2007-07-16 17:30:04 +00:00
|
|
|
/* +------------------------------------+
|
|
|
|
|
* | Inspire Internet Relay Chat Daemon |
|
|
|
|
|
* +------------------------------------+
|
|
|
|
|
*
|
2009-01-02 18:16:05 +00:00
|
|
|
* InspIRCd: (C) 2002-2009 InspIRCd Development Team
|
2009-03-15 12:42:35 +00:00
|
|
|
* See: http://wiki.inspircd.org/Credits
|
2007-07-16 17:30:04 +00:00
|
|
|
*
|
|
|
|
|
* This program is free but copyrighted software; see
|
|
|
|
|
* the file COPYING for details.
|
|
|
|
|
*
|
|
|
|
|
* ---------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
|
2009-10-08 23:29:21 +00:00
|
|
|
#ifndef __SSL_H__
|
|
|
|
|
#define __SSL_H__
|
2007-07-16 17:30:04 +00:00
|
|
|
|
|
|
|
|
#include <map>
|
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
/** ssl_cert is a class which abstracts SSL certificate
|
|
|
|
|
* and key information.
|
|
|
|
|
*
|
|
|
|
|
* Because gnutls and openssl represent key information in
|
|
|
|
|
* wildly different ways, this class allows it to be accessed
|
|
|
|
|
* in a unified manner. These classes are attached to ssl-
|
2009-09-13 20:30:25 +00:00
|
|
|
* connected local users using SSLCertExt
|
2007-07-16 17:30:04 +00:00
|
|
|
*/
|
2009-07-02 18:17:26 +00:00
|
|
|
class ssl_cert
|
2007-07-16 17:30:04 +00:00
|
|
|
{
|
|
|
|
|
public:
|
2009-07-02 18:17:26 +00:00
|
|
|
std::string dn;
|
|
|
|
|
std::string issuer;
|
|
|
|
|
std::string error;
|
|
|
|
|
std::string fingerprint;
|
|
|
|
|
bool trusted, invalid, unknownsigner, revoked;
|
2009-02-14 21:14:36 +00:00
|
|
|
|
2007-07-16 17:30:04 +00:00
|
|
|
/** Get certificate distinguished name
|
|
|
|
|
* @return Certificate DN
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetDN()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return dn;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get Certificate issuer
|
|
|
|
|
* @return Certificate issuer
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetIssuer()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return issuer;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get error string if an error has occured
|
|
|
|
|
* @return The error associated with this users certificate,
|
|
|
|
|
* or an empty string if there is no error.
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetError()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return error;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get key fingerprint.
|
|
|
|
|
* @return The key fingerprint as a hex string.
|
|
|
|
|
*/
|
|
|
|
|
const std::string& GetFingerprint()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return fingerprint;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get trust status
|
|
|
|
|
* @return True if this is a trusted certificate
|
|
|
|
|
* (the certificate chain validates)
|
|
|
|
|
*/
|
|
|
|
|
bool IsTrusted()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return trusted;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get validity status
|
|
|
|
|
* @return True if the certificate itself is
|
|
|
|
|
* correctly formed.
|
|
|
|
|
*/
|
|
|
|
|
bool IsInvalid()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return invalid;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get signer status
|
|
|
|
|
* @return True if the certificate appears to be
|
|
|
|
|
* self-signed.
|
|
|
|
|
*/
|
|
|
|
|
bool IsUnknownSigner()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return unknownsigner;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Get revokation status.
|
|
|
|
|
* @return True if the certificate is revoked.
|
|
|
|
|
* Note that this only works properly for GnuTLS
|
|
|
|
|
* right now.
|
|
|
|
|
*/
|
|
|
|
|
bool IsRevoked()
|
|
|
|
|
{
|
2009-07-02 18:17:26 +00:00
|
|
|
return revoked;
|
2007-07-16 17:30:04 +00:00
|
|
|
}
|
2009-07-02 18:17:33 +00:00
|
|
|
|
|
|
|
|
std::string GetMetaLine()
|
|
|
|
|
{
|
|
|
|
|
std::stringstream value;
|
|
|
|
|
bool hasError = error.length();
|
|
|
|
|
value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
|
|
|
|
|
<< (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
|
|
|
|
|
if (hasError)
|
|
|
|
|
value << GetError();
|
|
|
|
|
else
|
|
|
|
|
value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
|
|
|
|
|
return value.str();
|
|
|
|
|
}
|
2007-07-16 17:30:04 +00:00
|
|
|
};
|
|
|
|
|
|
2009-10-08 23:29:21 +00:00
|
|
|
struct SSLCertificateRequest : public Request
|
2007-07-16 17:30:04 +00:00
|
|
|
{
|
2009-10-08 23:29:21 +00:00
|
|
|
Extensible* const item;
|
|
|
|
|
ssl_cert* cert;
|
2007-07-16 17:30:04 +00:00
|
|
|
|
2009-10-25 15:21:45 +00:00
|
|
|
SSLCertificateRequest(Extensible* e, Module* Me, Module* info = ServerInstance->Modules->Find("m_sslinfo.so"))
|
|
|
|
|
: Request(Me, info, "GET_CERT"), item(e), cert(NULL)
|
|
|
|
|
{
|
|
|
|
|
Send();
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-08 23:29:21 +00:00
|
|
|
std::string GetFingerprint()
|
2009-09-13 20:30:25 +00:00
|
|
|
{
|
2009-10-08 23:29:21 +00:00
|
|
|
if (cert)
|
|
|
|
|
return cert->GetFingerprint();
|
|
|
|
|
return "";
|
2009-09-13 20:30:25 +00:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2009-10-08 23:29:21 +00:00
|
|
|
struct SSLCertSubmission : public Request
|
2009-09-13 20:30:25 +00:00
|
|
|
{
|
|
|
|
|
Extensible* const item;
|
|
|
|
|
ssl_cert* const cert;
|
2009-10-08 23:29:21 +00:00
|
|
|
SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
|
2009-09-13 20:30:25 +00:00
|
|
|
: Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
|
2009-06-07 02:57:54 +00:00
|
|
|
{
|
2009-10-08 23:29:21 +00:00
|
|
|
Send();
|
2009-06-07 02:57:54 +00:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2007-07-16 17:30:04 +00:00
|
|
|
#endif
|
