2 * This file is part of secnet.
3 * See README for full list of copyright holders.
5 * secnet is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
10 * secnet is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * version 3 along with secnet; if not, see
17 * https://www.gnu.org/licenses/gpl.html.
23 #define DEFAULT_SIZE 5
27 struct sigprivkey_if *sigpriv; /* 0 means none such */
32 struct privcache_if ops;
34 struct pathprefix_template path;
36 struct buffer_if databuf;
37 struct hash_if *defhash;
40 static struct sigprivkey_if *uncached_get(struct privcache *st,
41 const struct sigkeyid *id, struct log_if *log)
46 sprintf(st->path.write_here, SIGKEYID_PR_FMT, SIGKEYID_PR_VAL(id));
48 f = fopen(st->path.buffer,"rb");
50 if (errno == ENOENT) {
51 slilog(log,M_DEBUG,"private key %s not found",
54 slilog(log,M_ERR,"failed to open private key file %s",
61 buffer_init(&st->databuf,0);
62 ssize_t got=fread(st->databuf.base,1,st->databuf.alloclen,f);
64 slilog(log,M_ERR,"failed to read private-key file %s",
69 slilog(log,M_ERR,"private key file %s longer than max %d",
70 st->path.buffer, (int)st->databuf.alloclen);
75 struct sigprivkey_if *sigpriv=0;
76 const struct sigscheme_info *scheme;
77 for (scheme=sigschemes;
80 if (scheme->algid == id->b[GRPIDSZ])
83 slilog(log,M_ERR,"private key file %s not loaded (unknown algid)",
88 st->databuf.start=st->databuf.base;
90 struct cloc loc = { .file=st->path.buffer, .line=0 };
91 ok=scheme->loadpriv(scheme, &st->databuf, &sigpriv, log, loc);
92 if (!ok) goto out; /* loadpriv will have logged */
94 if (sigpriv->sethash) {
97 "private key %s requires `hash' config key for privcache to load",
99 sigpriv->dispose(sigpriv->st);
103 sigpriv->sethash(sigpriv->st,st->defhash);
108 return ok ? sigpriv : 0;
111 static struct sigprivkey_if *privcache_lookup(void *sst,
112 const struct sigkeyid *id,
113 struct log_if *log) {
114 struct privcache *st = sst;
118 for (was=0; was<st->used; was++) {
119 if (sigkeyid_equal(id, &st->ents[was].id)) {
120 result = st->ents[was];
125 if (st->used < st->alloc) {
130 if (st->ents[was].sigpriv) {
131 st->ents[was].sigpriv->dispose(st->ents[was].sigpriv->st);
135 COPY_OBJ(result.id, *id);
136 result.sigpriv=uncached_get(st,id,log);
139 memmove(&st->ents[1], &st->ents[0], sizeof(st->ents[0]) * was);
140 st->ents[0] = result;
141 return result.sigpriv;
144 static list_t *privcache_apply(closure_t *self, struct cloc loc,
145 dict_t *context, list_t *args)
147 struct privcache *st;
152 st->cl.description="privcache";
153 st->cl.type=CL_PRIVCACHE;
155 st->cl.interface=&st->ops;
157 st->ops.lookup=privcache_lookup;
160 st->used=st->alloc=0;
163 item=list_elem(args,0);
164 if (!item || item->type!=t_dict)
165 cfgfatal(loc,"privcache","parameter must be a dictionary\n");
167 dict=item->data.dict;
169 st->alloc=dict_read_number(dict,"privcache-size",False,"privcache",loc,
171 NEW_ARY(st->ents,st->alloc);
174 int32_t buflen=dict_read_number(dict,"privkey-max",False,"privcache",loc,
176 buffer_new(&st->databuf,buflen+1);
178 const char *path=dict_read_string(dict,"privkeys",True,"privcache",loc);
179 pathprefix_template_init(&st->path,path,KEYIDSZ*2);
181 st->defhash=find_cl_if(dict,"hash",CL_HASH,False,"site",loc);
183 return new_closure(&st->cl);
186 void privcache_module(dict_t *dict)
188 add_closure(dict,"priv-cache",privcache_apply);