[thirdparty/squid.git] / src / acl / Certificate.cc

/*
 * DEBUG: section 28    Access Control
 * AUTHOR: Duane Wessels
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 *
 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
 */

#include "squid.h"

/* MS Visual Studio Projects are monolithic, so we need the following
 * #if to exclude the SSL code from compile process when not needed.
 */
#if USE_SSL

#include "acl/Certificate.h"
#include "acl/CertificateData.h"
#include "acl/Checklist.h"
#include "client_side.h"
#include "fde.h"
#include "globals.h"
#include "HttpRequest.h"

int
ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
{
    const int fd = checklist->fd();
    const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
    SSL *ssl = goodDescriptor ? fd_table[fd].ssl : 0;
    X509 *cert = SSL_get_peer_certificate(ssl);
    const bool res = data->match (cert);
    X509_free(cert);
    return res;
}

ACLCertificateStrategy *
ACLCertificateStrategy::Instance()
{
    return &Instance_;
}

ACLCertificateStrategy ACLCertificateStrategy::Instance_;

#endif /* USE_SSL */
Commit	Line	Data
5dee515e	1	/*
5dee515e	2	* DEBUG: section 28 Access Control
	3	* AUTHOR: Duane Wessels
	4	*
	5	* SQUID Web Proxy Cache http://www.squid-cache.org/
	6	* ----------------------------------------------------------
	7	*
	8	* Squid is the result of efforts by numerous individuals from
	9	* the Internet community; see the CONTRIBUTORS file for full
	10	* details. Many organizations have provided support for Squid's
	11	* development; see the SPONSORS file for full details. Squid is
	12	* Copyrighted (C) 2001 by the Regents of the University of
	13	* California; see the COPYRIGHT file for full details. Squid
	14	* incorporates software developed and/or copyrighted by other
	15	* sources; see the CREDITS file for full details.
	16	*
	17	* This program is free software; you can redistribute it and/or modify
	18	* it under the terms of the GNU General Public License as published by
	19	* the Free Software Foundation; either version 2 of the License, or
	20	* (at your option) any later version.
26ac0430	21	*
5dee515e	22	* This program is distributed in the hope that it will be useful,
	23	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	24	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	25	* GNU General Public License for more details.
26ac0430	26	*
5dee515e	27	* You should have received a copy of the GNU General Public License
	28	* along with this program; if not, write to the Free Software
	29	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	30	*
	31	*
	32	* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
	33	*/
	34
582c2af2	35	#include "squid.h"
454e8283	36
	37	/* MS Visual Studio Projects are monolithic, so we need the following
	38	* #if to exclude the SSL code from compile process when not needed.
	39	*/
	40	#if USE_SSL
	41
127dce76	42	#include "acl/Certificate.h"
127dce76	43	#include "acl/CertificateData.h"
602d9612	44	#include "acl/Checklist.h"
a46d2c0e	45	#include "client_side.h"
582c2af2 FC	46	#include "fde.h"
582c2af2 FC	47	#include "globals.h"
602d9612	48	#include "HttpRequest.h"
5dee515e	49
5dee515e	50	int
33810b1d	51	ACLCertificateStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
5dee515e	52	{
784054ad	53	const int fd = checklist->fd();
	54	const bool goodDescriptor = 0 <= fd && fd <= Biggest_FD;
	55	SSL *ssl = goodDescriptor ? fd_table[fd].ssl : 0;
00352183 AR	56	X509 *cert = SSL_get_peer_certificate(ssl);
	57	const bool res = data->match (cert);
	58	X509_free(cert);
	59	return res;
5dee515e	60	}
	61
	62	ACLCertificateStrategy *
	63	ACLCertificateStrategy::Instance()
	64	{
	65	return &Instance_;
	66	}
	67
	68	ACLCertificateStrategy ACLCertificateStrategy::Instance_;
454e8283	69
454e8283	70	#endif /* USE_SSL */