Roxen.git / server / etc / modules / CertDB.pmod

version» Context lines:

Roxen.git/server/etc/modules/CertDB.pmod:84:    return res || "<NO SUITABLE NAME>";   }      protected variant string format_dn(string(8bit) dn)   {    // FIXME: Support X.509v2?    Sequence seq = Standards.ASN1.Decode.secure_der_decode(dn, ([]));    return format_dn(seq);   }    - protected void low_refresh_pem(int pem_id) + protected void low_refresh_pem(int pem_id, int|void force)   {    Sql.Sql db = DBManager.cached_get("roxen");       array(mapping(string:int|string)) tmp =    db->typed_query("SELECT * "    " FROM cert_pem_files "    " WHERE id = %d",    pem_id);    if (!sizeof(tmp)) return;       mapping(string:int|string) pem_info = tmp[0];       array(mapping(string:int|string)) certs = ({});    array(mapping(string:int|string)) keys = ({});       string pem_file = pem_info->path;    -  +  if (!sizeof(pem_file)) return; +     string raw_pem;    string pem_hash;       Stdio.Stat st = lfile_stat(pem_file);    if (st) {    // FIXME: Check if mtime hash changed before reading the file?       SSL3_WERR (sprintf ("Reading cert file %O", pem_file));    if( catch{ raw_pem = lopen(pem_file, "r")->read(); } )    {    werror("Reading PEM file %O failed: %s\n",    pem_file, strerror(errno()));    } else {    pem_hash = Crypto.SHA256.hash(raw_pem); -  if (pem_info->hash == pem_hash) { +  if ((pem_info->hash == pem_hash) && !force) {    // No change.    return;    }    }    }       if (!raw_pem) {    // Mark any old certs and keys as stale.    db->query("UPDATE certs "    " SET pem_id = NULL, "
Roxen.git/server/etc/modules/CertDB.pmod:379:    // Update metadata about the imported PEM file.    db->query("UPDATE cert_pem_files "    " SET hash = %s, "    " mtime = %d, "    " itime = %d "    " WHERE id = %d",    pem_hash, st->mtime, time(1),    pem_id);   }    + //! Refresh a single PEM file.   void refresh_pem(int pem_id)   {    object privs = Privs("Reading cert file");       low_refresh_pem(pem_id);   }    -  + //! Refresh all known PEM files. + void refresh_all_pem_files(int|void force) + { +  Sql.Sql db = DBManager.cached_get("roxen"); +  +  object privs = Privs("Reading cert file"); +  +  foreach(db->typed_query("SELECT id FROM cert_pem_files")->id, int pem_id) { +  low_refresh_pem(pem_id, force); +  } + } +    //! Register a single PEM file (no @[Privs]).   //!   //! @note   //! Registering a certificate or key file twice is a noop.   //!   //! @returns   //! Returns the id for the PEM file.   //!   //! @note   //! Return value differs from that of @[register_pem_files()].
Roxen.git/server/etc/modules/CertDB.pmod:468:   //!   //! @seealso   //! @[register_pem_file()]   array(int) register_pem_files(array(string) pem_files, string|void password)   {    Sql.Sql db = DBManager.cached_get("roxen");       object privs = Privs("Reading cert file");       array(int) pem_ids = ({}); -  foreach(map(pem_files, String.trim_whites), string pem_file) { +  foreach(map(pem_files, String.trim_all_whites), string pem_file) {    if (pem_file == "") continue;       pem_ids += ({ low_register_pem_file(pem_file, password) });    }       privs = 0;       // FIXME: Move the following code to a separate function to improve API?    // (And instead just return pem_ids)?    array(int) keypairs = ({});