2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SSL_CERT_VALIDATE_MESSAGE_H
10 #define SQUID_SSL_CERT_VALIDATE_MESSAGE_H
12 #include "HelperReply.h"
13 #include "ssl/crtd_message.h"
14 #include "ssl/support.h"
22 * This class is used to hold the required informations to build
23 * a request message for the certificate validator helper
25 class CertValidationRequest
29 CertErrors
*errors
; ///< The list of errors detected
30 std::string domainName
; ///< The server name
31 CertValidationRequest() : ssl(NULL
), errors(NULL
) {}
35 * This class is used to store informations found in certificate validation
36 * response messages read from certificate validator helper
38 class CertValidationResponse
42 * This class used to hold error informations returned from
43 * cert validator helper.
48 RecvdError(): id(0), error_no(SSL_ERROR_NONE
), cert(NULL
) {}
49 RecvdError(const RecvdError
&);
50 RecvdError
& operator =(const RecvdError
&);
51 void setCert(X509
*); ///< Sets cert to the given certificate
52 int id
; ///< The id of the error
53 ssl_error_t error_no
; ///< The OpenSSL error code
54 std::string error_reason
; ///< A string describing the error
55 X509_Pointer cert
; ///< The broken certificate
58 typedef std::vector
<RecvdError
> RecvdErrors
;
60 /// Search in errors list for the error item with id=errorId.
61 /// If none found a new RecvdError item added with the given id;
62 RecvdError
&getError(int errorId
);
63 RecvdErrors errors
; ///< The list of parsed errors
64 HelperReply::Result_ resultCode
; ///< The helper result code
68 * This class is responsible for composing or parsing messages destined to
69 * or comming from a cert validator helper.
70 * The messages format is:
71 * response/request-code SP body-length SP [key=value ...] \x01
73 class CertValidationMsg
: public CrtdMessage
77 * This class used to hold the certId/cert pairs found
78 * in cert validation messages.
83 std::string name
; ///< The certificate Id to use
84 X509_Pointer cert
; ///< A pointer to certificate
85 CertItem(): cert(NULL
) {}
86 CertItem(const CertItem
&);
87 CertItem
& operator =(const CertItem
&);
88 void setCert(X509
*); ///< Sets cert to the given certificate
92 CertValidationMsg(MessageKind kind
): CrtdMessage(kind
) {}
94 /// Build a request message for the cert validation helper
95 /// using informations provided by vcert object
96 void composeRequest(CertValidationRequest
const &vcert
);
98 /// Parse a response message and fill the resp object with parsed informations
99 bool parseResponse(CertValidationResponse
&resp
, STACK_OF(X509
) *peerCerts
, std::string
&error
);
101 /// Search a CertItems list for the certificate with ID "name"
102 X509
*getCertByName(std::vector
<CertItem
> const &, std::string
const & name
);
104 /// String code for "cert_validate" messages
105 static const std::string code_cert_validate
;
106 /// Parameter name for passing intended domain name
107 static const std::string param_domain
;
108 /// Parameter name for passing SSL certificates
109 static const std::string param_cert
;
110 /// Parameter name for passing the major SSL error
111 static const std::string param_error_name
;
112 /// Parameter name for passing the error reason
113 static const std::string param_error_reason
;
114 /// Parameter name for passing the error cert ID
115 static const std::string param_error_cert
;
120 #endif // SQUID_SSL_CERT_VALIDATE_MESSAGE_H