src/acl/CertificateData.h

   1 /*
   2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_ACLCERTIFICATEDATA_H
  10 #define SQUID_ACLCERTIFICATEDATA_H
  11
  12 #include "acl/Acl.h"
  13 #include "acl/Data.h"
  14 #include "acl/StringData.h"
  15 #include "security/forward.h"
  16 #include "ssl/support.h"
  17 #include <string>
  18 #include <list>
  19
  20 /// \ingroup ACLAPI
  21 class ACLCertificateData : public ACLData<X509 *>
  22 {
  23     MEMPROXY_CLASS(ACLCertificateData);
  24
  25 public:
  26     ACLCertificateData(Ssl::GETX509ATTRIBUTE *, const char *attributes, bool optionalAttr = false);
  27     bool match(X509 *) override;
  28     SBufList dump() const override;
  29     void parse() override;
  30     bool empty() const override;
  31
  32     /// A '|'-delimited list of valid ACL attributes.
  33     /// A "*" item means that any attribute is acceptable.
  34     /// Assumed to be a const-string and is never duped/freed.
  35     /// Nil unless ACL form is: acl Name type attribute value1 ...
  36     const char *validAttributesStr;
  37     /// Parsed list of valid attribute names
  38     std::list<std::string> validAttributes;
  39     /// True if the attribute is optional (-xxx options)
  40     bool attributeIsOptional;
  41     SBuf attribute;
  42     ACLStringData values;
  43
  44 private:
  45     /// The callback used to retrieve the data from X509 cert
  46     Ssl::GETX509ATTRIBUTE *sslAttributeCall;
  47 };
  48
  49 #endif /* SQUID_ACLCERTIFICATEDATA_H */
  50