/* * (C) 2014,2015 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #ifndef EXAMPLE_CREDENTIALS_MANAGER_H__ #define EXAMPLE_CREDENTIALS_MANAGER_H__ #include #include #include #include #include #include #include #include #include #include inline bool value_exists(const std::vector& vec, const std::string& val) { for(size_t i = 0; i != vec.size(); ++i) if(vec[i] == val) return true; return false; } class Basic_Credentials_Manager : public Credentials_Manager { public: Basic_Credentials_Manager() { load_certstores(); } Basic_Credentials_Manager(RandomNumberGenerator& rng, const std::string& server_crt, const std::string& server_key) { Certificate_Info cert; cert.key.reset(PKCS8::load_key(server_key, rng)); DataSource_Stream in(server_crt); while(!in.end_of_data()) { try { cert.certs.push_back(X509_Certificate(in)); } catch(std::exception& e) { } } // TODO: attempt to validate chain ourselves m_creds.push_back(cert); } void load_certstores() { try { // TODO: make path configurable const std::vector paths = { "/usr/share/ca-certificates" }; for(auto&& path : paths) { std::shared_ptr cs(new Certificate_Store_In_Memory(path)); m_certstores.push_back(cs); } } catch(std::exception& e) { //std::cout << e.what() << "\n"; } } std::vector trusted_certificate_authorities(const std::string& type, const std::string& /*hostname*/) { std::vector v; // don't ask for client certs if(type == "tls-server") return v; for(auto&& cs : m_certstores) v.push_back(cs.get()); return v; } void verify_certificate_chain( const std::string& type, const std::string& purported_hostname, const std::vector& cert_chain) { try { Credentials_Manager::verify_certificate_chain(type, purported_hostname, cert_chain); } catch(std::exception& e) { std::cout << e.what() << "\n"; //throw; } } std::vector cert_chain( const std::vector& algos, const std::string& type, const std::string& hostname) { for(auto&& i : m_creds) { if(std::find(algos.begin(), algos.end(), i.key->algo_name()) == algos.end()) continue; if(hostname != "" && !i.certs[0].matches_dns_name(hostname)) continue; return i.certs; } return std::vector(); } Private_Key* private_key_for(const X509_Certificate& cert, const std::string& /*type*/, const std::string& /*context*/) { for(auto&& i : m_creds) { if(cert == i.certs[0]) return i.key.get(); } return nullptr; } private: struct Certificate_Info { std::vector certs; std::shared_ptr key; }; std::vector m_creds; std::vector> m_certstores; }; #endif