/* * Credentials Manager * (C) 2011,2012 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include #include namespace Botan { std::string Credentials_Manager::psk_identity_hint(const std::string&, const std::string&) { return ""; } std::string Credentials_Manager::psk_identity(const std::string&, const std::string&, const std::string&) { return ""; } SymmetricKey Credentials_Manager::psk(const std::string&, const std::string&, const std::string& identity) { throw Internal_Error("No PSK set for identity " + identity); } bool Credentials_Manager::attempt_srp(const std::string&, const std::string&) { return false; } std::string Credentials_Manager::srp_identifier(const std::string&, const std::string&) { return ""; } std::string Credentials_Manager::srp_password(const std::string&, const std::string&, const std::string&) { return ""; } bool Credentials_Manager::srp_verifier(const std::string&, const std::string&, const std::string&, std::string&, BigInt&, std::vector&, bool) { return false; } std::vector Credentials_Manager::cert_chain( const std::vector&, const std::string&, const std::string&) { return std::vector(); } std::vector Credentials_Manager::cert_chain_single_type( const std::string& cert_key_type, const std::string& type, const std::string& context) { std::vector cert_types; cert_types.push_back(cert_key_type); return cert_chain(cert_types, type, context); } Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&, const std::string&, const std::string&) { return nullptr; } std::vector Credentials_Manager::trusted_certificate_authorities( const std::string&, const std::string&) { return std::vector(); } namespace { bool cert_in_some_store(const std::vector& trusted_CAs, const X509_Certificate& trust_root) { for(auto CAs : trusted_CAs) if(CAs->certificate_known(trust_root)) return true; return false; } Usage_Type choose_leaf_usage(const std::string& ctx) { // These are reversed because ctx is denoting the current perspective if(ctx == "tls-client") return Usage_Type::TLS_SERVER_AUTH; else if(ctx == "tls-server") return Usage_Type::TLS_CLIENT_AUTH; else return Usage_Type::UNSPECIFIED; } } void Credentials_Manager::verify_certificate_chain( const std::string& type, const std::string& purported_hostname, const std::vector& cert_chain) { if(cert_chain.empty()) throw Invalid_Argument("Certificate chain was empty"); auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); Path_Validation_Restrictions restrictions; Path_Validation_Result result = x509_path_validate(cert_chain, restrictions, trusted_CAs, purported_hostname, choose_leaf_usage(type)); if(!result.successful_validation()) throw Exception("Certificate validation failure: " + result.result_string()); if(!cert_in_some_store(trusted_CAs, result.trust_root())) throw Exception("Certificate chain roots in unknown/untrusted CA"); } }