summaryrefslogtreecommitdiff
path: root/src/modules/ssl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/modules/ssl.h')
-rw-r--r--src/modules/ssl.h150
1 files changed, 150 insertions, 0 deletions
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
new file mode 100644
index 000000000..39a7ef5f6
--- /dev/null
+++ b/src/modules/ssl.h
@@ -0,0 +1,150 @@
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd: (C) 2002-2009 InspIRCd Development Team
+ * See: http://wiki.inspircd.org/Credits
+ *
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+#ifndef __SSL_H__
+#define __SSL_H__
+
+#include <map>
+#include <string>
+
+/** ssl_cert is a class which abstracts SSL certificate
+ * and key information.
+ *
+ * Because gnutls and openssl represent key information in
+ * wildly different ways, this class allows it to be accessed
+ * in a unified manner. These classes are attached to ssl-
+ * connected local users using SSLCertExt
+ */
+class ssl_cert
+{
+ public:
+ std::string dn;
+ std::string issuer;
+ std::string error;
+ std::string fingerprint;
+ bool trusted, invalid, unknownsigner, revoked;
+
+ /** Get certificate distinguished name
+ * @return Certificate DN
+ */
+ const std::string& GetDN()
+ {
+ return dn;
+ }
+
+ /** Get Certificate issuer
+ * @return Certificate issuer
+ */
+ const std::string& GetIssuer()
+ {
+ return issuer;
+ }
+
+ /** Get error string if an error has occured
+ * @return The error associated with this users certificate,
+ * or an empty string if there is no error.
+ */
+ const std::string& GetError()
+ {
+ return error;
+ }
+
+ /** Get key fingerprint.
+ * @return The key fingerprint as a hex string.
+ */
+ const std::string& GetFingerprint()
+ {
+ return fingerprint;
+ }
+
+ /** Get trust status
+ * @return True if this is a trusted certificate
+ * (the certificate chain validates)
+ */
+ bool IsTrusted()
+ {
+ return trusted;
+ }
+
+ /** Get validity status
+ * @return True if the certificate itself is
+ * correctly formed.
+ */
+ bool IsInvalid()
+ {
+ return invalid;
+ }
+
+ /** Get signer status
+ * @return True if the certificate appears to be
+ * self-signed.
+ */
+ bool IsUnknownSigner()
+ {
+ return unknownsigner;
+ }
+
+ /** Get revokation status.
+ * @return True if the certificate is revoked.
+ * Note that this only works properly for GnuTLS
+ * right now.
+ */
+ bool IsRevoked()
+ {
+ return revoked;
+ }
+
+ std::string GetMetaLine()
+ {
+ std::stringstream value;
+ bool hasError = error.length();
+ value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+ << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+ if (hasError)
+ value << GetError();
+ else
+ value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+ return value.str();
+ }
+};
+
+struct SSLCertificateRequest : public Request
+{
+ Extensible* const item;
+ ssl_cert* cert;
+ SSLCertificateRequest(StreamSocket* ss, Module* Me)
+ : Request(Me, ss->GetIOHook(), "GET_CERT"), item(ss), cert(NULL)
+ {
+ Send();
+ }
+
+ std::string GetFingerprint()
+ {
+ if (cert)
+ return cert->GetFingerprint();
+ return "";
+ }
+};
+
+struct SSLCertSubmission : public Request
+{
+ Extensible* const item;
+ ssl_cert* const cert;
+ SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
+ : Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
+ {
+ Send();
+ }
+};
+
+#endif