[thirdparty/squid.git] / src / ssl / cert_validate_message.h

/*
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H
#define SQUID_SSL_CERT_VALIDATE_MESSAGE_H

#include "base/RefCount.h"
#include "helper/ResultCode.h"
#include "ssl/crtd_message.h"
#include "ssl/support.h"

#include <vector>

namespace Ssl
{

/**
 * This class is used to hold the required informations to build
 * a request message for the certificate validator helper
 */
class CertValidationRequest
{
public:
    Security::SessionPointer ssl;
    Security::CertErrors *errors = nullptr; ///< The list of errors detected
    std::string domainName; ///< The server name
};

/**
 * This class is used to store informations found in certificate validation
 * response messages read from certificate validator helper
 */
class CertValidationResponse: public RefCountable
{
public:
    typedef RefCount<CertValidationResponse> Pointer;

    /**
     * This class used to hold error informations returned from
     * cert validator helper.
     */
    class  RecvdError
    {
    public:
        RecvdError(): id(0), error_no(SSL_ERROR_NONE), cert(NULL), error_depth(-1) {}
        RecvdError(const RecvdError &);
        RecvdError & operator =(const RecvdError &);
        void setCert(X509 *);  ///< Sets cert to the given certificate
        int id; ///<  The id of the error
        Security::ErrorCode error_no; ///< The OpenSSL error code
        std::string error_reason; ///< A string describing the error
        Security::CertPointer cert; ///< The broken certificate
        int error_depth; ///< The error depth
    };

    typedef std::vector<RecvdError> RecvdErrors;
    explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {}
    /// Search in errors list for the error item with id=errorId.
    /// If none found a new RecvdError item added with the given id;
    RecvdError &getError(int errorId);
    RecvdErrors errors; ///< The list of parsed errors
    Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code
    Security::SessionPointer ssl;
};

/**
 * This class is responsible for composing or parsing messages destined to
 * or comming from a certificate validation helper.
 * The messages format is:
\verbatim
   response/request-code SP body-length SP [key=value ...] EOL
\endverbatim
 * \note EOL for this interface is character 0x01
 */
class CertValidationMsg : public CrtdMessage
{
private:
    /**
     * This class used to hold the certId/cert pairs found
     * in cert validation messages.
     */
    class CertItem
    {
    public:
        std::string name; ///< The certificate Id to use
        Security::CertPointer cert;       ///< A pointer to certificate
        CertItem(): cert(NULL) {}
        CertItem(const CertItem &);
        CertItem & operator =(const CertItem &);
        void setCert(X509 *); ///< Sets cert to the given certificate
    };

public:
    CertValidationMsg(MessageKind kind): CrtdMessage(kind) {}

    /// Build a request message for the cert validation helper
    /// using informations provided by vcert object
    void composeRequest(CertValidationRequest const &vcert);

    /// Parse a response message and fill the resp object with parsed informations
    bool parseResponse(CertValidationResponse &resp, std::string &error);

    /// Search a CertItems list for the certificate with ID "name"
    X509 *getCertByName(std::vector<CertItem> const &, std::string const & name);

    /// String code for "cert_validate" messages
    static const std::string code_cert_validate;
    /// Parameter name for passing intended domain name
    static const std::string param_domain;
    /// Parameter name for passing SSL certificates
    static const std::string param_cert;
    /// Parameter name for passing the major SSL error
    static const std::string param_error_name;
    /// Parameter name for passing the error reason
    static const std::string param_error_reason;
    /// Parameter name for passing the error cert ID
    static const std::string param_error_cert;
    /// Parameter name for passing the error depth
    static const std::string param_error_depth;
    /// Parameter name for SSL version
    static const std::string param_proto_version;
    /// Parameter name for SSL cipher
    static const std::string param_cipher;
};

