-#ifndef __SSL_CERT_H__
-#define __SSL_CERT_H__
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
+ *
+ * Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
+ * Copyright (C) 2006 Craig Edwards <craigedwards@brainbox.cc>
+ *
+ * This file is part of InspIRCd. InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
-#include <map>
-#include <string>
-/** A generic container for certificate data
- */
-typedef std::map<std::string,std::string> ssl_data;
+#ifndef SSL_H
+#define SSL_H
-/** A shorthand way of representing an iterator into ssl_data
- */
-typedef ssl_data::iterator ssl_data_iter;
+#include <map>
+#include <string>
/** ssl_cert is a class which abstracts SSL certificate
* and key information.
* Because gnutls and openssl represent key information in
* wildly different ways, this class allows it to be accessed
* in a unified manner. These classes are attached to ssl-
- * connected local users using Extensible::Extend() and the
- * key 'ssl_cert'.
+ * connected local users using SSLCertExt
*/
-class ssl_cert
+class ssl_cert : public refcountbase
{
- /** Always contains an empty string
- */
- const std::string empty;
-
public:
- /** The data for this certificate
- */
- ssl_data data;
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
+
+ ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
- /** Default constructor, initializes 'empty'
- */
- ssl_cert() : empty("")
- {
- }
-
/** Get certificate distinguished name
* @return Certificate DN
*/
const std::string& GetDN()
{
- ssl_data_iter ssldi = data.find("dn");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return dn;
}
/** Get Certificate issuer
*/
const std::string& GetIssuer()
{
- ssl_data_iter ssldi = data.find("issuer");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return issuer;
}
/** Get error string if an error has occured
*/
const std::string& GetError()
{
- ssl_data_iter ssldi = data.find("error");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return error;
}
/** Get key fingerprint.
*/
const std::string& GetFingerprint()
{
- ssl_data_iter ssldi = data.find("fingerprint");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return fingerprint;
}
/** Get trust status
*/
bool IsTrusted()
{
- ssl_data_iter ssldi = data.find("trusted");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return trusted;
}
/** Get validity status
*/
bool IsInvalid()
{
- ssl_data_iter ssldi = data.find("invalid");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return invalid;
}
/** Get signer status
*/
bool IsUnknownSigner()
{
- ssl_data_iter ssldi = data.find("unknownsigner");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return unknownsigner;
}
/** Get revokation status.
*/
bool IsRevoked()
{
- ssl_data_iter ssldi = data.find("revoked");
+ return revoked;
+ }
+
+ bool IsCAVerified()
+ {
+ return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+ }
- if (ssldi != data.end())
- return (ssldi->second == "1");
+ std::string GetMetaLine()
+ {
+ std::stringstream value;
+ bool hasError = !error.empty();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
else
- return false;
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
}
};
-class ISHRequest : public Request
+/** Get certificate from a socket (only useful with an SSL module) */
+struct SocketCertificateRequest : public Request
{
- public:
- const InspSocket* Sock;
+ StreamSocket* const sock;
+ ssl_cert* cert;
- ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)
+ SocketCertificateRequest(StreamSocket* ss, Module* Me)
+ : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL)
{
+ Send();
}
-};
-class InspSocketHookRequest : public ISHRequest
-{
- public:
- /** Initialize request as a hook message */
- InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)
+ std::string GetFingerprint()
{
+ if (cert)
+ return cert->GetFingerprint();
+ return "";
}
};
-class InspSocketUnhookRequest : public ISHRequest
+/** Get certificate from a user (requires m_sslinfo) */
+struct UserCertificateRequest : public Request
{
- public:
- /** Initialize request as an unhook message */
- InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)
+ User* const user;
+ ssl_cert* cert;
+
+ UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so"))
+ : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL)
+ {
+ Send();
+ }
+
+ std::string GetFingerprint()
{
+ if (cert)
+ return cert->GetFingerprint();
+ return "";
}
};
-class InspSocketNameRequest : public ISHRequest
+class SSLRawSessionRequest : public Request
{
public:
- /** Initialize request as a get name message */
- InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)
+ const int fd;
+ void* data;
+
+ SSLRawSessionRequest(int FD, Module* srcmod, Module* destmod)
+ : Request(srcmod, destmod, "GET_RAW_SSL_SESSION")
+ , fd(FD)
+ , data(NULL)
{
+ Send();
}
};
#endif
-
projects / user / henk / code / inspircd.git / blobdiff