1 // This may look like C code, but it's really -*- C++ -*-
2 /*
3  * Copyright (C) 2012 Emweb bv, Herent, Belgium.
4  *
5  * See the LICENSE file for terms of use.
6  */
7 #ifndef WT_WSSL_INFO_H_
8 #define WT_WSSL_INFO_H_
9 
10 #include <Wt/WDllDefs.h>
11 #include <Wt/WSslCertificate.h>
12 #include <Wt/WValidator.h>
13 
14 #include <string>
15 #include <vector>
16 
17 #ifndef WT_TARGET_JAVA
18 
19 namespace Wt {
20 
21 /*! \class WSslInfo Wt/WSslInfo.h Wt/WSslInfo.h.C
22  *  \brief Provides SSL information about the current session.
23  *
24  * This class provides an interface to the SSL information related
25  * to the current session. This class is returned by
26  * WEnvironment::sslInfo().
27  *
28  * Probably the most important use of this class is that it provides
29  * access to the client certificate which was presented by the
30  * client during an https handshake to authenticate the SSL session.
31  * This class collects the information on the verification that was
32  * performed by the connector (FCGI, ISAPI, the built-in webserver, ...)
33  * and presents it to the application programmer.
34  *
35  * The verification and the acceptance of the certificate has to be
36  * configured in the web server (built-in httpd, Apache, IIS, ...).
37  * When WEnvironment::sslInfo() returns a WSslInfo object, this means
38  * that the client verification has already passed the verification
39  * procedures in the webserver. This does not mean that the
40  * certificate is valid; depending on the configuration of your web
41  * server, this verification may be weak. Always check the
42  * verification result with clientVerificationResult().
43  *
44  * This class is only available when %Wt was compiled with SSL support.
45  */
46 class WT_API WSslInfo
47 {
48 public:
49   /*
50    * The WSslInfo class will usually be created by the library itself
51    * and is therefore not public API.
52    */
53   WSslInfo(const WSslCertificate &clientCertificate,
54 	   const std::vector<WSslCertificate> &clientCertificateChain,
55 	   WValidator::Result clientVerificationResult);
56 
57   /*! \brief Returns the certificate used by the client for authentication.
58    */
clientCertificate()59   const WSslCertificate &clientCertificate() const {
60     return clientCertificate_;
61   }
62 
63   /*! \brief Returns the certificate chain used for client authentication.
64    *
65    * Warning: for the ISAPI connector, the certificate chain will always be
66    * empty.
67    */
clientPemCertificateChain()68   const std::vector<WSslCertificate> &clientPemCertificateChain() const {
69     return clientCertificateChain_;
70   }
71 
72   /*! \brief Returns the result of the client certificate verification.
73    *
74    * WSslInfo (and thus Wt) by itself does not perform any validation:
75    * this task is entirely up to the web server, and this class merely
76    * reports the validation status reported by the webserver.
77    */
clientVerificationResult()78   WValidator::Result clientVerificationResult() const {
79     return clientVerificationResult_;
80   }
81 
82 private:
83   WSslCertificate              clientCertificate_;
84   std::vector<WSslCertificate> clientCertificateChain_;
85   WValidator::Result           clientVerificationResult_;
86 
87   std::string gdb() const;
88 };
89 
90 }
91 
92 #endif
93 
94 #endif // WT_WSSL_INFO_H_
95