[thirdparty/squid.git] / src / ssl / cert_validate_message.h

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H
#define SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H

#include "base/RefCount.h"
#include "helper/ResultCode.h"
#include "ssl/crtd_message.h"
#include "ssl/support.h"

#include <vector>

namespace Ssl
{

/**
 * This class is used to hold the required information to build
 * a request message for the certificate validator helper
 */
class CertValidationRequest
{
public:
    Security::SessionPointer ssl;
    Security::CertErrors *errors = nullptr; ///< The list of errors detected
    std::string domainName; ///< The server name
};

/**
 * This class is used to store information found in certificate validation
 * response messages read from certificate validator helper
 */
class CertValidationResponse: public RefCountable
{
public:
    typedef RefCount<CertValidationResponse> Pointer;

    /**
     * This class used to hold error information returned from
     * cert validator helper.
     */
    class  RecvdError
    {
    public:
        void setCert(X509 *);  ///< Sets cert to the given certificate
        int id = 0; ///<  The id of the error
        Security::ErrorCode error_no = 0; ///< The OpenSSL error code
        std::string error_reason; ///< A string describing the error
        Security::CertPointer cert; ///< The broken certificate
        int error_depth = -1; ///< The error depth
    };

    typedef std::vector<RecvdError> RecvdErrors;
    explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {}

    static uint64_t MemoryUsedByResponse(const CertValidationResponse::Pointer &);

    /// Search in errors list for the error item with id=errorId.
    /// If none found a new RecvdError item added with the given id;
    RecvdError &getError(int errorId);
    RecvdErrors errors; ///< The list of parsed errors
    Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code
    Security::SessionPointer ssl;
};

/**
 * This class is responsible for composing or parsing messages destined to
 * or coming from a certificate validation helper.
 * The messages format is:
\verbatim
   response/request-code SP body-length SP [key=value ...] EOL
\endverbatim
 * \note EOL for this interface is character 0x01
 */
class CertValidationMsg : public CrtdMessage
{
private:
    /**
     * This class used to hold the certId/cert pairs found
     * in cert validation messages.
     */
    class CertItem
    {
    public:
        std::string name; ///< The certificate Id to use
        Security::CertPointer cert;       ///< A pointer to certificate
        void setCert(X509 *); ///< Sets cert to the given certificate
    };

public:
    CertValidationMsg(MessageKind kind): CrtdMessage(kind) {}

    /// Build a request message for the cert validation helper
    /// using information provided by vcert object
    void composeRequest(CertValidationRequest const &vcert);

    /// Parse a response message and fill the resp object with parsed information
    bool parseResponse(CertValidationResponse &resp);

    /// Search a CertItems list for the certificate with ID "name"
    X509 *getCertByName(std::vector<CertItem> const &, std::string const & name);

    /// String code for "cert_validate" messages
    static const std::string code_cert_validate;
    /// Parameter name for passing intended domain name
    static const std::string param_domain;
    /// Parameter name for passing SSL certificates
    static const std::string param_cert;
    /// Parameter name for passing the major SSL error
    static const std::string param_error_name;
    /// Parameter name for passing the error reason
    static const std::string param_error_reason;
    /// Parameter name for passing the error cert ID
    static const std::string param_error_cert;
    /// Parameter name for passing the error depth
    static const std::string param_error_depth;
    /// Parameter name for SSL version
    static const std::string param_proto_version;
    /// Parameter name for SSL cipher
    static const std::string param_cipher;

private:
    void tryParsingResponse(CertValidationResponse &);
};

