diff options
author | lloyd <[email protected]> | 2012-01-23 23:36:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-23 23:36:19 +0000 |
commit | f34cc48100c672824aa70869adfb59669055d173 (patch) | |
tree | 6cbcd0d984b1a38b8024cf3b0642edc2a0498368 /doc/examples | |
parent | e3dc1e69f53f93e03411f258e976d2befcf45f91 (diff) |
The credentials manager interface seems a much better place for cert
checking, allowed client auth CAs, etc than the policy class. With
this change, most users won't ever need to modify the default policy
which is likely a good thing.
Remove copy and paste of the credentials manager implemenation in the
examples.
Diffstat (limited to 'doc/examples')
-rw-r--r-- | doc/examples/asio_tls_server.cpp | 56 | ||||
-rw-r--r-- | doc/examples/credentials.h | 53 | ||||
-rw-r--r-- | doc/examples/tls_client.cpp | 54 | ||||
-rw-r--r-- | doc/examples/tls_server.cpp | 55 |
4 files changed, 61 insertions, 157 deletions
diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index 90f4fc20a..1a46bc8e8 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -14,6 +14,8 @@ #include <botan/auto_rng.h> #include <botan/init.h> +#include "credentials.h" + using Botan::byte; using asio::ip::tcp; @@ -181,58 +183,6 @@ class tls_server_session : public boost::enable_shared_from_this<tls_server_sess std::vector<byte> m_outbox; }; -class Credentials_Manager_Simple : public Botan::Credentials_Manager - { - public: - Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} - - std::vector<Botan::X509_Certificate> cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - const std::string hostname = (context == "" ? "localhost" : context); - - Botan::X509_Certificate cert(hostname + ".crt"); - Botan::Private_Key* key = Botan::PKCS8::load_key(hostname + ".key", rng); - - certs_and_keys[cert] = key; - - std::vector<Botan::X509_Certificate> certs; - certs.push_back(cert); - return certs; - } - - Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - Botan::RandomNumberGenerator& rng; - std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys; - }; - -class Server_TLS_Policy : public Botan::TLS::Policy - { - public: - //bool require_client_auth() const { return true; } - - bool check_cert(const std::vector<Botan::X509_Certificate>& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - class tls_server { public: @@ -290,7 +240,7 @@ class tls_server Botan::AutoSeeded_RNG m_rng; Botan::TLS::Session_Manager_In_Memory m_session_manager; - Server_TLS_Policy m_policy; + Botan::TLS::Policy m_policy; Credentials_Manager_Simple m_creds; }; diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h new file mode 100644 index 000000000..802e3233c --- /dev/null +++ b/doc/examples/credentials.h @@ -0,0 +1,53 @@ + +#ifndef EXAMPLE_CREDENTIALS_MANAGER_H__ +#define EXAMPLE_CREDENTIALS_MANAGER_H__ + +#include <botan/credentials_manager.h> + +class Credentials_Manager_Simple : public Botan::Credentials_Manager + { + public: + Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} + + std::vector<Botan::X509_Certificate> cert_chain( + const std::string& cert_key_type, + const std::string& type, + const std::string& context) + { + std::vector<Botan::X509_Certificate> certs; + + if(type == "tls-server") + { + const std::string hostname = (context == "" ? "localhost" : context); + + Botan::X509_Certificate cert(hostname + ".crt"); + Botan::Private_Key* key = Botan::PKCS8::load_key(hostname + ".key", rng); + + certs_and_keys[cert] = key; + certs.push_back(cert); + } + else if(type == "tls-client") + { + Botan::X509_Certificate cert("user-rsa.crt"); + Botan::Private_Key* key = Botan::PKCS8::load_key("user-rsa.key", rng); + + certs_and_keys[cert] = key; + certs.push_back(cert); + } + + return certs; + } + + Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, + const std::string& type, + const std::string& context) + { + return certs_and_keys[cert]; + } + + private: + Botan::RandomNumberGenerator& rng; + std::map<Botan::X509_Certificate, Botan::Private_Key*> certs_and_keys; + }; + +#endif diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 000f63ed4..80947af62 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -16,28 +16,12 @@ #include <errno.h> #include <fcntl.h> +#include "credentials.h" + using namespace Botan; using namespace std::tr1::placeholders; -class Client_TLS_Policy : public TLS::Policy - { - public: - //Version_Code pref_version() const { return TLS_V12; } - - bool check_cert(const std::vector<X509_Certificate>& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - int connect_to_host(const std::string& host, u16bit port) { hostent* host_addr = ::gethostbyname(host.c_str()); @@ -206,38 +190,6 @@ void doit(RandomNumberGenerator& rng, ::close(sockfd); } -class Credentials_Manager_Simple : public Credentials_Manager - { - public: - Credentials_Manager_Simple(RandomNumberGenerator& rng) : rng(rng) {} - - std::vector<X509_Certificate> cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - X509_Certificate cert("user-rsa.crt"); - Private_Key* key = PKCS8::load_key("user-rsa.key", rng); - - certs_and_keys[cert] = key; - - std::vector<X509_Certificate> certs; - certs.push_back(cert); - return certs; - } - - Private_Key* private_key_for(const X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - RandomNumberGenerator& rng; - std::map<X509_Certificate, Private_Key*> certs_and_keys; - }; - int main(int argc, char* argv[]) { if(argc != 2 && argc != 3) @@ -250,7 +202,7 @@ int main(int argc, char* argv[]) { LibraryInitializer botan_init; AutoSeeded_RNG rng; - Client_TLS_Policy policy; + TLS::Policy policy; TLS::Session_Manager_In_Memory session_manager; Credentials_Manager_Simple creds(rng); diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 0f6287599..e896b5bcc 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -8,6 +8,7 @@ #include <botan/secqueue.h> #include "socket.h" +#include "credentials.h" using namespace Botan; @@ -18,40 +19,6 @@ using namespace std::tr1::placeholders; #include <iostream> #include <memory> -class Credentials_Manager_Simple : public Credentials_Manager - { - public: - Credentials_Manager_Simple(RandomNumberGenerator& rng) : rng(rng) {} - - std::vector<X509_Certificate> cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - const std::string hostname = (context == "" ? "localhost" : context); - - X509_Certificate cert(hostname + ".crt"); - Private_Key* key = PKCS8::load_key(hostname + ".key", rng); - - certs_and_keys[cert] = key; - - std::vector<X509_Certificate> certs; - certs.push_back(cert); - return certs; - } - - Private_Key* private_key_for(const X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - RandomNumberGenerator& rng; - std::map<X509_Certificate, Private_Key*> certs_and_keys; - }; - bool handshake_complete(const TLS::Session& session) { printf("Handshake complete, protocol=%04X ciphersuite=%s compression=%d\n", @@ -158,24 +125,6 @@ class Blocking_TLS_Server bool exit; }; -class Server_TLS_Policy : public TLS::Policy - { - public: - //bool require_client_auth() const { return true; } - - bool check_cert(const std::vector<X509_Certificate>& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - int main(int argc, char* argv[]) { int port = 4433; @@ -192,7 +141,7 @@ int main(int argc, char* argv[]) Server_Socket listener(port); - Server_TLS_Policy policy; + TLS::Policy policy; TLS::Session_Manager_In_Memory sessions; |