summaryrefslogtreecommitdiff
path: root/src/modules/extra/ssl.h
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-12-09 18:52:35 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-12-09 18:52:35 +0000
commit4f20c13f6fcc038e5312a3548164a104f3a64c94 (patch)
tree8a06becfe2d853d2458e08e05cf0de10ca78bab1 /src/modules/extra/ssl.h
parent768171fef96d3e0b74b5c750e7887fc20b48331c (diff)
Rename ssl_cert.h to ssl.h, it will contain the interface for hooking inspsockets
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5888 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/extra/ssl.h')
-rw-r--r--src/modules/extra/ssl.h153
1 files changed, 153 insertions, 0 deletions
diff --git a/src/modules/extra/ssl.h b/src/modules/extra/ssl.h
new file mode 100644
index 000000000..6768a31a2
--- /dev/null
+++ b/src/modules/extra/ssl.h
@@ -0,0 +1,153 @@
+#ifndef __SSL_CERT_H__
+#define __SSL_CERT_H__
+
+#include <map>
+#include <string>
+
+/** A generic container for certificate data
+ */
+typedef std::map<std::string,std::string> ssl_data;
+
+/** A shorthand way of representing an iterator into ssl_data
+ */
+typedef ssl_data::iterator ssl_data_iter;
+
+/** ssl_cert is a class which abstracts SSL certificate
+ * and key information.
+ *
+ * Because gnutls and openssl represent key information in
+ * wildly different ways, this class allows it to be accessed
+ * in a unified manner. These classes are attached to ssl-
+ * connected local users using Extensible::Extend() and the
+ * key 'ssl_cert'.
+ */
+class ssl_cert
+{
+ /** Always contains an empty string
+ */
+ const std::string empty;
+
+ public:
+ /** The data for this certificate
+ */
+ ssl_data data;
+
+ /** Default constructor, initializes 'empty'
+ */
+ ssl_cert() : empty("")
+ {
+ }
+
+ /** Get certificate distinguished name
+ * @return Certificate DN
+ */
+ const std::string& GetDN()
+ {
+ ssl_data_iter ssldi = data.find("dn");
+
+ if (ssldi != data.end())
+ return ssldi->second;
+ else
+ return empty;
+ }
+
+ /** Get Certificate issuer
+ * @return Certificate issuer
+ */
+ const std::string& GetIssuer()
+ {
+ ssl_data_iter ssldi = data.find("issuer");
+
+ if (ssldi != data.end())
+ return ssldi->second;
+ else
+ return empty;
+ }
+
+ /** Get error string if an error has occured
+ * @return The error associated with this users certificate,
+ * or an empty string if there is no error.
+ */
+ const std::string& GetError()
+ {
+ ssl_data_iter ssldi = data.find("error");
+
+ if (ssldi != data.end())
+ return ssldi->second;
+ else
+ return empty;
+ }
+
+ /** Get key fingerprint.
+ * @return The key fingerprint as a hex string.
+ */
+ const std::string& GetFingerprint()
+ {
+ ssl_data_iter ssldi = data.find("fingerprint");
+
+ if (ssldi != data.end())
+ return ssldi->second;
+ else
+ return empty;
+ }
+
+ /** Get trust status
+ * @return True if this is a trusted certificate
+ * (the certificate chain validates)
+ */
+ bool IsTrusted()
+ {
+ ssl_data_iter ssldi = data.find("trusted");
+
+ if (ssldi != data.end())
+ return (ssldi->second == "1");
+ else
+ return false;
+ }
+
+ /** Get validity status
+ * @return True if the certificate itself is
+ * correctly formed.
+ */
+ bool IsInvalid()
+ {
+ ssl_data_iter ssldi = data.find("invalid");
+
+ if (ssldi != data.end())
+ return (ssldi->second == "1");
+ else
+ return false;
+ }
+
+ /** Get signer status
+ * @return True if the certificate appears to be
+ * self-signed.
+ */
+ bool IsUnknownSigner()
+ {
+ ssl_data_iter ssldi = data.find("unknownsigner");
+
+ if (ssldi != data.end())
+ return (ssldi->second == "1");
+ else
+ return false;
+ }
+
+ /** Get revokation status.
+ * @return True if the certificate is revoked.
+ * Note that this only works properly for GnuTLS
+ * right now.
+ */
+ bool IsRevoked()
+ {
+ ssl_data_iter ssldi = data.find("revoked");
+
+ if (ssldi != data.end())
+ return (ssldi->second == "1");
+ else
+ return false;
+ }
+};
+
+#endif
+