Create SSLIOHook interface that provides GetCertificate()

2 files changed, 65 insertions, 10 deletions

diff --git a/include/iohook.h b/include/iohook.h
index 87403681d..7c3a0faee 100644
--- a/include/iohook.h
+++ b/include/iohook.h
@@ -24,8 +24,16 @@ class StreamSocket;
 class IOHook : public ServiceProvider
 {
  public:
-	IOHook(Module* mod, const std::string& Name)
-		: ServiceProvider(mod, Name, SERVICE_IOHOOK) { }
+	enum Type
+	{
+		IOH_UNKNOWN,
+		IOH_SSL
+	};
+
+	const Type type;
+
+	IOHook(Module* mod, const std::string& Name, Type hooktype = IOH_UNKNOWN)
+		: ServiceProvider(mod, Name, SERVICE_IOHOOK), type(hooktype) { }
 
 	/** Called immediately after any connection is accepted. This is intended for raw socket
 	 * processing (e.g. modules which wrap the tcp connection within another library) and provides
diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index a45121537..9830b1ca6 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -132,20 +132,67 @@ class ssl_cert : public refcountbase
 	}
 };
 
-/** Get certificate from a socket (only useful with an SSL module) */
-struct SocketCertificateRequest : public Request
+class SSLIOHook : public IOHook
 {
-	StreamSocket* const sock;
-	ssl_cert* cert;
+ public:
+	SSLIOHook(Module* mod, const std::string& Name)
+		: IOHook(mod, Name, IOHook::IOH_SSL)
+	{
+	}
+
+	/**
+	 * Get the client certificate from a socket
+	 * @param sock The socket to get the certificate from, must be using this IOHook
+	 * @return The SSL client certificate information
+	 */
+	virtual ssl_cert* GetCertificate(StreamSocket* sock) = 0;
 
-	SocketCertificateRequest(StreamSocket* ss, Module* Me)
-		: Request(Me, (ss->GetIOHook() ? (Module*)ss->GetIOHook()->creator : NULL), "GET_SSL_CERT"), sock(ss), cert(NULL)
+	/**
+	 * Get the fingerprint of a client certificate from a socket
+	 * @param sock The socket to get the certificate fingerprint from, must be using this IOHook
+	 * @return The fingerprint of the SSL client certificate sent by the peer,
+	 * empty if no cert was sent
+	 */
+	std::string GetFingerprint(StreamSocket* sock)
 	{
-		Send();
+		ssl_cert* cert = GetCertificate(sock);
+		if (cert)
+			return cert->GetFingerprint();
+		return "";
 	}
+};
 
-	std::string GetFingerprint()
+/** Helper functions for obtaining SSL client certificates and key fingerprints
+ * from StreamSockets
+ */
+class SSLClientCert
+{
+ public:
+ 	/**
+	 * Get the client certificate from a socket
+	 * @param sock The socket to get the certificate from, the socket does not have to use SSL
+	 * @return The SSL client certificate information, NULL if the peer is not using SSL
+	 */
+	static ssl_cert* GetCertificate(StreamSocket* sock)
+	{
+		IOHook* iohook = sock->GetIOHook();
+		if ((!iohook) || (iohook->type != IOHook::IOH_SSL))
+			return NULL;
+
+		SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook);
+		return ssliohook->GetCertificate(sock);
+	}
+
+	/**
+	 * Get the fingerprint of a client certificate from a socket
+	 * @param sock The socket to get the certificate fingerprint from, the
+	 * socket does not have to use SSL
+	 * @return The key fingerprint from the SSL certificate sent by the peer,
+	 * empty if no cert was sent or the peer is not using SSL
+	 */
+	static std::string GetFingerprint(StreamSocket* sock)
 	{
+		ssl_cert* cert = SSLClientCert::GetCertificate(sock);
 		if (cert)
 			return cert->GetFingerprint();
 		return "";