2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H
10 #define SQUID_SSL_CERT_VALIDATE_MESSAGE_H
12 #include "base/RefCount.h"
13 #include "helper/ResultCode.h"
14 #include "ssl/crtd_message.h"
15 #include "ssl/support.h"
23 * This class is used to hold the required information to build
24 * a request message for the certificate validator helper
26 class CertValidationRequest
29 Security::SessionPointer ssl
;
30 Security::CertErrors
*errors
= nullptr; ///< The list of errors detected
31 std::string domainName
; ///< The server name
35 * This class is used to store information found in certificate validation
36 * response messages read from certificate validator helper
38 class CertValidationResponse
: public RefCountable
41 typedef RefCount
<CertValidationResponse
> Pointer
;
44 * This class used to hold error information returned from
45 * cert validator helper.
50 void setCert(X509
*); ///< Sets cert to the given certificate
51 int id
= 0; ///< The id of the error
52 Security::ErrorCode error_no
= 0; ///< The OpenSSL error code
53 std::string error_reason
; ///< A string describing the error
54 Security::CertPointer cert
; ///< The broken certificate
55 int error_depth
= -1; ///< The error depth
58 typedef std::vector
<RecvdError
> RecvdErrors
;
59 explicit CertValidationResponse(const Security::SessionPointer
&aSession
) : ssl(aSession
) {}
61 static uint64_t MemoryUsedByResponse(const CertValidationResponse::Pointer
&);
63 /// Search in errors list for the error item with id=errorId.
64 /// If none found a new RecvdError item added with the given id;
65 RecvdError
&getError(int errorId
);
66 RecvdErrors errors
; ///< The list of parsed errors
67 Helper::ResultCode resultCode
= Helper::Unknown
; ///< The helper result code
68 Security::SessionPointer ssl
;
72 * This class is responsible for composing or parsing messages destined to
73 * or coming from a certificate validation helper.
74 * The messages format is:
76 response/request-code SP body-length SP [key=value ...] EOL
78 * \note EOL for this interface is character 0x01
80 class CertValidationMsg
: public CrtdMessage
84 * This class used to hold the certId/cert pairs found
85 * in cert validation messages.
90 std::string name
; ///< The certificate Id to use
91 Security::CertPointer cert
; ///< A pointer to certificate
92 void setCert(X509
*); ///< Sets cert to the given certificate
96 CertValidationMsg(MessageKind kind
): CrtdMessage(kind
) {}
98 /// Build a request message for the cert validation helper
99 /// using information provided by vcert object
100 void composeRequest(CertValidationRequest
const &vcert
);
102 /// Parse a response message and fill the resp object with parsed information
103 bool parseResponse(CertValidationResponse
&resp
, std::string
&error
);
105 /// Search a CertItems list for the certificate with ID "name"
106 X509
*getCertByName(std::vector
<CertItem
> const &, std::string
const & name
);
108 /// String code for "cert_validate" messages
109 static const std::string code_cert_validate
;
110 /// Parameter name for passing intended domain name
111 static const std::string param_domain
;
112 /// Parameter name for passing SSL certificates
113 static const std::string param_cert
;
114 /// Parameter name for passing the major SSL error
115 static const std::string param_error_name
;
116 /// Parameter name for passing the error reason
117 static const std::string param_error_reason
;
118 /// Parameter name for passing the error cert ID
119 static const std::string param_error_cert
;
120 /// Parameter name for passing the error depth
121 static const std::string param_error_depth
;
122 /// Parameter name for SSL version
123 static const std::string param_proto_version
;
124 /// Parameter name for SSL cipher
125 static const std::string param_cipher
;
130 #endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H