diff options
Diffstat (limited to 'include/modules/ssl.h')
-rw-r--r-- | include/modules/ssl.h | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h new file mode 100644 index 000000000..a79dcc9ef --- /dev/null +++ b/include/modules/ssl.h @@ -0,0 +1,172 @@ +/* + * InspIRCd -- Internet Relay Chat Daemon + * + * Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org> + * Copyright (C) 2006 Craig Edwards <craigedwards@brainbox.cc> + * + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + + +#pragma once + +#include <map> +#include <string> + +/** ssl_cert is a class which abstracts SSL certificate + * and key information. + * + * Because gnutls and openssl represent key information in + * wildly different ways, this class allows it to be accessed + * in a unified manner. These classes are attached to ssl- + * connected local users using SSLCertExt + */ +class ssl_cert : public refcountbase +{ + public: + std::string dn; + std::string issuer; + std::string error; + std::string fingerprint; + bool trusted, invalid, unknownsigner, revoked; + + ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {} + + /** Get certificate distinguished name + * @return Certificate DN + */ + const std::string& GetDN() + { + return dn; + } + + /** Get Certificate issuer + * @return Certificate issuer + */ + const std::string& GetIssuer() + { + return issuer; + } + + /** Get error string if an error has occured + * @return The error associated with this users certificate, + * or an empty string if there is no error. + */ + const std::string& GetError() + { + return error; + } + + /** Get key fingerprint. + * @return The key fingerprint as a hex string. + */ + const std::string& GetFingerprint() + { + return fingerprint; + } + + /** Get trust status + * @return True if this is a trusted certificate + * (the certificate chain validates) + */ + bool IsTrusted() + { + return trusted; + } + + /** Get validity status + * @return True if the certificate itself is + * correctly formed. + */ + bool IsInvalid() + { + return invalid; + } + + /** Get signer status + * @return True if the certificate appears to be + * self-signed. + */ + bool IsUnknownSigner() + { + return unknownsigner; + } + + /** Get revokation status. + * @return True if the certificate is revoked. + * Note that this only works properly for GnuTLS + * right now. + */ + bool IsRevoked() + { + return revoked; + } + + bool IsCAVerified() + { + return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + } + + std::string GetMetaLine() + { + std::stringstream value; + bool hasError = !error.empty(); + value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") + << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << GetError(); + else + value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); + return value.str(); + } +}; + +/** Get certificate from a socket (only useful with an SSL module) */ +struct SocketCertificateRequest : public Request +{ + StreamSocket* const sock; + ssl_cert* cert; + + SocketCertificateRequest(StreamSocket* ss, Module* Me) + : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL) + { + Send(); + } + + std::string GetFingerprint() + { + if (cert) + return cert->GetFingerprint(); + return ""; + } +}; + +/** Get certificate from a user (requires m_sslinfo) */ +struct UserCertificateRequest : public Request +{ + User* const user; + ssl_cert* cert; + + UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so")) + : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL) + { + Send(); + } + + std::string GetFingerprint() + { + if (cert) + return cert->GetFingerprint(); + return ""; + } +}; |