XRootD
XrdTlsCrl Namespace Reference

Functions

void * Refresh (void *parg)
 

Function Documentation

◆ Refresh()

void* XrdTlsCrl::Refresh ( void *  parg)

Definition at line 84 of file XrdTlsContext.cc.

85 {
86  EPNAME("Refresh");
87  int sleepTime;
88  bool doreplace;
89 
90 // Get the implementation details
91 //
92  XrdTlsContextImpl *ctxImpl = static_cast<XrdTlsContextImpl*>(parg);
93 
94 // Indicate we have started in the trace record
95 //
96  DBG_CTX("CRL refresh started.")
97 
98 // Do this forever but first get the sleep time
99 //
100 do{ctxImpl->crlMutex.ReadLock();
101  sleepTime = ctxImpl->Parm.crlRT;
102  ctxImpl->crlMutex.UnLock();
103 
104 // We may have been cancelled, in which case we just exit
105 //
106  if (!sleepTime)
107  {ctxImpl->crlMutex.WriteLock();
108  ctxImpl->crlRunning = false;
109  ctxImpl->crlMutex.UnLock();
110  DBG_CTX("CRL refresh ending by request!");
111  return (void *)0;
112  }
113 
114 // Indicate we how long before a refresh
115 //
116  DBG_CTX("CRL refresh will happen in " <<sleepTime <<" seconds.");
117 
118 // Now sleep the request amount of time
119 //
120  XrdSysTimer::Snooze(sleepTime);
121 
122  if (ctxImpl->owner->x509Verify() || ctxImpl->owner->newHostCertificateDetected()) {
123  // Check if this context is still alive. Generally, it never gets deleted.
124  //
125  ctxImpl->crlMutex.WriteLock();
126  if (!ctxImpl->owner) break;
127 
128  // We clone the original, this will give us the latest crls (i.e. refreshed).
129  // We drop the lock while doing so as this may take a long time. This is
130  // completely safe to do because we implicitly own the implementation.
131  //
132  ctxImpl->crlMutex.UnLock();
133  XrdTlsContext *newctx = ctxImpl->owner->Clone();
134 
135  // Verify that the context was properly built
136  //
137  if (!newctx || !newctx->isOK())
138  {XrdTls::Emsg("CrlRefresh:","Refresh of context failed!!!",false);
139  continue;
140  }
141 
142  // OK, set the new context to be used next time Session() is called.
143  //
144  ctxImpl->crlMutex.WriteLock();
145  doreplace = (ctxImpl->ctxnew != 0);
146  if (doreplace) delete ctxImpl->ctxnew;
147  ctxImpl->ctxnew = newctx;
148  ctxImpl->crlMutex.UnLock();
149 
150  // Do some debugging
151  //
152  if (doreplace) {DBG_CTX("CRL refresh created replacement x509 store.");}
153  else {DBG_CTX("CRL refresh created new x509 store.");}
154  }
155  } while(true);
156 
157 // If we are here the context that started us has gone away and we are done
158 //
159  bool keepctx = ctxImpl->flsRunning;
160  ctxImpl->crlRunning = false;
161  ctxImpl->crlMutex.UnLock();
162  if (!keepctx) delete ctxImpl;
163  return (void *)0;
164 }
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
#define DBG_CTX(y)
Definition: XrdTlsTrace.hh:39
static void Snooze(int seconds)
Definition: XrdSysTimer.cc:168
XrdTlsContext * Clone(bool full=true, bool startCRLRefresh=false)
bool newHostCertificateDetected()
static void Emsg(const char *tid, const char *msg=0, bool flush=true)
Definition: XrdTls.cc:104
XrdTlsContext * owner
XrdTlsContext::CTX_Params Parm
XrdTlsContext * ctxnew
XrdSysRWLock crlMutex
int crlRT
crl refresh interval time in seconds

References XrdTlsContext::Clone(), XrdTlsContextImpl::crlMutex, XrdTlsContext::CTX_Params::crlRT, XrdTlsContextImpl::crlRunning, XrdTlsContextImpl::ctxnew, DBG_CTX, XrdTls::Emsg(), EPNAME, XrdTlsContextImpl::flsRunning, XrdTlsContext::isOK(), XrdTlsContext::newHostCertificateDetected(), XrdTlsContextImpl::owner, XrdTlsContextImpl::Parm, XrdSysRWLock::ReadLock(), XrdSysTimer::Snooze(), XrdSysRWLock::UnLock(), XrdSysRWLock::WriteLock(), and XrdTlsContext::x509Verify().

Referenced by XrdDigAuth::Authorize(), and XrdTlsContext::SetCrlRefresh().

+ Here is the call graph for this function:
+ Here is the caller graph for this function: