-/* +------------------------------------+\r * | Inspire Internet Relay Chat Daemon |\r * +------------------------------------+\r *\r * InspIRCd: (C) 2002-2007 InspIRCd Development Team\r * See: http://www.inspircd.org/wiki/index.php/Credits\r *\r * This program is free but copyrighted software; see\r * the file COPYING for details.\r *\r * ---------------------------------------------------\r */\r\r#ifndef __TRANSPORT_H__\r#define __TRANSPORT_H__\r\r#include <map>\r#include <string>\r\r/** A generic container for certificate data\r */\rtypedef std::map<std::string,std::string> ssl_data;\r\r/** A shorthand way of representing an iterator into ssl_data\r */\rtypedef ssl_data::iterator ssl_data_iter;\r\r/** ssl_cert is a class which abstracts SSL certificate\r * and key information.\r *\r * Because gnutls and openssl represent key information in\r * wildly different ways, this class allows it to be accessed\r * in a unified manner. These classes are attached to ssl-\r * connected local users using Extensible::Extend() and the\r * key 'ssl_cert'.\r */\rclass ssl_cert\r{\r /** Always contains an empty string\r */\r const std::string empty;\r\r public:\r /** The data for this certificate\r */\r ssl_data data;\r\r /** Default constructor, initializes 'empty'\r */\r ssl_cert() : empty("")\r {\r }\r \r /** Get certificate distinguished name\r * @return Certificate DN\r */\r const std::string& GetDN()\r {\r ssl_data_iter ssldi = data.find("dn");\r\r if (ssldi != data.end())\r return ssldi->second;\r else\r return empty;\r }\r\r /** Get Certificate issuer\r * @return Certificate issuer\r */\r const std::string& GetIssuer()\r {\r ssl_data_iter ssldi = data.find("issuer");\r\r if (ssldi != data.end())\r return ssldi->second;\r else\r return empty;\r }\r\r /** Get error string if an error has occured\r * @return The error associated with this users certificate,\r * or an empty string if there is no error.\r */\r const std::string& GetError()\r {\r ssl_data_iter ssldi = data.find("error");\r\r if (ssldi != data.end())\r return ssldi->second;\r else\r return empty;\r }\r\r /** Get key fingerprint.\r * @return The key fingerprint as a hex string.\r */\r const std::string& GetFingerprint()\r {\r ssl_data_iter ssldi = data.find("fingerprint");\r\r if (ssldi != data.end())\r return ssldi->second;\r else\r return empty;\r }\r\r /** Get trust status\r * @return True if this is a trusted certificate\r * (the certificate chain validates)\r */\r bool IsTrusted()\r {\r ssl_data_iter ssldi = data.find("trusted");\r\r if (ssldi != data.end())\r return (ssldi->second == "1");\r else\r return false;\r }\r\r /** Get validity status\r * @return True if the certificate itself is\r * correctly formed.\r */\r bool IsInvalid()\r {\r ssl_data_iter ssldi = data.find("invalid");\r\r if (ssldi != data.end())\r return (ssldi->second == "1");\r else\r return false;\r }\r\r /** Get signer status\r * @return True if the certificate appears to be\r * self-signed.\r */\r bool IsUnknownSigner()\r {\r ssl_data_iter ssldi = data.find("unknownsigner");\r\r if (ssldi != data.end())\r return (ssldi->second == "1");\r else\r return false;\r }\r\r /** Get revokation status.\r * @return True if the certificate is revoked.\r * Note that this only works properly for GnuTLS\r * right now.\r */\r bool IsRevoked()\r {\r ssl_data_iter ssldi = data.find("revoked");\r\r if (ssldi != data.end())\r return (ssldi->second == "1");\r else\r return false;\r }\r};\r\r/** Used to represent a request to a transport provider module\r */\rclass ISHRequest : public Request\r{\r public:\r InspSocket* Sock;\r\r ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)\r {\r }\r};\r\r/** Used to represent a request to attach a cert to an InspSocket\r */\rclass InspSocketAttachCertRequest : public ISHRequest\r{\r public:\r /** Initialize the request as an attach cert message */\r InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is)\r {\r }\r};\r\r/** Used to check if a handshake is complete on an InspSocket yet\r */\rclass InspSocketHSCompleteRequest : public ISHRequest\r{\r public:\r /** Initialize the request as a 'handshake complete?' message */\r InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is)\r {\r }\r};\r\r/** Used to hook a transport provider to an InspSocket\r */\rclass InspSocketHookRequest : public ISHRequest\r{\r public:\r /** Initialize request as a hook message */\r InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)\r {\r }\r};\r\r/** Used to unhook a transport provider from an InspSocket\r */\rclass InspSocketUnhookRequest : public ISHRequest\r{\r public:\r /** Initialize request as an unhook message */\r InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)\r {\r }\r};\r\rclass InspSocketNameRequest : public ISHRequest\r{\r public:\r /** Initialize request as a get name message */\r InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)\r {\r }\r};\r\r#endif\r\r
\ No newline at end of file
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd: (C) 2002-2009 InspIRCd Development Team
+ * See: http://wiki.inspircd.org/Credits
+ *
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+#ifndef __TRANSPORT_H__
+#define __TRANSPORT_H__
+
+#include <map>
+#include <string>
+
+/** ssl_cert is a class which abstracts SSL certificate
+ * and key information.
