diff options
| author | Jack Lloyd <[email protected]> | 2015-08-29 12:15:25 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-08-29 12:15:25 -0400 |
| commit | 6ec30c701a38f1abc39b60d23e0442d61e80c196 (patch) | |
| tree | c0b49dec7fd763d475ba4704b9a03c9a20258261 /src/lib/tls/credentials_manager.cpp | |
| parent | 1723d63c3b9a26fadfc8c6e414f3815b30b237f1 (diff) | |
Move Credentials_Manager to TLS
Diffstat (limited to 'src/lib/tls/credentials_manager.cpp')
| -rw-r--r-- | src/lib/tls/credentials_manager.cpp | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/src/lib/tls/credentials_manager.cpp b/src/lib/tls/credentials_manager.cpp new file mode 100644 index 000000000..6443bb246 --- /dev/null +++ b/src/lib/tls/credentials_manager.cpp @@ -0,0 +1,135 @@ +/* +* Credentials Manager +* (C) 2011,2012 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/credentials_manager.h> +#include <botan/x509path.h> + +namespace Botan { + +std::string Credentials_Manager::psk_identity_hint(const std::string&, + const std::string&) + { + return ""; + } + +std::string Credentials_Manager::psk_identity(const std::string&, + const std::string&, + const std::string&) + { + return ""; + } + +SymmetricKey Credentials_Manager::psk(const std::string&, + const std::string&, + const std::string& identity) + { + throw Internal_Error("No PSK set for identity " + identity); + } + +bool Credentials_Manager::attempt_srp(const std::string&, + const std::string&) + { + return false; + } + +std::string Credentials_Manager::srp_identifier(const std::string&, + const std::string&) + { + return ""; + } + +std::string Credentials_Manager::srp_password(const std::string&, + const std::string&, + const std::string&) + { + return ""; + } + +bool Credentials_Manager::srp_verifier(const std::string&, + const std::string&, + const std::string&, + std::string&, + BigInt&, + std::vector<byte>&, + bool) + { + return false; + } + +std::vector<X509_Certificate> Credentials_Manager::cert_chain( + const std::vector<std::string>&, + const std::string&, + const std::string&) + { + return std::vector<X509_Certificate>(); + } + +std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type( + const std::string& cert_key_type, + const std::string& type, + const std::string& context) + { + std::vector<std::string> cert_types; + cert_types.push_back(cert_key_type); + return cert_chain(cert_types, type, context); + } + +Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&, + const std::string&, + const std::string&) + { + return nullptr; + } + +std::vector<Certificate_Store*> +Credentials_Manager::trusted_certificate_authorities( + const std::string&, + const std::string&) + { + return std::vector<Certificate_Store*>(); + } + +namespace { + +bool cert_in_some_store(const std::vector<Certificate_Store*>& trusted_CAs, + const X509_Certificate& trust_root) + { + for(auto CAs : trusted_CAs) + if(CAs->certificate_known(trust_root)) + return true; + return false; + } + +} + +void Credentials_Manager::verify_certificate_chain( + const std::string& type, + const std::string& purported_hostname, + const std::vector<X509_Certificate>& cert_chain) + { + if(cert_chain.empty()) + throw std::invalid_argument("Certificate chain was empty"); + + auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); + + Path_Validation_Restrictions restrictions; + + auto result = x509_path_validate(cert_chain, + restrictions, + trusted_CAs); + + if(!result.successful_validation()) + throw std::runtime_error("Certificate validation failure: " + result.result_string()); + + if(!cert_in_some_store(trusted_CAs, result.trust_root())) + throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); + + if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) + throw std::runtime_error("Certificate did not match hostname"); + } + +} |