From f34cc48100c672824aa70869adfb59669055d173 Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 23 Jan 2012 23:36:19 +0000 Subject: The credentials manager interface seems a much better place for cert checking, allowed client auth CAs, etc than the policy class. With this change, most users won't ever need to modify the default policy which is likely a good thing. Remove copy and paste of the credentials manager implemenation in the examples. --- doc/examples/asio_tls_server.cpp | 56 +++------------------------------------- doc/examples/credentials.h | 53 +++++++++++++++++++++++++++++++++++++ doc/examples/tls_client.cpp | 54 +++----------------------------------- doc/examples/tls_server.cpp | 55 ++------------------------------------- 4 files changed, 61 insertions(+), 157 deletions(-) create mode 100644 doc/examples/credentials.h (limited to 'doc/examples') diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index 90f4fc20a..1a46bc8e8 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -14,6 +14,8 @@ #include #include +#include "credentials.h" + using Botan::byte; using asio::ip::tcp; @@ -181,58 +183,6 @@ class tls_server_session : public boost::enable_shared_from_this m_outbox; }; -class Credentials_Manager_Simple : public Botan::Credentials_Manager - { - public: - Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} - - std::vector cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - const std::string hostname = (context == "" ? "localhost" : context); - - Botan::X509_Certificate cert(hostname + ".crt"); - Botan::Private_Key* key = Botan::PKCS8::load_key(hostname + ".key", rng); - - certs_and_keys[cert] = key; - - std::vector certs; - certs.push_back(cert); - return certs; - } - - Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - Botan::RandomNumberGenerator& rng; - std::map certs_and_keys; - }; - -class Server_TLS_Policy : public Botan::TLS::Policy - { - public: - //bool require_client_auth() const { return true; } - - bool check_cert(const std::vector& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - class tls_server { public: @@ -290,7 +240,7 @@ class tls_server Botan::AutoSeeded_RNG m_rng; Botan::TLS::Session_Manager_In_Memory m_session_manager; - Server_TLS_Policy m_policy; + Botan::TLS::Policy m_policy; Credentials_Manager_Simple m_creds; }; diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h new file mode 100644 index 000000000..802e3233c --- /dev/null +++ b/doc/examples/credentials.h @@ -0,0 +1,53 @@ + +#ifndef EXAMPLE_CREDENTIALS_MANAGER_H__ +#define EXAMPLE_CREDENTIALS_MANAGER_H__ + +#include + +class Credentials_Manager_Simple : public Botan::Credentials_Manager + { + public: + Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} + + std::vector cert_chain( + const std::string& cert_key_type, + const std::string& type, + const std::string& context) + { + std::vector certs; + + if(type == "tls-server") + { + const std::string hostname = (context == "" ? "localhost" : context); + + Botan::X509_Certificate cert(hostname + ".crt"); + Botan::Private_Key* key = Botan::PKCS8::load_key(hostname + ".key", rng); + + certs_and_keys[cert] = key; + certs.push_back(cert); + } + else if(type == "tls-client") + { + Botan::X509_Certificate cert("user-rsa.crt"); + Botan::Private_Key* key = Botan::PKCS8::load_key("user-rsa.key", rng); + + certs_and_keys[cert] = key; + certs.push_back(cert); + } + + return certs; + } + + Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert, + const std::string& type, + const std::string& context) + { + return certs_and_keys[cert]; + } + + private: + Botan::RandomNumberGenerator& rng; + std::map certs_and_keys; + }; + +#endif diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 000f63ed4..80947af62 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -16,28 +16,12 @@ #include #include +#include "credentials.h" + using namespace Botan; using namespace std::tr1::placeholders; -class Client_TLS_Policy : public TLS::Policy - { - public: - //Version_Code pref_version() const { return TLS_V12; } - - bool check_cert(const std::vector& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - int connect_to_host(const std::string& host, u16bit port) { hostent* host_addr = ::gethostbyname(host.c_str()); @@ -206,38 +190,6 @@ void doit(RandomNumberGenerator& rng, ::close(sockfd); } -class Credentials_Manager_Simple : public Credentials_Manager - { - public: - Credentials_Manager_Simple(RandomNumberGenerator& rng) : rng(rng) {} - - std::vector cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - X509_Certificate cert("user-rsa.crt"); - Private_Key* key = PKCS8::load_key("user-rsa.key", rng); - - certs_and_keys[cert] = key; - - std::vector certs; - certs.push_back(cert); - return certs; - } - - Private_Key* private_key_for(const X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - RandomNumberGenerator& rng; - std::map certs_and_keys; - }; - int main(int argc, char* argv[]) { if(argc != 2 && argc != 3) @@ -250,7 +202,7 @@ int main(int argc, char* argv[]) { LibraryInitializer botan_init; AutoSeeded_RNG rng; - Client_TLS_Policy policy; + TLS::Policy policy; TLS::Session_Manager_In_Memory session_manager; Credentials_Manager_Simple creds(rng); diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 0f6287599..e896b5bcc 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -8,6 +8,7 @@ #include #include "socket.h" +#include "credentials.h" using namespace Botan; @@ -18,40 +19,6 @@ using namespace std::tr1::placeholders; #include #include -class Credentials_Manager_Simple : public Credentials_Manager - { - public: - Credentials_Manager_Simple(RandomNumberGenerator& rng) : rng(rng) {} - - std::vector cert_chain( - const std::string& cert_key_type, - const std::string& type, - const std::string& context) - { - const std::string hostname = (context == "" ? "localhost" : context); - - X509_Certificate cert(hostname + ".crt"); - Private_Key* key = PKCS8::load_key(hostname + ".key", rng); - - certs_and_keys[cert] = key; - - std::vector certs; - certs.push_back(cert); - return certs; - } - - Private_Key* private_key_for(const X509_Certificate& cert, - const std::string& type, - const std::string& context) - { - return certs_and_keys[cert]; - } - - private: - RandomNumberGenerator& rng; - std::map certs_and_keys; - }; - bool handshake_complete(const TLS::Session& session) { printf("Handshake complete, protocol=%04X ciphersuite=%s compression=%d\n", @@ -158,24 +125,6 @@ class Blocking_TLS_Server bool exit; }; -class Server_TLS_Policy : public TLS::Policy - { - public: - //bool require_client_auth() const { return true; } - - bool check_cert(const std::vector& certs) const - { - for(size_t i = 0; i != certs.size(); ++i) - { - std::cout << certs[i].to_string(); - } - - std::cout << "Warning: not checking cert signatures\n"; - - return true; - } - }; - int main(int argc, char* argv[]) { int port = 4433; @@ -192,7 +141,7 @@ int main(int argc, char* argv[]) Server_Socket listener(port); - Server_TLS_Policy policy; + TLS::Policy policy; TLS::Session_Manager_In_Memory sessions; -- cgit v1.2.3