src/credentials/credentials_manager.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/

#include <botan/credentials_manager.h>
#include <botan/x509stor.h>

namespace Botan {

std::string Credentials_Manager::psk_identity_hint(const std::string&,
                                                   const std::string&)
   {
   return "";
   }

std::string Credentials_Manager::psk_identity(const std::string&,
                                              const std::string&,
                                              const std::string&)
   {
   return "";
   }

SymmetricKey Credentials_Manager::psk(const std::string&,
                                      const std::string&,
                                      const std::string& identity)
   {
   throw Internal_Error("No PSK set for identity " + identity);
   }

std::string Credentials_Manager::srp_identifier(const std::string&,
                                                const std::string&)
   {
   return "";
   }

std::string Credentials_Manager::srp_password(const std::string&,
                                              const std::string&,
                                              const std::string&)
   {
   return "";
   }

bool Credentials_Manager::srp_verifier(const std::string&,
                                       const std::string&,
                                       const std::string&,
                                       BigInt&,
                                       BigInt&,
                                       BigInt&,
                                       MemoryRegion<byte>&,
                                       bool)
   {
   return false;
   }

std::vector<X509_Certificate> Credentials_Manager::cert_chain(
   const std::vector<std::string>&,
   const std::string&,
   const std::string&)
   {
   return std::vector<X509_Certificate>();
   }

std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
   const std::string& cert_key_type,
   const std::string& type,
   const std::string& context)
   {
   std::vector<std::string> cert_types;
   cert_types.push_back(cert_key_type);
   return cert_chain(cert_types, type, context);
   }

Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&,
                                                  const std::string&,
                                                  const std::string&)
   {
   return 0;
   }

std::vector<X509_Certificate>
Credentials_Manager::trusted_certificate_authorities(
   const std::string&,
   const std::string&)
   {
   return std::vector<X509_Certificate>();
   }

void Credentials_Manager::verify_certificate_chain(
   const std::string& type,
   const std::string& purported_hostname,
   const std::vector<X509_Certificate>& cert_chain)
   {
   if(cert_chain.empty())
      throw std::invalid_argument("Certificate chain was empty");

   if(!cert_chain[0].matches_dns_name(purported_hostname))
      throw std::runtime_error("Certificate did not match hostname");

   std::vector<X509_Certificate> CAs = trusted_certificate_authorities(type, purported_hostname);

   X509_Store store;

   for(size_t i = 0; i != CAs.size(); ++i)
      store.add_cert(CAs[i], true);
   for(size_t i = 0; i != cert_chain.size(); ++i)
      store.add_cert(cert_chain[i]);

   X509_Code result = store.validate_cert(cert_chain[0], X509_Store::TLS_SERVER);

   if(CAs.empty() && result == CERT_ISSUER_NOT_FOUND)
      return;

   if(result != VERIFIED)
      throw std::runtime_error("Certificate did not validate");
   }

}