diff options
Diffstat (limited to 'src/modules/ssl.h')
-rw-r--r-- | src/modules/ssl.h | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/src/modules/ssl.h b/src/modules/ssl.h new file mode 100644 index 000000000..39a7ef5f6 --- /dev/null +++ b/src/modules/ssl.h @@ -0,0 +1,150 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd: (C) 2002-2009 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits + * + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +#ifndef __SSL_H__ +#define __SSL_H__ + +#include <map> +#include <string> + +/** ssl_cert is a class which abstracts SSL certificate + * and key information. + * + * Because gnutls and openssl represent key information in + * wildly different ways, this class allows it to be accessed + * in a unified manner. These classes are attached to ssl- + * connected local users using SSLCertExt + */ +class ssl_cert +{ + public: + std::string dn; + std::string issuer; + std::string error; + std::string fingerprint; + bool trusted, invalid, unknownsigner, revoked; + + /** Get certificate distinguished name + * @return Certificate DN + */ + const std::string& GetDN() + { + return dn; + } + + /** Get Certificate issuer + * @return Certificate issuer + */ + const std::string& GetIssuer() + { + return issuer; + } + + /** Get error string if an error has occured + * @return The error associated with this users certificate, + * or an empty string if there is no error. + */ + const std::string& GetError() + { + return error; + } + + /** Get key fingerprint. + * @return The key fingerprint as a hex string. + */ + const std::string& GetFingerprint() + { + return fingerprint; + } + + /** Get trust status + * @return True if this is a trusted certificate + * (the certificate chain validates) + */ + bool IsTrusted() + { + return trusted; + } + + /** Get validity status + * @return True if the certificate itself is + * correctly formed. + */ + bool IsInvalid() + { + return invalid; + } + + /** Get signer status + * @return True if the certificate appears to be + * self-signed. + */ + bool IsUnknownSigner() + { + return unknownsigner; + } + + /** Get revokation status. + * @return True if the certificate is revoked. + * Note that this only works properly for GnuTLS + * right now. + */ + bool IsRevoked() + { + return revoked; + } + + std::string GetMetaLine() + { + std::stringstream value; + bool hasError = error.length(); + value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") + << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << GetError(); + else + value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); + return value.str(); + } +}; + +struct SSLCertificateRequest : public Request +{ + Extensible* const item; + ssl_cert* cert; + SSLCertificateRequest(StreamSocket* ss, Module* Me) + : Request(Me, ss->GetIOHook(), "GET_CERT"), item(ss), cert(NULL) + { + Send(); + } + + std::string GetFingerprint() + { + if (cert) + return cert->GetFingerprint(); + return ""; + } +}; + +struct SSLCertSubmission : public Request +{ + Extensible* const item; + ssl_cert* const cert; + SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert) + : Request(Me, Target, "SET_CERT"), item(is), cert(Cert) + { + Send(); + } +}; + +#endif |