]>
Commit | Line | Data |
---|---|---|
bbc27441 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
bbc27441 AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
a1f04d64 AR |
9 | #ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H |
10 | #define SQUID_SSL_CERT_VALIDATE_MESSAGE_H | |
11 | ||
0e208dad | 12 | #include "base/RefCount.h" |
24438ec5 | 13 | #include "helper/ResultCode.h" |
a1f04d64 | 14 | #include "ssl/crtd_message.h" |
602d9612 | 15 | #include "ssl/support.h" |
d6d0eb11 | 16 | |
a1f04d64 AR |
17 | #include <vector> |
18 | ||
22636a68 | 19 | namespace Ssl |
a1f04d64 AR |
20 | { |
21 | ||
b56756cb CT |
22 | /** |
23 | * This class is used to hold the required informations to build | |
24 | * a request message for the certificate validator helper | |
25 | */ | |
22636a68 CT |
26 | class CertValidationRequest |
27 | { | |
a1f04d64 | 28 | public: |
0b168d25 AJ |
29 | Security::SessionPointer ssl; |
30 | Security::CertErrors *errors = nullptr; ///< The list of errors detected | |
b56756cb | 31 | std::string domainName; ///< The server name |
a1f04d64 AR |
32 | }; |
33 | ||
b56756cb CT |
34 | /** |
35 | * This class is used to store informations found in certificate validation | |
36 | * response messages read from certificate validator helper | |
37 | */ | |
0e208dad | 38 | class CertValidationResponse: public RefCountable |
22636a68 | 39 | { |
a1f04d64 | 40 | public: |
0e208dad CT |
41 | typedef RefCount<CertValidationResponse> Pointer; |
42 | ||
b56756cb CT |
43 | /** |
44 | * This class used to hold error informations returned from | |
45 | * cert validator helper. | |
46 | */ | |
22636a68 CT |
47 | class RecvdError |
48 | { | |
a1f04d64 | 49 | public: |
b4e6a8d4 | 50 | RecvdError(): id(0), error_no(SSL_ERROR_NONE), cert(NULL), error_depth(-1) {} |
b56756cb | 51 | RecvdError(const RecvdError &); |
d6d0eb11 | 52 | RecvdError & operator =(const RecvdError &); |
b56756cb | 53 | void setCert(X509 *); ///< Sets cert to the given certificate |
3a7d782f | 54 | int id; ///< The id of the error |
13cd7dee | 55 | Security::ErrorCode error_no; ///< The OpenSSL error code |
3a7d782f | 56 | std::string error_reason; ///< A string describing the error |
f97700a0 | 57 | Security::CertPointer cert; ///< The broken certificate |
b4e6a8d4 | 58 | int error_depth; ///< The error depth |
a1f04d64 AR |
59 | }; |
60 | ||
b56756cb | 61 | typedef std::vector<RecvdError> RecvdErrors; |
8fe1a85a | 62 | explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {} |
b56756cb CT |
63 | /// Search in errors list for the error item with id=errorId. |
64 | /// If none found a new RecvdError item added with the given id; | |
65 | RecvdError &getError(int errorId); | |
66 | RecvdErrors errors; ///< The list of parsed errors | |
4224ea13 | 67 | Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code |
8fe1a85a | 68 | Security::SessionPointer ssl; |
3a7d782f CT |
69 | }; |
70 | ||
b56756cb CT |
71 | /** |
72 | * This class is responsible for composing or parsing messages destined to | |
f439fbd2 | 73 | * or comming from a certificate validation helper. |
b56756cb | 74 | * The messages format is: |
f439fbd2 AJ |
75 | \verbatim |
76 | response/request-code SP body-length SP [key=value ...] EOL | |
77 | \endverbatim | |
78 | * \note EOL for this interface is character 0x01 | |
b56756cb | 79 | */ |
d6d0eb11 | 80 | class CertValidationMsg : public CrtdMessage |
22636a68 | 81 | { |
3a7d782f | 82 | private: |
b56756cb CT |
83 | /** |
84 | * This class used to hold the certId/cert pairs found | |
85 | * in cert validation messages. | |
86 | */ | |
22636a68 CT |
87 | class CertItem |
88 | { | |
a1f04d64 | 89 | public: |
b56756cb | 90 | std::string name; ///< The certificate Id to use |
f97700a0 | 91 | Security::CertPointer cert; ///< A pointer to certificate |
a1f04d64 AR |
92 | CertItem(): cert(NULL) {} |
93 | CertItem(const CertItem &); | |
d6d0eb11 | 94 | CertItem & operator =(const CertItem &); |
b56756cb | 95 | void setCert(X509 *); ///< Sets cert to the given certificate |
a1f04d64 | 96 | }; |
b56756cb | 97 | |
a1f04d64 | 98 | public: |
53251bc3 | 99 | CertValidationMsg(MessageKind kind): CrtdMessage(kind) {} |
b56756cb CT |
100 | |
101 | /// Build a request message for the cert validation helper | |
102 | /// using informations provided by vcert object | |
103 | void composeRequest(CertValidationRequest const &vcert); | |
104 | ||
105 | /// Parse a response message and fill the resp object with parsed informations | |
8fe1a85a | 106 | bool parseResponse(CertValidationResponse &resp, std::string &error); |
b56756cb CT |
107 | |
108 | /// Search a CertItems list for the certificate with ID "name" | |
109 | X509 *getCertByName(std::vector<CertItem> const &, std::string const & name); | |
a1f04d64 AR |
110 | |
111 | /// String code for "cert_validate" messages | |
112 | static const std::string code_cert_validate; | |
113 | /// Parameter name for passing intended domain name | |
114 | static const std::string param_domain; | |
a1f04d64 | 115 | /// Parameter name for passing SSL certificates |
22636a68 | 116 | static const std::string param_cert; |
a1f04d64 | 117 | /// Parameter name for passing the major SSL error |
22636a68 | 118 | static const std::string param_error_name; |
a1f04d64 | 119 | /// Parameter name for passing the error reason |
22636a68 | 120 | static const std::string param_error_reason; |
a1f04d64 AR |
121 | /// Parameter name for passing the error cert ID |
122 | static const std::string param_error_cert; | |
b4e6a8d4 CT |
123 | /// Parameter name for passing the error depth |
124 | static const std::string param_error_depth; | |
6e325882 CT |
125 | /// Parameter name for SSL version |
126 | static const std::string param_proto_version; | |
127 | /// Parameter name for SSL cipher | |
128 | static const std::string param_cipher; | |
a1f04d64 AR |
129 | }; |
130 | ||
131 | }//namespace Ssl | |
d6d0eb11 | 132 | |
a1f04d64 | 133 | #endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H |
f53969cc | 134 |