}//namespace Ssl

#endif /* SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H */
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2025 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	#ifndef SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H
	10	#define SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H
	11
	12	#include "base/RefCount.h"
	13	#include "helper/ResultCode.h"
	14	#include "ssl/crtd_message.h"
	15	#include "ssl/support.h"
	16
	17	#include <vector>
	18
	19	namespace Ssl
	20	{
	21
	22	/**
	23	* This class is used to hold the required information to build
	24	* a request message for the certificate validator helper
	25	*/
	26	class CertValidationRequest
	27	{
	28	public:
	29	Security::SessionPointer ssl;
	30	Security::CertErrors *errors = nullptr; ///< The list of errors detected
	31	std::string domainName; ///< The server name
	32	};
	33
	34	/**
	35	* This class is used to store information found in certificate validation
	36	* response messages read from certificate validator helper
	37	*/
	38	class CertValidationResponse: public RefCountable
	39	{
	40	public:
	41	typedef RefCount<CertValidationResponse> Pointer;
	42
	43	/**
	44	* This class used to hold error information returned from
	45	* cert validator helper.
	46	*/
	47	class RecvdError
	48	{
	49	public:
	50	void setCert(X509 *); ///< Sets cert to the given certificate
	51	int id = 0; ///< The id of the error
	52	Security::ErrorCode error_no = 0; ///< The OpenSSL error code
	53	std::string error_reason; ///< A string describing the error
	54	Security::CertPointer cert; ///< The broken certificate
	55	int error_depth = -1; ///< The error depth
	56	};
	57
	58	typedef std::vector<RecvdError> RecvdErrors;
	59	explicit CertValidationResponse(const Security::SessionPointer &aSession) : ssl(aSession) {}
	60
	61	static uint64_t MemoryUsedByResponse(const CertValidationResponse::Pointer &);
	62
	63	/// Search in errors list for the error item with id=errorId.
	64	/// If none found a new RecvdError item added with the given id;
	65	RecvdError &getError(int errorId);
	66	RecvdErrors errors; ///< The list of parsed errors
	67	Helper::ResultCode resultCode = Helper::Unknown; ///< The helper result code
	68	Security::SessionPointer ssl;
	69	};
	70
	71	/**
	72	* This class is responsible for composing or parsing messages destined to
	73	* or coming from a certificate validation helper.
	74	* The messages format is:
	75	\verbatim
	76	response/request-code SP body-length SP [key=value ...] EOL
	77	\endverbatim
	78	* \note EOL for this interface is character 0x01
	79	*/
	80	class CertValidationMsg : public CrtdMessage
	81	{
	82	private:
	83	/**
	84	* This class used to hold the certId/cert pairs found
	85	* in cert validation messages.
	86	*/
	87	class CertItem
	88	{
	89	public:
	90	std::string name; ///< The certificate Id to use
	91	Security::CertPointer cert; ///< A pointer to certificate
	92	void setCert(X509 *); ///< Sets cert to the given certificate
	93	};
	94
	95	public:
	96	CertValidationMsg(MessageKind kind): CrtdMessage(kind) {}
	97
	98	/// Build a request message for the cert validation helper
	99	/// using information provided by vcert object
	100	void composeRequest(CertValidationRequest const &vcert);
	101
	102	/// Parse a response message and fill the resp object with parsed information
	103	bool parseResponse(CertValidationResponse &resp);
	104
	105	/// Search a CertItems list for the certificate with ID "name"
	106	X509 *getCertByName(std::vector<CertItem> const &, std::string const & name);
	107
	108	/// String code for "cert_validate" messages
	109	static const std::string code_cert_validate;
	110	/// Parameter name for passing intended domain name
	111	static const std::string param_domain;
	112	/// Parameter name for passing SSL certificates
	113	static const std::string param_cert;
	114	/// Parameter name for passing the major SSL error
	115	static const std::string param_error_name;
	116	/// Parameter name for passing the error reason
	117	static const std::string param_error_reason;
	118	/// Parameter name for passing the error cert ID
	119	static const std::string param_error_cert;
	120	/// Parameter name for passing the error depth
	121	static const std::string param_error_depth;
	122	/// Parameter name for SSL version
	123	static const std::string param_proto_version;
	124	/// Parameter name for SSL cipher
	125	static const std::string param_cipher;
	126
	127	private:
	128	void tryParsingResponse(CertValidationResponse &);
	129	};
	130
	131	}//namespace Ssl
	132
	133	#endif /* SQUID_SRC_SSL_CERT_VALIDATE_MESSAGE_H */
	134