Roxen.git / server / etc / modules / CertDB.pmod

version» Context lines:

Roxen.git/server/etc/modules/CertDB.pmod:259:    db->query("UPDATE cert_keys "    " SET pem_id = %d, "    " msg_no = %d "    " WHERE id = %d",    pem_id, msg_no,    tmp[0]->id);    }    }   }    - protected void low_refresh_pem(int pem_id, int|void force) + protected int low_refresh_pem(int pem_id, int|void force)   {    Sql.Sql db = DBManager.cached_get("roxen");       array(sql_row) tmp =    db->typed_query("SELECT * "    " FROM cert_pem_files "    " WHERE id = %d",    pem_id); -  if (!sizeof(tmp)) return; +  if (!sizeof(tmp)) return 0;       sql_row pem_info = tmp[0];       string pem_file = pem_info->path;    -  if (!sizeof(pem_file)) return; +  if (!sizeof(pem_file)) return 0;       string raw_pem;    string pem_hash;       Stdio.Stat st = lfile_stat(pem_file);    if (st) {    // FIXME: Check if mtime has changed before reading the file?       SSL3_WERR("Reading cert file %O\n", pem_file);    if( catch{ raw_pem = lopen(pem_file, "r")->read(); } )    {    SSL3_WERR("Reading PEM file %O failed: %s\n",    pem_file, strerror(errno()));    } else {    pem_hash = Crypto.SHA256.hash(raw_pem);    if ((pem_info->hash == pem_hash) && !force) {    // No change.    SSL3_WERR("PEM file not modified since last import.\n"); -  return; +  return 0;    }    }    }       if (!raw_pem) {    // Mark any old certs and keys as stale.    db->query("UPDATE certs "    " SET pem_id = NULL, "    " msg_no = NULL "    " WHERE pem_id = %d",    pem_id);    db->query("UPDATE cert_keys "    " SET pem_id = NULL, "    " msg_no = NULL "    " WHERE pem_id = %d",    pem_id); -  return; +  return 0;    }       // Mark any old certs and keys as update in progress.    db->query("UPDATE certs "    " SET msg_no = NULL "    " WHERE pem_id = %d",    pem_id);    db->query("UPDATE cert_keys "    " SET msg_no = NULL "    " WHERE pem_id = %d",
Roxen.git/server/etc/modules/CertDB.pmod:393:    pem_id);       // Update metadata about the imported PEM file.    db->query("UPDATE cert_pem_files "    " SET hash = %s, "    " mtime = %d, "    " itime = %d "    " WHERE id = %d",    pem_hash, st->mtime, time(1),    pem_id); +  +  return 1;   }      //! Refresh a single PEM file. - void refresh_pem(int pem_id) + int refresh_pem(int pem_id)   {    object privs = Privs("Reading cert file");    -  low_refresh_pem(pem_id); +  return low_refresh_pem(pem_id);   }      //! Refresh all known PEM files. - void refresh_all_pem_files(int|void force) + int refresh_all_pem_files(int|void force)   {    Sql.Sql db = DBManager.cached_get("roxen"); -  +  int count = 0;       object privs = Privs("Reading cert file");       foreach(db->typed_query("SELECT id FROM cert_pem_files")->id, int pem_id) { -  low_refresh_pem(pem_id, force); +  count += low_refresh_pem(pem_id, force);    } -  +  +  return count;   }      //! Register a single PEM file (no @[Privs]).   //!   //! @note   //! Registering a certificate or key file twice is a noop.   //!   //! @returns   //! Returns the id for the PEM file.   //!
Roxen.git/server/etc/modules/CertDB.pmod:490:   //! Registering a certificate or key file twice is a noop.   //!   //! @returns   //! Returns resulting keypair ids for the certificates (if any).   //!   //! @note   //! Return value differs from that of @[register_pem_file()].   //!   //! @seealso   //! @[register_pem_file()] - array(int) register_pem_files(array(string) pem_files, string|void password) + array(string) register_pem_files(array(string) pem_files, string|void password)   {    Sql.Sql db = DBManager.cached_get("roxen");       object privs = Privs("Reading cert file");       array(int) pem_ids = ({});    foreach(map(pem_files, String.trim_all_whites), string pem_file) {    if (pem_file == "") continue;       pem_ids += ({ low_register_pem_file(pem_file, password) });    }       privs = 0;       // FIXME: Move the following code to a separate function to improve API?    // (And instead just return pem_ids)? -  array(int) keypairs = ({}); +  array(string) keypair_names = ({});       foreach(Array.uniq(pem_ids), int pem_id) { -  keypairs += -  db->typed_query("SELECT cert_keypairs.id AS id" +  keypair_names += +  db->typed_query("SELECT cert_keypairs.name AS name"    " FROM cert_keys, cert_keypairs "    " WHERE pem_id = %d "    " AND cert_keypairs.key_id = cert_keys.id", -  pem_id)->id; +  pem_id)->name;    } -  return sort(keypairs); +  return Array.uniq(sort(keypair_names));   }      //! Get the private key and the list of certificates given a keypair id.   array(Crypto.Sign.State|array(string)) get_keypair(int keypair_id)   {    // FIXME: Consider having a keypair lookup cache.       Sql.Sql db = DBManager.cached_get("roxen");       array(sql_row) tmp =
Roxen.git/server/etc/modules/CertDB.pmod:638:    " WHERE id = %d",    tmp[0]->pem_id);    if (sizeof(tmp)) {    res->certs[-1]->pem_path = tmp[0]->path;    }    }    }       return res;   } +  + array(int) get_keypairs_by_name(string name) + { +  Sql.Sql db = DBManager.cached_get("roxen"); +  +  array(int) res = +  db->typed_query("SELECT cert_keypairs.id AS id " +  " FROM cert_keypairs, certs " +  " WHERE name = %s " +  " AND cert_id = certs.id " +  " AND pem_id IS NOT NULL " +  " ORDER BY expires ASC", name)->id; +  if (!sizeof(res)) { +  res = +  db->typed_query("SELECT cert_keypairs.id AS id " +  " FROM cert_keypairs, certs " +  " WHERE name = %s " +  " AND cert_id = certs.id " +  " ORDER BY expires DESC " +  " LIMIT 1", name)->id; +  } +  return res; + }