#include <map>
#include <string>
-/** A generic container for certificate data
- */
-typedef std::map<std::string,std::string> ssl_data;
-
-/** A shorthand way of representing an iterator into ssl_data
- */
-typedef ssl_data::iterator ssl_data_iter;
-
/** ssl_cert is a class which abstracts SSL certificate
* and key information.
*
* Because gnutls and openssl represent key information in
* wildly different ways, this class allows it to be accessed
* in a unified manner. These classes are attached to ssl-
- * connected local users using Extensible::Extend() and the
- * key 'ssl_cert'.
+ * connected local users using SSLCertExt
*/
-class ssl_cert : public Extensible
+class ssl_cert
{
- /** Always contains an empty string
- */
- const std::string empty;
-
public:
- /** The data for this certificate
- */
- ssl_data data;
-
- /** Default constructor, initializes 'empty'
- */
- ssl_cert() : empty("")
- {
- }
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
/** Get certificate distinguished name
* @return Certificate DN
*/
const std::string& GetDN()
{
- ssl_data_iter ssldi = data.find("dn");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return dn;
}
/** Get Certificate issuer
*/
const std::string& GetIssuer()
{
- ssl_data_iter ssldi = data.find("issuer");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return issuer;
}
/** Get error string if an error has occured
*/
const std::string& GetError()
{
- ssl_data_iter ssldi = data.find("error");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return error;
}
/** Get key fingerprint.
*/
const std::string& GetFingerprint()
{
- ssl_data_iter ssldi = data.find("fingerprint");
-
- if (ssldi != data.end())
- return ssldi->second;
- else
- return empty;
+ return fingerprint;
}
/** Get trust status
*/
bool IsTrusted()
{
- ssl_data_iter ssldi = data.find("trusted");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return trusted;
}
/** Get validity status
*/
bool IsInvalid()
{
- ssl_data_iter ssldi = data.find("invalid");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return invalid;
}
/** Get signer status
*/
bool IsUnknownSigner()
{
- ssl_data_iter ssldi = data.find("unknownsigner");
-
- if (ssldi != data.end())
- return (ssldi->second == "1");
- else
- return false;
+ return unknownsigner;
}
/** Get revokation status.
*/
bool IsRevoked()
{
- ssl_data_iter ssldi = data.find("revoked");
+ return revoked;
+ }
- if (ssldi != data.end())
- return (ssldi->second == "1");
+ std::string GetMetaLine()
+ {
+ std::stringstream value;
+ bool hasError = error.length();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
else
- return false;
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
}
};
}
};
-class BufferedSocketFingerprintRequest : public ISHRequest
+struct BufferedSocketCertificateRequest : public Request
{
- public:
- /** Initialize request as a fingerprint message */
- BufferedSocketFingerprintRequest(BufferedSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "GET_FP", is)
+ Extensible* const item;
+ ssl_cert* cert;
+ BufferedSocketCertificateRequest(Extensible* is, Module* Me, Module* Target)
+ : Request(Me, Target, "GET_CERT"), item(is), cert(NULL)
+ {
+ }
+};
+
+struct BufferedSocketFingerprintSubmission : public Request
+{
+ Extensible* const item;
+ ssl_cert* const cert;
+ BufferedSocketFingerprintSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
+ : Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
{
}
};