/* +------------------------------------+
* | Inspire Internet Relay Chat Daemon |
* +------------------------------------+
*
* InspIRCd: (C) 2002-2011 InspIRCd Development Team
* See: http://wiki.inspircd.org/Credits
*
* This program is free but copyrighted software; see
* the file COPYING for details.
*
* ---------------------------------------------------
*/
#ifndef __SSL_H__
#define __SSL_H__
#include "inspsocket.h"
#include <map>
#include <string>
/** ssl_cert is a class which abstracts SSL certificate
* and key information.
*
* Because gnutls and openssl represent key information in
* wildly different ways, this class allows it to be accessed
* in a unified manner. These classes are attached to ssl-
* connected local users using SSLCertExt
*/
class ssl_cert : public refcountbase
{
public:
std::string dn;
std::string issuer;
std::string error;
std::string fingerprint;
bool trusted, invalid, unknownsigner, revoked;
ssl_cert() : trusted(false), invalid(true), unknownsigner(true), revoked(false) {}
/** Get certificate distinguished name
* @return Certificate DN
*/
const std::string& GetDN()
{
return dn;
}
/** Get Certificate issuer
* @return Certificate issuer
*/
const std::string& GetIssuer()
{
return issuer;
}
/** Get error string if an error has occured
* @return The error associated with this users certificate,
* or an empty string if there is no error.
*/
const std::string& GetError()
{
return error;
}
/** Get key fingerprint.
* @return The key fingerprint as a hex string.
*/
const std::string& GetFingerprint()
{
return fingerprint;
}
/** Get trust status
* @return True if this is a trusted certificate
* (the certificate chain validates)
*/
bool IsTrusted()
{
return trusted;
}
/** Get validity status
* @return True if the certificate itself is
* correctly formed.
*/
bool IsInvalid()
{
return invalid;
}
/** Get signer status
* @return True if the certificate appears to be
* self-signed.
*/
bool IsUnknownSigner()
{
return unknownsigner;
}
/** Get revokation status.
* @return True if the certificate is revoked.
* Note that this only works properly for GnuTLS
* right now.
*/
bool IsRevoked()
{
return revoked;
}
bool IsCAVerified()
{
return trusted && !invalid && !revoked && !unknownsigner && error.empty();
}
std::string GetMetaLine()
{
std::stringstream value;
bool hasError = error.length();
value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
<< (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
if (hasError)
value << GetError();
else
value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
return value.str();
}
};
class SSLIOHook : public IOHook
{
public:
SSLIOHook(Module* Creator) : IOHook(Creator) {}
virtual int OnRead(StreamSocket*, std::string& recvq) = 0;
virtual int OnWrite(StreamSocket*, std::string& sendq) = 0;
virtual void OnClose(StreamSocket*) = 0;
virtual ssl_cert* GetCertificate() = 0;
};
/** Get SSL certificates from users.
* Access via dynamic_reference<UserCertificateProvider>("sslinfo")
*/
class UserCertificateProvider : public DataProvider
{
public:
UserCertificateProvider(Module* mod, const std::string& Name) : DataProvider(mod, Name) {}
virtual ssl_cert* GetCert(User* u) = 0;
virtual std::string GetFingerprint(User* u) = 0;
};
#endif