7 /** A generic container for certificate data
9 typedef std::map<std::string,std::string> ssl_data;
11 /** A shorthand way of representing an iterator into ssl_data
13 typedef ssl_data::iterator ssl_data_iter;
15 /** ssl_cert is a class which abstracts SSL certificate
16 * and key information.
18 * Because gnutls and openssl represent key information in
19 * wildly different ways, this class allows it to be accessed
20 * in a unified manner. These classes are attached to ssl-
21 * connected local users using Extensible::Extend() and the
26 /** Always contains an empty string
28 const std::string empty;
31 /** The data for this certificate
35 /** Default constructor, initializes 'empty'
37 ssl_cert() : empty("")
41 /** Get certificate distinguished name
42 * @return Certificate DN
44 const std::string& GetDN()
46 ssl_data_iter ssldi = data.find("dn");
48 if (ssldi != data.end())
54 /** Get Certificate issuer
55 * @return Certificate issuer
57 const std::string& GetIssuer()
59 ssl_data_iter ssldi = data.find("issuer");
61 if (ssldi != data.end())
67 /** Get error string if an error has occured
68 * @return The error associated with this users certificate,
69 * or an empty string if there is no error.
71 const std::string& GetError()
73 ssl_data_iter ssldi = data.find("error");
75 if (ssldi != data.end())
81 /** Get key fingerprint.
82 * @return The key fingerprint as a hex string.
84 const std::string& GetFingerprint()
86 ssl_data_iter ssldi = data.find("fingerprint");
88 if (ssldi != data.end())
95 * @return True if this is a trusted certificate
96 * (the certificate chain validates)
100 ssl_data_iter ssldi = data.find("trusted");
102 if (ssldi != data.end())
103 return (ssldi->second == "1");
108 /** Get validity status
109 * @return True if the certificate itself is
114 ssl_data_iter ssldi = data.find("invalid");
116 if (ssldi != data.end())
117 return (ssldi->second == "1");
122 /** Get signer status
123 * @return True if the certificate appears to be
126 bool IsUnknownSigner()
128 ssl_data_iter ssldi = data.find("unknownsigner");
130 if (ssldi != data.end())
131 return (ssldi->second == "1");
136 /** Get revokation status.
137 * @return True if the certificate is revoked.
138 * Note that this only works properly for GnuTLS
143 ssl_data_iter ssldi = data.find("revoked");
145 if (ssldi != data.end())
146 return (ssldi->second == "1");