7 /** A generic container for certificate data
9 typedef std::map<std::string,std::string> ssl_data;
11 /** A shorthand way of representing an iterator into ssl_data
13 typedef ssl_data::iterator ssl_data_iter;
15 /** ssl_cert is a class which abstracts SSL certificate
16 * and key information.
18 * Because gnutls and openssl represent key information in
19 * wildly different ways, this class allows it to be accessed
20 * in a unified manner. These classes are attached to ssl-
21 * connected local users using Extensible::Extend() and the
26 /** Always contains an empty string
28 const std::string empty;
31 /** The data for this certificate
35 /** Default constructor, initializes 'empty'
37 ssl_cert() : empty("")
41 /** Get certificate distinguished name
42 * @return Certificate DN
44 const std::string& GetDN()
46 ssl_data_iter ssldi = data.find("dn");
48 if (ssldi != data.end())
54 /** Get Certificate issuer
55 * @return Certificate issuer
57 const std::string& GetIssuer()
59 ssl_data_iter ssldi = data.find("issuer");
61 if (ssldi != data.end())
67 /** Get error string if an error has occured
68 * @return The error associated with this users certificate,
69 * or an empty string if there is no error.
71 const std::string& GetError()
73 ssl_data_iter ssldi = data.find("error");
75 if (ssldi != data.end())
81 /** Get key fingerprint.
82 * @return The key fingerprint as a hex string.
84 const std::string& GetFingerprint()
86 ssl_data_iter ssldi = data.find("fingerprint");
88 if (ssldi != data.end())
95 * @return True if this is a trusted certificate
96 * (the certificate chain validates)
100 ssl_data_iter ssldi = data.find("trusted");
102 if (ssldi != data.end())
103 return (ssldi->second == "1");
108 /** Get validity status
109 * @return True if the certificate itself is
114 ssl_data_iter ssldi = data.find("invalid");
116 if (ssldi != data.end())
117 return (ssldi->second == "1");
122 /** Get signer status
123 * @return True if the certificate appears to be
126 bool IsUnknownSigner()
128 ssl_data_iter ssldi = data.find("unknownsigner");
130 if (ssldi != data.end())
131 return (ssldi->second == "1");
136 /** Get revokation status.
137 * @return True if the certificate is revoked.
138 * Note that this only works properly for GnuTLS
143 ssl_data_iter ssldi = data.find("revoked");
145 if (ssldi != data.end())
146 return (ssldi->second == "1");
152 class ISHRequest : public Request
155 const InspSocket* Sock;
157 ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)
162 class InspSocketHookRequest : public ISHRequest
165 /** Initialize request as a hook message */
166 InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)
171 class InspSocketUnhookRequest : public ISHRequest
174 /** Initialize request as an unhook message */
175 InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)
180 class InspSocketNameRequest : public ISHRequest
183 /** Initialize request as a get name message */
184 InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)