}//namespace Ssl

#endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H
Commit	Line	Data
bbc27441	1	/*
77b1029d	2	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
bbc27441 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
a1f04d64 AR	9	#ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H
	10	#define SQUID_SSL_CERT_VALIDATE_MESSAGE_H
	11
0e208dad	12	#include "base/RefCount.h"
24438ec5	13	#include "helper/ResultCode.h"
a1f04d64	14	#include "ssl/crtd_message.h"
602d9612	15	#include "ssl/support.h"
d6d0eb11	16
a1f04d64 AR	17	#include <vector>
a1f04d64 AR	18
22636a68	19	namespace Ssl
a1f04d64 AR	20	{
a1f04d64 AR	21
b56756cb CT	22	/**
	23	* This class is used to hold the required informations to build
	24	* a request message for the certificate validator helper
	25	*/
22636a68 CT	26	class CertValidationRequest
22636a68 CT	27	{
a1f04d64	28	public:
0b168d25 AJ	29	Security::SessionPointer ssl;
0b168d25 AJ	30	Security::CertErrors *errors = nullptr; ///< The list of errors detected
b56756cb	31	std::string domainName; ///< The server name
a1f04d64 AR	32	};
a1f04d64 AR	33
b56756cb CT	34	/**
	35	* This class is used to store informations found in certificate validation
	36	* response messages read from certificate validator helper
	37	*/
0e208dad	38	class CertValidationResponse: public RefCountable
22636a68	39	{
a1f04d64	40	public:
0e208dad CT	41	typedef RefCount<CertValidationResponse> Pointer;
0e208dad CT	42
b56756cb CT	43	/**
	44	* This class used to hold error informations returned from
	45	* cert validator helper.
	46	*/
22636a68 CT	47	class RecvdError
22636a68 CT	48	{
a1f04d64	49	public:
b4e6a8d4	50	RecvdError(): id(0), error_no(SSL_ERROR_NONE), cert(NULL), error_depth(-1) {}
b56756cb	51	RecvdError(const RecvdError &);
d6d0eb11	52	RecvdError & operator =(const RecvdError &);
b56756cb	53	void setCert(X509 *); ///< Sets cert to the given certificate
3a7d782f	54	int id; ///< The id of the error
13cd7dee	55	Security::ErrorCode error_no; ///< The OpenSSL error code
3a7d782f	56	std::string error_reason; ///< A string describing the error
f97700a0	57	Security::CertPointer cert; ///< The broken certificate
b4e6a8d4	58	int error_depth; ///< The error depth
a1f04d64 AR	59	};
a1f04d64 AR	60
b56756cb	61	typedef std::vector<RecvdError> RecvdErrors;
8fe1a85a	62	explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {}
b56756cb CT	63	/// Search in errors list for the error item with id=errorId.
	64	/// If none found a new RecvdError item added with the given id;
	65	RecvdError &getError(int errorId);
	66	RecvdErrors errors; ///< The list of parsed errors
4224ea13	67	Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code
8fe1a85a	68	Security::SessionPointer ssl;
3a7d782f CT	69	};
3a7d782f CT	70
b56756cb CT	71	/**
b56756cb CT	72	* This class is responsible for composing or parsing messages destined to
f439fbd2	73	* or comming from a certificate validation helper.
b56756cb	74	* The messages format is:
f439fbd2 AJ	75	\verbatim
	76	response/request-code SP body-length SP [key=value ...] EOL
	77	\endverbatim
	78	* \note EOL for this interface is character 0x01
b56756cb	79	*/
d6d0eb11	80	class CertValidationMsg : public CrtdMessage
22636a68	81	{
3a7d782f	82	private:
b56756cb CT	83	/**
	84	* This class used to hold the certId/cert pairs found
	85	* in cert validation messages.
	86	*/
22636a68 CT	87	class CertItem
22636a68 CT	88	{
a1f04d64	89	public:
b56756cb	90	std::string name; ///< The certificate Id to use
f97700a0	91	Security::CertPointer cert; ///< A pointer to certificate
a1f04d64 AR	92	CertItem(): cert(NULL) {}
a1f04d64 AR	93	CertItem(const CertItem &);
d6d0eb11	94	CertItem & operator =(const CertItem &);
b56756cb	95	void setCert(X509 *); ///< Sets cert to the given certificate
a1f04d64	96	};
b56756cb	97
a1f04d64	98	public:
53251bc3	99	CertValidationMsg(MessageKind kind): CrtdMessage(kind) {}
b56756cb CT	100
	101	/// Build a request message for the cert validation helper
	102	/// using informations provided by vcert object
	103	void composeRequest(CertValidationRequest const &vcert);
	104
	105	/// Parse a response message and fill the resp object with parsed informations
8fe1a85a	106	bool parseResponse(CertValidationResponse &resp, std::string &error);
b56756cb CT	107
	108	/// Search a CertItems list for the certificate with ID "name"
	109	X509 *getCertByName(std::vector<CertItem> const &, std::string const & name);
a1f04d64 AR	110
	111	/// String code for "cert_validate" messages
	112	static const std::string code_cert_validate;
	113	/// Parameter name for passing intended domain name
	114	static const std::string param_domain;
a1f04d64	115	/// Parameter name for passing SSL certificates
22636a68	116	static const std::string param_cert;
a1f04d64	117	/// Parameter name for passing the major SSL error
22636a68	118	static const std::string param_error_name;
a1f04d64	119	/// Parameter name for passing the error reason
22636a68	120	static const std::string param_error_reason;
a1f04d64 AR	121	/// Parameter name for passing the error cert ID
a1f04d64 AR	122	static const std::string param_error_cert;
b4e6a8d4 CT	123	/// Parameter name for passing the error depth
b4e6a8d4 CT	124	static const std::string param_error_depth;
6e325882 CT	125	/// Parameter name for SSL version
	126	static const std::string param_proto_version;
	127	/// Parameter name for SSL cipher
	128	static const std::string param_cipher;
a1f04d64 AR	129	};
	130
	131	}//namespace Ssl
d6d0eb11	132
a1f04d64	133	#endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H
f53969cc	134