X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fssl.h;h=e66e423aabd52d2c245a8e3210af91c9132394eb;hb=cbd32e195f5f574653550a3ed4954168ace30c55;hp=4d303502e7d5ba5e849a579c5970248a14f2b6ad;hpb=3af9d9b0605a503ed16a8b8314587451979103d7;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/ssl.h b/src/modules/ssl.h index 4d303502e..e66e423aa 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -1,54 +1,47 @@ -#ifndef __SSL_CERT_H__ -#define __SSL_CERT_H__ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd: (C) 2002-2010 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits + * + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +#ifndef __SSL_H__ +#define __SSL_H__ #include #include -/** A generic container for certificate data - */ -typedef std::map ssl_data; - -/** A shorthand way of representing an iterator into ssl_data - */ -typedef ssl_data::iterator ssl_data_iter; - /** ssl_cert is a class which abstracts SSL certificate * and key information. * * Because gnutls and openssl represent key information in * wildly different ways, this class allows it to be accessed * in a unified manner. These classes are attached to ssl- - * connected local users using Extensible::Extend() and the - * key 'ssl_cert'. + * connected local users using SSLCertExt */ -class ssl_cert +class ssl_cert : public refcountbase { - /** Always contains an empty string - */ - const std::string empty; - public: - /** The data for this certificate - */ - ssl_data data; + std::string dn; + std::string issuer; + std::string error; + std::string fingerprint; + bool trusted, invalid, unknownsigner, revoked; + + ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {} - /** Default constructor, initializes 'empty' - */ - ssl_cert() : empty("") - { - } - /** Get certificate distinguished name * @return Certificate DN */ const std::string& GetDN() { - ssl_data_iter ssldi = data.find("dn"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return dn; } /** Get Certificate issuer @@ -56,12 +49,7 @@ class ssl_cert */ const std::string& GetIssuer() { - ssl_data_iter ssldi = data.find("issuer"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return issuer; } /** Get error string if an error has occured @@ -70,12 +58,7 @@ class ssl_cert */ const std::string& GetError() { - ssl_data_iter ssldi = data.find("error"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return error; } /** Get key fingerprint. @@ -83,12 +66,7 @@ class ssl_cert */ const std::string& GetFingerprint() { - ssl_data_iter ssldi = data.find("fingerprint"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return fingerprint; } /** Get trust status @@ -97,12 +75,7 @@ class ssl_cert */ bool IsTrusted() { - ssl_data_iter ssldi = data.find("trusted"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return trusted; } /** Get validity status @@ -111,12 +84,7 @@ class ssl_cert */ bool IsInvalid() { - ssl_data_iter ssldi = data.find("invalid"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return invalid; } /** Get signer status @@ -125,12 +93,7 @@ class ssl_cert */ bool IsUnknownSigner() { - ssl_data_iter ssldi = data.find("unknownsigner"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return unknownsigner; } /** Get revokation status. @@ -140,69 +103,66 @@ class ssl_cert */ bool IsRevoked() { - ssl_data_iter ssldi = data.find("revoked"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return revoked; } -}; -class ISHRequest : public Request -{ - public: - InspSocket* Sock; - - ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock) + bool IsCAVerified() { + return trusted && !invalid && !revoked && !unknownsigner && error.empty(); } -}; -class InspSocketAttachCertRequest : public ISHRequest -{ - public: - /** Initialize the request as an attach cert message */ - InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is) + std::string GetMetaLine() { + std::stringstream value; + bool hasError = error.length(); + value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") + << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << GetError(); + else + value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); + return value.str(); } }; -class InspSocketHSCompleteRequest : public ISHRequest +/** Get certificate from a socket (only useful with an SSL module) */ +struct SocketCertificateRequest : public Request { - public: - /** Initialize the request as a 'handshake complete?' message */ - InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is) + StreamSocket* const sock; + ssl_cert* cert; + + SocketCertificateRequest(StreamSocket* ss, Module* Me) + : Request(Me, ss->GetIOHook(), "GET_SSL_CERT"), sock(ss), cert(NULL) { + Send(); } -}; -class InspSocketHookRequest : public ISHRequest -{ - public: - /** Initialize request as a hook message */ - InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is) + std::string GetFingerprint() { + if (cert) + return cert->GetFingerprint(); + return ""; } }; -class InspSocketUnhookRequest : public ISHRequest +/** Get certificate from a user (requires m_sslinfo) */ +struct UserCertificateRequest : public Request { - public: - /** Initialize request as an unhook message */ - InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is) + User* const user; + ssl_cert* cert; + + UserCertificateRequest(User* u, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so")) + : Request(Me, info, "GET_USER_CERT"), user(u), cert(NULL) { + Send(); } -}; -class InspSocketNameRequest : public ISHRequest -{ - public: - /** Initialize request as a get name message */ - InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL) + std::string GetFingerprint() { + if (cert) + return cert->GetFingerprint(); + return ""; } }; #endif -