src/ssl/cert_validate_message.h

   1 /*
   2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H
  10 #define SQUID_SSL_CERT_VALIDATE_MESSAGE_H
  11
  12 #include "base/RefCount.h"
  13 #include "helper/ResultCode.h"
  14 #include "ssl/crtd_message.h"
  15 #include "ssl/support.h"
  16
  17 #include <vector>
  18
  19 namespace Ssl
  20 {
  21
  22 /**
  23  * This class is used to hold the required information to build
  24  * a request message for the certificate validator helper
  25  */
  26 class CertValidationRequest
  27 {
  28 public:
  29     Security::SessionPointer ssl;
  30     Security::CertErrors *errors = nullptr; ///< The list of errors detected
  31     std::string domainName; ///< The server name
  32 };
  33
  34 /**
  35  * This class is used to store information found in certificate validation
  36  * response messages read from certificate validator helper
  37  */
  38 class CertValidationResponse: public RefCountable
  39 {
  40 public:
  41     typedef RefCount<CertValidationResponse> Pointer;
  42
  43     /**
  44      * This class used to hold error information returned from
  45      * cert validator helper.
  46      */
  47     class  RecvdError
  48     {
  49     public:
  50         void setCert(X509 *);  ///< Sets cert to the given certificate
  51         int id = 0; ///<  The id of the error
  52         Security::ErrorCode error_no = 0; ///< The OpenSSL error code
  53         std::string error_reason; ///< A string describing the error
  54         Security::CertPointer cert; ///< The broken certificate
  55         int error_depth = -1; ///< The error depth
  56     };
  57
  58     typedef std::vector<RecvdError> RecvdErrors;
  59     explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {}
  60
  61     static uint64_t MemoryUsedByResponse(const CertValidationResponse::Pointer &);
  62
  63     /// Search in errors list for the error item with id=errorId.
  64     /// If none found a new RecvdError item added with the given id;
  65     RecvdError &getError(int errorId);
  66     RecvdErrors errors; ///< The list of parsed errors
  67     Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code
  68     Security::SessionPointer ssl;
  69 };
  70
  71 /**
  72  * This class is responsible for composing or parsing messages destined to
  73  * or coming from a certificate validation helper.
  74  * The messages format is:
  75 \verbatim
  76    response/request-code SP body-length SP [key=value ...] EOL
  77 \endverbatim
  78  * \note EOL for this interface is character 0x01
  79  */
  80 class CertValidationMsg : public CrtdMessage
  81 {
  82 private:
  83     /**
  84      * This class used to hold the certId/cert pairs found
  85      * in cert validation messages.
  86      */
  87     class CertItem
  88     {
  89     public:
  90         std::string name; ///< The certificate Id to use
  91         Security::CertPointer cert;       ///< A pointer to certificate
  92         void setCert(X509 *); ///< Sets cert to the given certificate
  93     };
  94
  95 public:
  96     CertValidationMsg(MessageKind kind): CrtdMessage(kind) {}
  97
  98     /// Build a request message for the cert validation helper
  99     /// using information provided by vcert object
 100     void composeRequest(CertValidationRequest const &vcert);
 101
 102     /// Parse a response message and fill the resp object with parsed information
 103     bool parseResponse(CertValidationResponse &resp, std::string &error);
 104
 105     /// Search a CertItems list for the certificate with ID "name"
 106     X509 *getCertByName(std::vector<CertItem> const &, std::string const & name);
 107
 108     /// String code for "cert_validate" messages
 109     static const std::string code_cert_validate;
 110     /// Parameter name for passing intended domain name
 111     static const std::string param_domain;
 112     /// Parameter name for passing SSL certificates
 113     static const std::string param_cert;
 114     /// Parameter name for passing the major SSL error
 115     static const std::string param_error_name;
 116     /// Parameter name for passing the error reason
 117     static const std::string param_error_reason;
 118     /// Parameter name for passing the error cert ID
 119     static const std::string param_error_cert;
 120     /// Parameter name for passing the error depth
 121     static const std::string param_error_depth;
 122     /// Parameter name for SSL version
 123     static const std::string param_proto_version;
 124     /// Parameter name for SSL cipher
 125     static const std::string param_cipher;
 126 };
 127
 128 }//namespace Ssl
 129
 130 #endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H
 131