X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fssl.h;h=4c877551d61f59ab951042682a8f59e0c665f115;hb=a5d110282a864fd2e91b51ce360a977cd0643657;hp=e636aad46b379144f243847a36891d47b3b576e7;hpb=4836a01a64ed42652c9f4c498e8547c23f24827a;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/ssl.h b/src/modules/ssl.h index e636aad46..4c877551d 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -1,16 +1,28 @@ -#ifndef __SSL_CERT_H__ -#define __SSL_CERT_H__ +/* + * InspIRCd -- Internet Relay Chat Daemon + * + * Copyright (C) 2009 Daniel De Graaf + * Copyright (C) 2006 Craig Edwards + * + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ -#include -#include -/** A generic container for certificate data - */ -typedef std::map ssl_data; +#ifndef SSL_H +#define SSL_H -/** A shorthand way of representing an iterator into ssl_data - */ -typedef ssl_data::iterator ssl_data_iter; +#include +#include /** ssl_cert is a class which abstracts SSL certificate * and key information. @@ -18,37 +30,25 @@ typedef ssl_data::iterator ssl_data_iter; * Because gnutls and openssl represent key information in * wildly different ways, this class allows it to be accessed * in a unified manner. These classes are attached to ssl- - * connected local users using Extensible::Extend() and the - * key 'ssl_cert'. + * connected local users using SSLCertExt */ -class ssl_cert +class ssl_cert : public refcountbase { - /** Always contains an empty string - */ - const std::string empty; - public: - /** The data for this certificate - */ - ssl_data data; + std::string dn; + std::string issuer; + std::string error; + std::string fingerprint; + bool trusted, invalid, unknownsigner, revoked; + + ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {} - /** Default constructor, initializes 'empty' - */ - ssl_cert() : empty("") - { - } - /** Get certificate distinguished name * @return Certificate DN */ const std::string& GetDN() { - ssl_data_iter ssldi = data.find("dn"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return dn; } /** Get Certificate issuer @@ -56,12 +56,7 @@ class ssl_cert */ const std::string& GetIssuer() { - ssl_data_iter ssldi = data.find("issuer"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return issuer; } /** Get error string if an error has occured @@ -70,12 +65,7 @@ class ssl_cert */ const std::string& GetError() { - ssl_data_iter ssldi = data.find("error"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return error; } /** Get key fingerprint. @@ -83,12 +73,7 @@ class ssl_cert */ const std::string& GetFingerprint() { - ssl_data_iter ssldi = data.find("fingerprint"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return fingerprint; } /** Get trust status @@ -97,12 +82,7 @@ class ssl_cert */ bool IsTrusted() { - ssl_data_iter ssldi = data.find("trusted"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return trusted; } /** Get validity status @@ -111,12 +91,7 @@ class ssl_cert */ bool IsInvalid() { - ssl_data_iter ssldi = data.find("invalid"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return invalid; } /** Get signer status @@ -125,12 +100,7 @@ class ssl_cert */ bool IsUnknownSigner() { - ssl_data_iter ssldi = data.find("unknownsigner"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return unknownsigner; } /** Get revokation status. @@ -140,51 +110,81 @@ class ssl_cert */ bool IsRevoked() { - ssl_data_iter ssldi = data.find("revoked"); + return revoked; + } + + bool IsCAVerified() + { + return trusted && !invalid && !revoked && !unknownsigner && error.empty(); + } - if (ssldi != data.end()) - return (ssldi->second == "1"); + std::string GetMetaLine() + { + std::stringstream value; + bool hasError = !error.empty(); + value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") + << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << GetError(); else - return false; + value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); + return value.str(); } }; -class ISHRequest : public Request +/** Get certificate from a socket (only useful with an SSL module) */ +struct SocketCertificateRequest : public Request { - public: - const InspSocket* Sock; + StreamSocket* const sock; + ssl_cert* cert; - ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock) + SocketCertificateRequest(StreamSocket* ss, Module* Me) + : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL) { + Send(); } -}; -class InspSocketHookRequest : public ISHRequest -{ - public: - /** Initialize request as a hook message */ - InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is) + std::string GetFingerprint() { + if (cert) + return cert->GetFingerprint(); + return ""; } }; -class InspSocketUnhookRequest : public ISHRequest +/** Get certificate from a user (requires m_sslinfo) */ +struct UserCertificateRequest : public Request { - public: - /** Initialize request as an unhook message */ - InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is) + User* const user; + ssl_cert* cert; + + UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so")) + : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL) + { + Send(); + } + + std::string GetFingerprint() { + if (cert) + return cert->GetFingerprint(); + return ""; } }; -class InspSocketNameRequest : public ISHRequest +class SSLRawSessionRequest : public Request { public: - /** Initialize request as a get name message */ - InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL) + const int fd; + void* data; + + SSLRawSessionRequest(int FD, Module* srcmod, Module* destmod) + : Request(srcmod, destmod, "GET_RAW_SSL_SESSION") + , fd(FD) + , data(NULL) { + Send(); } }; #endif -