XRootD
XrdTlsCrl Namespace Reference

Functions

void * Refresh (void *parg)
 

Function Documentation

◆ Refresh()

void* XrdTlsCrl::Refresh ( void *  parg)

Definition at line 87 of file XrdTlsContext.cc.

88 {
89  EPNAME("Refresh");
90  int sleepTime;
91  bool doreplace;
92 
93 // Get the implementation details
94 //
95  XrdTlsContextImpl *ctxImpl = static_cast<XrdTlsContextImpl*>(parg);
96 
97 // Indicate we have started in the trace record
98 //
99  DBG_CTX("CRL refresh started.")
100 
101 // Do this forever but first get the sleep time
102 //
103 do{ctxImpl->crlMutex.ReadLock();
104  sleepTime = ctxImpl->Parm.crlRT;
105  ctxImpl->crlMutex.UnLock();
106 
107 // We may have been cancelled, in which case we just exit
108 //
109  if (!sleepTime)
110  {ctxImpl->crlMutex.WriteLock();
111  ctxImpl->crlRunning = false;
112  ctxImpl->crlMutex.UnLock();
113  DBG_CTX("CRL refresh ending by request!");
114  return (void *)0;
115  }
116 
117 // Indicate we how long before a refresh
118 //
119  DBG_CTX("CRL refresh will happen in " <<sleepTime <<" seconds.");
120 
121 // Now sleep the request amount of time
122 //
123  XrdSysTimer::Snooze(sleepTime);
124 
125  if (ctxImpl->owner->x509Verify() || ctxImpl->owner->newHostCertificateDetected()) {
126  // Check if this context is still alive. Generally, it never gets deleted.
127  //
128  ctxImpl->crlMutex.WriteLock();
129  if (!ctxImpl->owner) break;
130 
131  // We clone the original, this will give us the latest crls (i.e. refreshed).
132  // We drop the lock while doing so as this may take a long time. This is
133  // completely safe to do because we implicitly own the implementation.
134  //
135  ctxImpl->crlMutex.UnLock();
136  XrdTlsContext *newctx = ctxImpl->owner->Clone();
137 
138  // Verify that the context was properly built
139  //
140  if (!newctx || !newctx->isOK())
141  {XrdTls::Emsg("CrlRefresh:","Refresh of context failed!!!",false);
142  continue;
143  }
144 
145  // OK, set the new context to be used next time Session() is called.
146  //
147  ctxImpl->crlMutex.WriteLock();
148  doreplace = (ctxImpl->ctxnew != 0);
149  if (doreplace) delete ctxImpl->ctxnew;
150  ctxImpl->ctxnew = newctx;
151  ctxImpl->crlMutex.UnLock();
152 
153  // Do some debugging
154  //
155  if (doreplace) {DBG_CTX("CRL refresh created replacement x509 store.");}
156  else {DBG_CTX("CRL refresh created new x509 store.");}
157  }
158  } while(true);
159 
160 // If we are here the context that started us has gone away and we are done
161 //
162  bool keepctx = ctxImpl->flsRunning;
163  ctxImpl->crlRunning = false;
164  ctxImpl->crlMutex.UnLock();
165  if (!keepctx) delete ctxImpl;
166  return (void *)0;
167 }
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
#define DBG_CTX(y)
Definition: XrdTlsTrace.hh:39
static void Snooze(int seconds)
Definition: XrdSysTimer.cc:168
XrdTlsContext * Clone(bool full=true, bool startCRLRefresh=false)
bool newHostCertificateDetected()
static void Emsg(const char *tid, const char *msg=0, bool flush=true)
Definition: XrdTls.cc:104
XrdTlsContext * owner
XrdTlsContext::CTX_Params Parm
XrdTlsContext * ctxnew
XrdSysRWLock crlMutex
int crlRT
crl refresh interval time in seconds

References XrdTlsContext::Clone(), XrdTlsContextImpl::crlMutex, XrdTlsContext::CTX_Params::crlRT, XrdTlsContextImpl::crlRunning, XrdTlsContextImpl::ctxnew, DBG_CTX, XrdTls::Emsg(), EPNAME, XrdTlsContextImpl::flsRunning, XrdTlsContext::isOK(), XrdTlsContext::newHostCertificateDetected(), XrdTlsContextImpl::owner, XrdTlsContextImpl::Parm, XrdSysRWLock::ReadLock(), XrdSysTimer::Snooze(), XrdSysRWLock::UnLock(), XrdSysRWLock::WriteLock(), and XrdTlsContext::x509Verify().

Referenced by XrdDigAuth::Authorize(), and XrdTlsContext::SetCrlRefresh().

+ Here is the call graph for this function:
+ Here is the caller graph for this function: