101  std::string ExportString() const;
102 
103  Status status() const { return status_; }
104 
105  private:
106  Whitelist();
107 
108  static const int kFlagVerifyRsa;
109  static const int kFlagVerifyPkcs7;
110  static const int kFlagVerifyCaChain;
111 
112  bool IsBefore(time_t now, const struct tm &t_whitelist);
114  Failures ParseWhitelist(const unsigned char *whitelist,
115  const unsigned whitelist_size);
116  void Reset();
117 
118  std::string fqrn_;
121 
123  std::vector<shash::Any> fingerprints_;
124  time_t expires_;
126  unsigned char *plain_buf_;
127  unsigned plain_size_;
128  unsigned char *pkcs7_buf_;
129  unsigned pkcs7_size_;
130 };
131 
132 } // namespace whitelist
133 
134 #endif // CVMFS_WHITELIST_H_
unsigned plain_size_
Definition: whitelist.h:127
unsigned pkcs7_size_
Definition: whitelist.h:129
Failures LoadUrl(const std::string &base_url)
Definition: whitelist.cc:216
unsigned char * pkcs7_buf_
Definition: whitelist.h:128
Failures VerifyLoadedCertificate() const
Definition: whitelist.cc:95
void CopyBuffers(unsigned *plain_size, unsigned char **plain_buf, unsigned *pkcs7_size, unsigned char **pkcs7_buf) const
Definition: whitelist.cc:28
bool IsBefore(time_t now, const struct tm &t_whitelist)
Definition: whitelist.cc:265
Status status() const
Definition: whitelist.h:103
static const int kFlagVerifyPkcs7
Definition: whitelist.h:109
unsigned char * plain_buf_
Definition: whitelist.h:126
Algorithms
Definition: hash.h:41
Failures ParseWhitelist(const unsigned char *whitelist, const unsigned whitelist_size)
Definition: whitelist.cc:280
FRIEND_TEST(T_Whitelist, ParseWhitelist)
std::string fqrn_
Definition: whitelist.h:118
const char * Code2Ascii(const Failures error)
Definition: whitelist.h:49
download::DownloadManager * download_manager_
Definition: whitelist.h:119
static const int kFlagVerifyRsa
Definition: whitelist.h:108
Failures VerifyWhitelist()
Definition: whitelist.cc:129
const whitelist::Whitelist * whitelist() const
Definition: repository.h:124
time_t expires() const
Definition: whitelist.cc:83
std::string ExportString() const
Definition: whitelist.cc:77
bool IsExpired() const
Definition: whitelist.cc:89
Whitelist & operator=(const Whitelist &other)
Definition: whitelist.cc:447
static std::string CreateString(const std::string &fqrn, int validity_days, shash::Algorithms hash_algorithm, signature::SignatureManager *signature_manager)
Definition: whitelist.cc:47
static const int kFlagVerifyCaChain
Definition: whitelist.h:110
Failures LoadMem(const std::string &whitelist)
Definition: whitelist.cc:196
std::vector< shash::Any > fingerprints_
Definition: whitelist.h:123
signature::SignatureManager * signature_manager_
Definition: whitelist.h:120