+ *
+ * Because gnutls and openssl represent key information in
+ * wildly different ways, this class allows it to be accessed
+ * in a unified manner. These classes are attached to ssl-
+ * connected local users using SSLCertExt
+ */
+class ssl_cert
+{
+ public:
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
+
+ /** Get certificate distinguished name
+ * @return Certificate DN
+ */
+ const std::string& GetDN()
+ {
+ return dn;
+ }
+
+ /** Get Certificate issuer
+ * @return Certificate issuer
+ */
+ const std::string& GetIssuer()
+ {
+ return issuer;
+ }
+
+ /** Get error string if an error has occured
+ * @return The error associated with this users certificate,
+ * or an empty string if there is no error.
+ */
+ const std::string& GetError()
+ {
+ return error;
+ }
+
+ /** Get key fingerprint.
+ * @return The key fingerprint as a hex string.
+ */
+ const std::string& GetFingerprint()
+ {
+ return fingerprint;
+ }
+
+ /** Get trust status
+ * @return True if this is a trusted certificate
+ * (the certificate chain validates)
+ */
+ bool IsTrusted()
+ {
+ return trusted;
+ }
+
+ /** Get validity status
+ * @return True if the certificate itself is
+ * correctly formed.
+ */
+ bool IsInvalid()
+ {
+ return invalid;
+ }
+
+ /** Get signer status
+ * @return True if the certificate appears to be
+ * self-signed.
+ */
+ bool IsUnknownSigner()
+ {
+ return unknownsigner;
+ }
+
+ /** Get revokation status.
+ * @return True if the certificate is revoked.
+ * Note that this only works properly for GnuTLS
+ * right now.
+ */
+ bool IsRevoked()
+ {
+ return revoked;
+ }
+
+ std::string GetMetaLine()
+ {
+ std::stringstream value;
+ bool hasError = error.length();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
+ else
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
+ }
+};
+
+/** Used to represent a request to a transport provider module
+ */
+class ISHRequest : public Request
+{
+ public:
+ BufferedSocket* Sock;
+
+ ISHRequest(Module* Me, Module* Target, const char* rtype, BufferedSocket* sock) : Request(Me, Target, rtype), Sock(sock)
+ {
+ }
+};
+
+/** Used to represent a request to attach a cert to an BufferedSocket
+ */
+class BufferedSocketAttachCertRequest : public ISHRequest
+{
+ public:
+ /** Initialize the request as an attach cert message */
+ BufferedSocketAttachCertRequest(BufferedSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is)
+ {
+ }
+};
+
+/** Used to check if a handshake is complete on an BufferedSocket yet
+ */
+class BufferedSocketHSCompleteRequest : public ISHRequest
+{
+ public:
+ /** Initialize the request as a 'handshake complete?' message */
+ BufferedSocketHSCompleteRequest(BufferedSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is)
+ {
+ }
+};
+
+/** Used to hook a transport provider to an BufferedSocket
+ */
+class BufferedSocketHookRequest : public ISHRequest
+{
+ public:
+ /** Initialize request as a hook message */
+ BufferedSocketHookRequest(BufferedSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)
+ {
+ }
+};
+
+/** Used to unhook a transport provider from an BufferedSocket
+ */
+class BufferedSocketUnhookRequest : public ISHRequest
+{
+ public:
+ /** Initialize request as an unhook message */
+ BufferedSocketUnhookRequest(BufferedSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)
+ {
+ }
+};
+
+class BufferedSocketNameRequest : public ISHRequest
+{
+ public:
+ /** Initialize request as a get name message */
+ BufferedSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)
+ {
+ }
+};
+
+struct BufferedSocketCertificateRequest : public Request
+{
+ Extensible* const item;
+ ssl_cert* cert;
+ BufferedSocketCertificateRequest(Extensible* is, Module* Me, Module* Target)
+ : Request(Me, Target, "GET_CERT"), item(is), cert(NULL)
+ {
+ }
+};
+
+struct BufferedSocketFingerprintSubmission : public Request
+{
+ Extensible* const item;
+ ssl_cert* const cert;
+ BufferedSocketFingerprintSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
+ : Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
+ {
+ }
+};
+
+#endif
projects / user / henk / code / inspircd.git / blobdiff