1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#include <botan/credentials_manager.h>
#include <botan/x509path.h>
namespace Botan {
std::string Credentials_Manager::psk_identity_hint(const std::string&,
const std::string&)
{
return "";
}
std::string Credentials_Manager::psk_identity(const std::string&,
const std::string&,
const std::string&)
{
return "";
}
SymmetricKey Credentials_Manager::psk(const std::string&,
const std::string&,
const std::string& identity)
{
throw Internal_Error("No PSK set for identity " + identity);
}
bool Credentials_Manager::attempt_srp(const std::string&,
const std::string&)
{
return false;
}
std::string Credentials_Manager::srp_identifier(const std::string&,
const std::string&)
{
return "";
}
std::string Credentials_Manager::srp_password(const std::string&,
const std::string&,
const std::string&)
{
return "";
}
bool Credentials_Manager::srp_verifier(const std::string&,
const std::string&,
const std::string&,
std::string&,
BigInt&,
std::vector<byte>&,
bool)
{
return false;
}
std::vector<X509_Certificate> Credentials_Manager::cert_chain(
const std::vector<std::string>&,
const std::string&,
const std::string&)
{
return std::vector<X509_Certificate>();
}
std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
const std::string& cert_key_type,
const std::string& type,
const std::string& context)
{
std::vector<std::string> cert_types;
cert_types.push_back(cert_key_type);
return cert_chain(cert_types, type, context);
}
Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&,
const std::string&,
const std::string&)
{
return nullptr;
}
std::vector<X509_Certificate>
Credentials_Manager::trusted_certificate_authorities(
const std::string&,
const std::string&)
{
return std::vector<X509_Certificate>();
}
void Credentials_Manager::verify_certificate_chain(
const std::string& type,
const std::string& purported_hostname,
const std::vector<X509_Certificate>& cert_chain)
{
if(cert_chain.empty())
throw std::invalid_argument("Certificate chain was empty");
auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname);
Certificate_Store_In_Memory CAs;
for(auto cert : trusted_CAs)
CAs.add_certificate(cert);
Path_Validation_Result result =
x509_path_validate(cert_chain,
Path_Validation_Restrictions(),
CAs);
if(!result.successful_validation())
throw std::runtime_error("Certificate validation failure: " + result.result_string());
if(!CAs.certificate_known(result.trust_root()))
throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname))
throw std::runtime_error("Certificate did not match hostname");
}
}
|
