-#ifndef __SSL_CERT_H__
-#define __SSL_CERT_H__
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd: (C) 2002-2009 InspIRCd Development Team
+ * See: http://wiki.inspircd.org/Credits
+ *
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+#ifndef __SSL_H__
+#define __SSL_H__
#include <map>
#include <string>
-/** A generic container for certificate data
- */
-typedef std::map<std::string,std::string> ssl_data;
-
-/** A shorthand way of representing an iterator into ssl_data
- */
-typedef ssl_data::iterator ssl_data_iter;
-
/** ssl_cert is a class which abstracts SSL certificate
* and key information.
*
* Because gnutls and openssl represent key information in
* wildly different ways, this class allows it to be accessed
* in a unified manner. These classes are attached to ssl-
- * connected local users using Extensible::Extend() and the
- * key 'ssl_cert'.
+ * connected local users using SSLCertExt
*/
class ssl_cert
{
- /** Always contains an empty string
- */
- const std::string empty;
-
public:
- /** The data for this certificate
- */
- ssl_data data;
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
- /** Default constructor, initializes 'empty'
- */
- ssl_cert() : empty("")
- {
- }
-
/** Get certificate distinguished name
* @return Certificate DN
*/
const std::string& GetDN()
{
- ssl_data_iter ssldi = data.find("dn");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return dn;
}
/** Get Certificate issuer
*/
const std::string& GetIssuer()
{
- ssl_data_iter ssldi = data.find("issuer");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return issuer;
}
/** Get error string if an error has occured
*/
const std::string& GetError()
{
- ssl_data_iter ssldi = data.find("error");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return error;
}
/** Get key fingerprint.
*/
const std::string& GetFingerprint()
{
- ssl_data_iter ssldi = data.find("fingerprint");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return fingerprint;
}
/** Get trust status
*/
bool IsTrusted()
{
- ssl_data_iter ssldi = data.find("trusted");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return trusted;
}
/** Get validity status
*/
bool IsInvalid()
{
- ssl_data_iter ssldi = data.find("invalid");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return invalid;
}
/** Get signer status
*/
bool IsUnknownSigner()
{
- ssl_data_iter ssldi = data.find("unknownsigner");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return unknownsigner;
}
/** Get revokation status.
*/
bool IsRevoked()
{
- ssl_data_iter ssldi = data.find("revoked");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return revoked;
}
-};
-class ISHRequest : public Request
-{
- public:
- InspSocket* Sock;
-
- ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)
- {
- }
-};
-
-class InspSocketAttachCertRequest : public ISHRequest
-{
- public:
- /** Initialize the request as an attach cert message */
- InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is)
+ std::string GetMetaLine()
{
+ std::stringstream value;
+ bool hasError = error.length();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
+ else
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
}
};
-class InspSocketHSCompleteRequest : public ISHRequest
+struct SSLCertificateRequest : public Request
{
- public:
- /** Initialize the request as a 'handshake complete?' message */
- InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is)
- {
- }
-};
+ Extensible* const item;
+ ssl_cert* cert;
-class InspSocketHookRequest : public ISHRequest
-{
- public:
- /** Initialize request as a hook message */
- InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)
+ SSLCertificateRequest(Extensible* e, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so"))
+ : Request(Me, info, "GET_CERT"), item(e), cert(NULL)
{
+ Send();
}
-};
-class InspSocketUnhookRequest : public ISHRequest
-{
- public:
- /** Initialize request as an unhook message */
- InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)
+ std::string GetFingerprint()
{
+ if (cert)
+ return cert->GetFingerprint();
+ return "";
}
};
-class InspSocketNameRequest : public ISHRequest
+struct SSLCertSubmission : public Request
{
- public:
- /** Initialize request as a get name message */
- InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)
+ Extensible* const item;
+ ssl_cert* const cert;
+ SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
+ : Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
{
+ Send();
}
};
#endif
-