]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
a1f04d64 AR |
9 | #ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H |
10 | #define SQUID_SSL_CERT_VALIDATE_MESSAGE_H | |
11 | ||
24438ec5 | 12 | #include "helper/ResultCode.h" |
a1f04d64 | 13 | #include "ssl/crtd_message.h" |
602d9612 | 14 | #include "ssl/support.h" |
d6d0eb11 | 15 | |
a1f04d64 AR |
16 | #include <vector> |
17 | ||
22636a68 | 18 | namespace Ssl |
a1f04d64 AR |
19 | { |
20 | ||
b56756cb CT |
21 | /** |
22 | * This class is used to hold the required informations to build | |
23 | * a request message for the certificate validator helper | |
24 | */ | |
22636a68 CT |
25 | class CertValidationRequest |
26 | { | |
a1f04d64 | 27 | public: |
14798e73 | 28 | SSL *ssl; |
62a7607e | 29 | CertErrors *errors; ///< The list of errors detected |
b56756cb | 30 | std::string domainName; ///< The server name |
14798e73 | 31 | CertValidationRequest() : ssl(NULL), errors(NULL) {} |
a1f04d64 AR |
32 | }; |
33 | ||
b56756cb CT |
34 | /** |
35 | * This class is used to store informations found in certificate validation | |
36 | * response messages read from certificate validator helper | |
37 | */ | |
22636a68 CT |
38 | class CertValidationResponse |
39 | { | |
a1f04d64 | 40 | public: |
b56756cb CT |
41 | /** |
42 | * This class used to hold error informations returned from | |
43 | * cert validator helper. | |
44 | */ | |
22636a68 CT |
45 | class RecvdError |
46 | { | |
a1f04d64 | 47 | public: |
b56756cb CT |
48 | RecvdError(): id(0), error_no(SSL_ERROR_NONE), cert(NULL) {} |
49 | RecvdError(const RecvdError &); | |
d6d0eb11 | 50 | RecvdError & operator =(const RecvdError &); |
b56756cb | 51 | void setCert(X509 *); ///< Sets cert to the given certificate |
3a7d782f | 52 | int id; ///< The id of the error |
b56756cb | 53 | ssl_error_t error_no; ///< The OpenSSL error code |
3a7d782f | 54 | std::string error_reason; ///< A string describing the error |
4a77bb4e | 55 | X509_Pointer cert; ///< The broken certificate |
a1f04d64 AR |
56 | }; |
57 | ||
b56756cb | 58 | typedef std::vector<RecvdError> RecvdErrors; |
3a7d782f | 59 | |
b56756cb CT |
60 | /// Search in errors list for the error item with id=errorId. |
61 | /// If none found a new RecvdError item added with the given id; | |
62 | RecvdError &getError(int errorId); | |
63 | RecvdErrors errors; ///< The list of parsed errors | |
24438ec5 | 64 | Helper::ResultCode resultCode; ///< The helper result code |
3a7d782f CT |
65 | }; |
66 | ||
b56756cb CT |
67 | /** |
68 | * This class is responsible for composing or parsing messages destined to | |
69 | * or comming from a cert validator helper. | |
70 | * The messages format is: | |
d6d0eb11 | 71 | * response/request-code SP body-length SP [key=value ...] \x01 |
b56756cb | 72 | */ |
d6d0eb11 | 73 | class CertValidationMsg : public CrtdMessage |
22636a68 | 74 | { |
3a7d782f | 75 | private: |
b56756cb CT |
76 | /** |
77 | * This class used to hold the certId/cert pairs found | |
78 | * in cert validation messages. | |
79 | */ | |
22636a68 CT |
80 | class CertItem |
81 | { | |
a1f04d64 | 82 | public: |
b56756cb | 83 | std::string name; ///< The certificate Id to use |
4a77bb4e | 84 | X509_Pointer cert; ///< A pointer to certificate |
a1f04d64 AR |
85 | CertItem(): cert(NULL) {} |
86 | CertItem(const CertItem &); | |
d6d0eb11 | 87 | CertItem & operator =(const CertItem &); |
b56756cb | 88 | void setCert(X509 *); ///< Sets cert to the given certificate |
a1f04d64 | 89 | }; |
b56756cb | 90 | |
a1f04d64 | 91 | public: |
53251bc3 | 92 | CertValidationMsg(MessageKind kind): CrtdMessage(kind) {} |
b56756cb CT |
93 | |
94 | /// Build a request message for the cert validation helper | |
95 | /// using informations provided by vcert object | |
96 | void composeRequest(CertValidationRequest const &vcert); | |
97 | ||
98 | /// Parse a response message and fill the resp object with parsed informations | |
99 | bool parseResponse(CertValidationResponse &resp, STACK_OF(X509) *peerCerts, std::string &error); | |
100 | ||
101 | /// Search a CertItems list for the certificate with ID "name" | |
102 | X509 *getCertByName(std::vector<CertItem> const &, std::string const & name); | |
a1f04d64 AR |
103 | |
104 | /// String code for "cert_validate" messages | |
105 | static const std::string code_cert_validate; | |
106 | /// Parameter name for passing intended domain name | |
107 | static const std::string param_domain; | |
a1f04d64 | 108 | /// Parameter name for passing SSL certificates |
22636a68 | 109 | static const std::string param_cert; |
a1f04d64 | 110 | /// Parameter name for passing the major SSL error |
22636a68 | 111 | static const std::string param_error_name; |
a1f04d64 | 112 | /// Parameter name for passing the error reason |
22636a68 | 113 | static const std::string param_error_reason; |
a1f04d64 AR |
114 | /// Parameter name for passing the error cert ID |
115 | static const std::string param_error_cert; | |
6e325882 CT |
116 | /// Parameter name for SSL version |
117 | static const std::string param_proto_version; | |
118 | /// Parameter name for SSL cipher | |
119 | static const std::string param_cipher; | |
a1f04d64 AR |
120 | }; |
121 | ||
122 | }//namespace Ssl | |
d6d0eb11 | 123 | |
a1f04d64 | 124 | #endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H |
f53969cc | 125 |