/* +------------------------------------+ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * * InspIRCd: (C) 2002-2009 InspIRCd Development Team * See: http://wiki.inspircd.org/Credits * * This program is free but copyrighted software; see * the file COPYING for details. * * --------------------------------------------------- */ #ifndef __SSL_H__ #define __SSL_H__ #include #include /** ssl_cert is a class which abstracts SSL certificate * and key information. * * Because gnutls and openssl represent key information in * wildly different ways, this class allows it to be accessed * in a unified manner. These classes are attached to ssl- * connected local users using SSLCertExt */ class ssl_cert : public refcountbase { public: std::string dn; std::string issuer; std::string error; std::string fingerprint; bool trusted, invalid, unknownsigner, revoked; /** Get certificate distinguished name * @return Certificate DN */ const std::string& GetDN() { return dn; } /** Get Certificate issuer * @return Certificate issuer */ const std::string& GetIssuer() { return issuer; } /** Get error string if an error has occured * @return The error associated with this users certificate, * or an empty string if there is no error. */ const std::string& GetError() { return error; } /** Get key fingerprint. * @return The key fingerprint as a hex string. */ const std::string& GetFingerprint() { return fingerprint; } /** Get trust status * @return True if this is a trusted certificate * (the certificate chain validates) */ bool IsTrusted() { return trusted; } /** Get validity status * @return True if the certificate itself is * correctly formed. */ bool IsInvalid() { return invalid; } /** Get signer status * @return True if the certificate appears to be * self-signed. */ bool IsUnknownSigner() { return unknownsigner; } /** Get revokation status. * @return True if the certificate is revoked. * Note that this only works properly for GnuTLS * right now. */ bool IsRevoked() { return revoked; } std::string GetMetaLine() { std::stringstream value; bool hasError = error.length(); value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; if (hasError) value << GetError(); else value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); return value.str(); } }; /** Get certificate from a socket (only useful with an SSL module) */ struct SocketCertificateRequest : public Request { StreamSocket* const sock; ssl_cert* cert; SocketCertificateRequest(StreamSocket* ss, Module* Me, Module* hook) : Request(Me, hook, "GET_SSL_CERT"), sock(ss), cert(NULL) { Send(); } std::string GetFingerprint() { if (cert) return cert->GetFingerprint(); return ""; } }; /** Get certificate from a user (requires m_sslinfo) */ struct UserCertificateRequest : public Request { User* const user; ssl_cert* cert; UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so")) : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL) { Send(); } std::string GetFingerprint() { if (cert) return cert->GetFingerprint(); return ""; } }; struct SSLCertSubmission : public Request { Extensible* const item; ssl_cert* const cert; SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert) : Request(Me, Target, "SET_CERT"), item(is), cert(Cert) { Send(); } }; #endif