2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
5 * Copyright (C) 2006 Craig Edwards <craigedwards@brainbox.cc>
7 * This file is part of InspIRCd. InspIRCd is free software: you can
8 * redistribute it and/or modify it under the terms of the GNU General Public
9 * License as published by the Free Software Foundation, version 2.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
26 /** ssl_cert is a class which abstracts SSL certificate
27 * and key information.
29 * Because gnutls and openssl represent key information in
30 * wildly different ways, this class allows it to be accessed
31 * in a unified manner. These classes are attached to ssl-
32 * connected local users using SSLCertExt
34 class ssl_cert : public refcountbase
40 std::string fingerprint;
41 bool trusted, invalid, unknownsigner, revoked;
43 ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
45 /** Get certificate distinguished name
46 * @return Certificate DN
48 const std::string& GetDN()
53 /** Get Certificate issuer
54 * @return Certificate issuer
56 const std::string& GetIssuer()
61 /** Get error string if an error has occured
62 * @return The error associated with this users certificate,
63 * or an empty string if there is no error.
65 const std::string& GetError()
70 /** Get key fingerprint.
71 * @return The key fingerprint as a hex string.
73 const std::string& GetFingerprint()
79 * @return True if this is a trusted certificate
80 * (the certificate chain validates)
87 /** Get validity status
88 * @return True if the certificate itself is
97 * @return True if the certificate appears to be
100 bool IsUnknownSigner()
102 return unknownsigner;
105 /** Get revokation status.
106 * @return True if the certificate is revoked.
107 * Note that this only works properly for GnuTLS
117 return trusted && !invalid && !revoked && !unknownsigner && error.empty();
120 std::string GetMetaLine()
122 std::stringstream value;
123 bool hasError = !error.empty();
124 value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
125 << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
129 value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
134 /** Get certificate from a socket (only useful with an SSL module) */
135 struct SocketCertificateRequest : public Request
137 StreamSocket* const sock;
140 SocketCertificateRequest(StreamSocket* ss, Module* Me)
141 : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL)
146 std::string GetFingerprint()
149 return cert->GetFingerprint();
154 /** Get certificate from a user (requires m_sslinfo) */
155 struct UserCertificateRequest : public Request
160 UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so"))
161 : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL)
166 std::string GetFingerprint()
169 return cert->GetFingerprint();