X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=include%2Fmodules%2Fssl.h;h=0f58e0b7bfce4bf43d6c3357b052e6e900ae420c;hb=4fc2f7199e964ba5112ecdb2613c6fd5c2eee638;hp=9830b1ca6b24a8b289d03218616470be6feed47f;hpb=3d6d9cda32d72ff25cf6e624bb271b629898e018;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 9830b1ca6..0f58e0b7b 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -20,7 +20,6 @@ #pragma once -#include #include #include "iohook.h" @@ -134,28 +133,34 @@ class ssl_cert : public refcountbase class SSLIOHook : public IOHook { + protected: + /** Peer SSL certificate, set by the SSL module + */ + reference certificate; + public: - SSLIOHook(Module* mod, const std::string& Name) - : IOHook(mod, Name, IOHook::IOH_SSL) + SSLIOHook(IOHookProvider* hookprov) + : IOHook(hookprov) { } /** - * Get the client certificate from a socket - * @param sock The socket to get the certificate from, must be using this IOHook - * @return The SSL client certificate information + * Get the certificate sent by this peer + * @return The SSL certificate sent by the peer, NULL if no cert was sent */ - virtual ssl_cert* GetCertificate(StreamSocket* sock) = 0; + ssl_cert* GetCertificate() const + { + return certificate; + } /** - * Get the fingerprint of a client certificate from a socket - * @param sock The socket to get the certificate fingerprint from, must be using this IOHook + * Get the fingerprint of the peer's certificate * @return The fingerprint of the SSL client certificate sent by the peer, * empty if no cert was sent */ - std::string GetFingerprint(StreamSocket* sock) + std::string GetFingerprint() const { - ssl_cert* cert = GetCertificate(sock); + ssl_cert* cert = GetCertificate(); if (cert) return cert->GetFingerprint(); return ""; @@ -176,11 +181,11 @@ class SSLClientCert static ssl_cert* GetCertificate(StreamSocket* sock) { IOHook* iohook = sock->GetIOHook(); - if ((!iohook) || (iohook->type != IOHook::IOH_SSL)) + if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL)) return NULL; SSLIOHook* ssliohook = static_cast(iohook); - return ssliohook->GetCertificate(sock); + return ssliohook->GetCertificate(); } /** @@ -199,22 +204,43 @@ class SSLClientCert } }; -/** Get certificate from a user (requires m_sslinfo) */ -struct UserCertificateRequest : public Request +class UserCertificateAPIBase : public DataProvider { - User* const user; - ssl_cert* cert; - - UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so")) - : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL) + public: + UserCertificateAPIBase(Module* parent) + : DataProvider(parent, "m_sslinfo_api") { - Send(); } - std::string GetFingerprint() + /** Get the SSL certificate of a user + * @param user The user whose certificate to get, user may be remote + * @return The SSL certificate of the user or NULL if the user is not using SSL + */ + virtual ssl_cert* GetCertificate(User* user) = 0; + + /** Get the key fingerprint from a user's certificate + * @param user The user whose key fingerprint to get, user may be remote + * @return The key fingerprint from the user's SSL certificate or an empty string + * if the user is not using SSL or did not provide a client certificate + */ + std::string GetFingerprint(User* user) { + ssl_cert* cert = GetCertificate(user); if (cert) return cert->GetFingerprint(); return ""; } }; + +/** API implemented by m_sslinfo that allows modules to retrive the SSL certificate + * information of local and remote users. It can also be used to find out whether a + * user is using SSL or not. + */ +class UserCertificateAPI : public dynamic_reference +{ + public: + UserCertificateAPI(Module* parent) + : dynamic_reference(parent, "m_sslinfo_api") + { + } +};