Move this

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5891 e03df62e-2008-0410-955e-edbf42e46eb7
author: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2006-12-09 19:26:27 +0000
committer: brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> 2006-12-09 19:26:27 +0000
commit: 4836a01a64ed42652c9f4c498e8547c23f24827a (patch)
tree: ad7a950dfd76af141c7446a43716433688e16c8b /src/modules/ssl.h
parent: f559b94fa33063e02b67fe589af04fddc20325ef (diff)
1 files changed, 190 insertions, 0 deletions
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
new file mode 100644
index 000000000..e636aad46
--- /dev/null
+++ b/src/modules/ssl.h
@@ -0,0 +1,190 @@
+#ifndef __SSL_CERT_H__
+#define __SSL_CERT_H__
+
+#include <map>
+#include <string>
+
+/** A generic container for certificate data
+ */
+typedef std::map<std::string,std::string> ssl_data;
+
+/** A shorthand way of representing an iterator into ssl_data
+ */
+typedef ssl_data::iterator ssl_data_iter;
+
+/** ssl_cert is a class which abstracts SSL certificate
+ * and key information.
+ *
+ * Because gnutls and openssl represent key information in
+ * wildly different ways, this class allows it to be accessed
+ * in a unified manner. These classes are attached to ssl-
+ * connected local users using Extensible::Extend() and the
+ * key 'ssl_cert'.
+ */
+class ssl_cert
+{
+	/** Always contains an empty string
+	 */
+	const std::string empty;
+
+ public:
+	/** The data for this certificate
+	 */
+	ssl_data data;
+
+	/** Default constructor, initializes 'empty'
+	 */
+	ssl_cert() : empty("")
+	{
+	}
+	
+	/** Get certificate distinguished name
+	 * @return Certificate DN
+	 */
+	const std::string& GetDN()
+	{
+		ssl_data_iter ssldi = data.find("dn");
+
+		if (ssldi != data.end())
+			return ssldi->second;
+		else
+			return empty;
+	}
+
+	/** Get Certificate issuer
+	 * @return Certificate issuer
+	 */
+	const std::string& GetIssuer()
+	{
+		ssl_data_iter ssldi = data.find("issuer");
+
+		if (ssldi != data.end())
+			return ssldi->second;
+		else
+			return empty;
+	}
+
+	/** Get error string if an error has occured
+	 * @return The error associated with this users certificate,
+	 * or an empty string if there is no error.
+	 */
+	const std::string& GetError()
+	{
+		ssl_data_iter ssldi = data.find("error");
+
+		if (ssldi != data.end())
+			return ssldi->second;
+		else
+			return empty;
+	}
+
+	/** Get key fingerprint.
+	 * @return The key fingerprint as a hex string.
+	 */
+	const std::string& GetFingerprint()
+	{
+		ssl_data_iter ssldi = data.find("fingerprint");
+
+		if (ssldi != data.end())
+			return ssldi->second;
+		else
+			return empty;
+	}
+
+	/** Get trust status
+	 * @return True if this is a trusted certificate
+	 * (the certificate chain validates)
+	 */
+	bool IsTrusted()
+	{
+		ssl_data_iter ssldi = data.find("trusted");
+
+		if (ssldi != data.end())
+			return (ssldi->second == "1");
+		else
+			return false;
+	}
+
+	/** Get validity status
+	 * @return True if the certificate itself is
+	 * correctly formed.
+	 */
+	bool IsInvalid()
+	{
+		ssl_data_iter ssldi = data.find("invalid");
+
+		if (ssldi != data.end())
+			return (ssldi->second == "1");
+		else
+			return false;
+	}
+
+	/** Get signer status
+	 * @return True if the certificate appears to be
+	 * self-signed.
+	 */
+	bool IsUnknownSigner()
+	{
+		ssl_data_iter ssldi = data.find("unknownsigner");
+
+		if (ssldi != data.end())
+			return (ssldi->second == "1");
+		else
+			return false;
+	}
+
+	/** Get revokation status.
+	 * @return True if the certificate is revoked.
+	 * Note that this only works properly for GnuTLS
+	 * right now.
+	 */
+	bool IsRevoked()
+	{
+		ssl_data_iter ssldi = data.find("revoked");
+
+		if (ssldi != data.end())
+			return (ssldi->second == "1");
+		else
+			return false;
+	}
+};
+
+class ISHRequest : public Request
+{
+ public:
+	const InspSocket* Sock;
+
+	ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)
+	{
+	}
+};
+
+class InspSocketHookRequest : public ISHRequest
+{
+ public:
+	/** Initialize request as a hook message */
+	InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is)
+	{
+	}
+};
+
+class InspSocketUnhookRequest : public ISHRequest
+{
+ public:
+	/** Initialize request as an unhook message */
+	InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is)
+	{
+	}
+};
+
+class InspSocketNameRequest : public ISHRequest
+{
+ public:
+	/** Initialize request as a get name message */
+	InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL)
+	{
+	}
+};
+
+#endif
+
author	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2006-12-09 19:26:27 +0000
committer	brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>	2006-12-09 19:26:27 +0000
commit	4836a01a64ed42652c9f4c498e8547c23f24827a (patch)
tree	ad7a950dfd76af141c7446a43716433688e16c8b /src/modules/ssl.h
parent	f559b94fa33063e02b67fe589af04fddc20325ef (diff)