1 /* +------------------------------------+
2 * | Inspire Internet Relay Chat Daemon |
3 * +------------------------------------+
5 * InspIRCd: (C) 2002-2010 InspIRCd Development Team
6 * See: http://wiki.inspircd.org/Credits
8 * This program is free but copyrighted software; see
9 * the file COPYING for details.
11 * ---------------------------------------------------
20 /** ssl_cert is a class which abstracts SSL certificate
21 * and key information.
23 * Because gnutls and openssl represent key information in
24 * wildly different ways, this class allows it to be accessed
25 * in a unified manner. These classes are attached to ssl-
26 * connected local users using SSLCertExt
28 class ssl_cert : public refcountbase
34 std::string fingerprint;
35 bool trusted, invalid, unknownsigner, revoked;
37 ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
39 /** Get certificate distinguished name
40 * @return Certificate DN
42 const std::string& GetDN()
47 /** Get Certificate issuer
48 * @return Certificate issuer
50 const std::string& GetIssuer()
55 /** Get error string if an error has occured
56 * @return The error associated with this users certificate,
57 * or an empty string if there is no error.
59 const std::string& GetError()
64 /** Get key fingerprint.
65 * @return The key fingerprint as a hex string.
67 const std::string& GetFingerprint()
73 * @return True if this is a trusted certificate
74 * (the certificate chain validates)
81 /** Get validity status
82 * @return True if the certificate itself is
91 * @return True if the certificate appears to be
94 bool IsUnknownSigner()
99 /** Get revokation status.
100 * @return True if the certificate is revoked.
101 * Note that this only works properly for GnuTLS
111 return trusted && !invalid && !revoked && !unknownsigner && error.empty();
114 std::string GetMetaLine()
116 std::stringstream value;
117 bool hasError = error.length();
118 value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
119 << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
123 value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
128 /** Get certificate from a socket (only useful with an SSL module) */
129 struct SocketCertificateRequest : public Request
131 StreamSocket* const sock;
134 SocketCertificateRequest(StreamSocket* ss, Module* Me)
135 : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL)
140 std::string GetFingerprint()
143 return cert->GetFingerprint();
148 /** Get certificate from a user (requires m_sslinfo) */
149 struct UserCertificateRequest : public Request
154 UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so"))
155 : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL)
160 std::string GetFingerprint()
163 return cert->GetFingerprint();