← Back to branch summary

~ubuntu-branches/debian/sid/botan/sid

« back to all changes in this revision

Viewing changes to src/cli/credentials.h

  • Committer: Package Import Robot
  • Author(s): Laszlo Boszormenyi (GCS)
  • Date: 2018-03-01 22:23:25 UTC
  • mfrom: (1.2.2)
  • Revision ID: package-import@ubuntu.com-20180301222325-7p7vc45gu3hta34d
Tags: 2.4.0-2
* Don't remove .doctrees from the manual if it doesn't exist.
* Don't specify parallel to debhelper.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/cli/credentials.h
 
1
/*
 
2
* (C) 2014,2015 Jack Lloyd
 
3
*
 
4
* Botan is released under the Simplified BSD License (see license.txt)
 
5
*/
 
6
 
 
7
#ifndef EXAMPLE_CREDENTIALS_MANAGER_H_
 
8
#define EXAMPLE_CREDENTIALS_MANAGER_H_
 
9
 
 
10
#include <botan/pkcs8.h>
 
11
#include <botan/credentials_manager.h>
 
12
#include <botan/x509self.h>
 
13
#include <botan/data_src.h>
 
14
#include <memory>
 
15
 
 
16
inline bool value_exists(const std::vector<std::string>& vec,
 
17
                         const std::string& val)
 
18
   {
 
19
   for(size_t i = 0; i != vec.size(); ++i)
 
20
      {
 
21
      if(vec[i] == val)
 
22
         {
 
23
         return true;
 
24
         }
 
25
      }
 
26
   return false;
 
27
   }
 
28
 
 
29
class Basic_Credentials_Manager : public Botan::Credentials_Manager
 
30
   {
 
31
   public:
 
32
      Basic_Credentials_Manager()
 
33
         {
 
34
         load_certstores();
 
35
         }
 
36
 
 
37
      Basic_Credentials_Manager(Botan::RandomNumberGenerator& rng,
 
38
                                const std::string& server_crt,
 
39
                                const std::string& server_key)
 
40
         {
 
41
         Certificate_Info cert;
 
42
 
 
43
         cert.key.reset(Botan::PKCS8::load_key(server_key, rng));
 
44
 
 
45
         Botan::DataSource_Stream in(server_crt);
 
46
         while(!in.end_of_data())
 
47
            {
 
48
            try
 
49
               {
 
50
               cert.certs.push_back(Botan::X509_Certificate(in));
 
51
               }
 
52
            catch(std::exception&)
 
53
               {
 
54
               }
 
55
            }
 
56
 
 
57
         // TODO: attempt to validate chain ourselves
 
58
 
 
59
         m_creds.push_back(cert);
 
60
         }
 
61
 
 
62
      void load_certstores()
 
63
         {
 
64
         try
 
65
            {
 
66
            // TODO: make path configurable
 
67
            const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" };
 
68
 
 
69
            for(auto const& path : paths)
 
70
               {
 
71
               std::shared_ptr<Botan::Certificate_Store> cs(new Botan::Certificate_Store_In_Memory(path));
 
72
               m_certstores.push_back(cs);
 
73
               }
 
74
            }
 
75
         catch(std::exception&)
 
76
            {
 
77
            }
 
78
         }
 
79
 
 
80
      std::vector<Botan::Certificate_Store*>
 
81
      trusted_certificate_authorities(const std::string& type,
 
82
                                      const std::string& /*hostname*/) override
 
83
         {
 
84
         std::vector<Botan::Certificate_Store*> v;
 
85
 
 
86
         // don't ask for client certs
 
87
         if(type == "tls-server")
 
88
            {
 
89
            return v;
 
90
            }
 
91
 
 
92
         for(auto const& cs : m_certstores)
 
93
            {
 
94
            v.push_back(cs.get());
 
95
            }
 
96
 
 
97
         return v;
 
98
         }
 
99
 
 
100
      std::vector<Botan::X509_Certificate> cert_chain(
 
101
         const std::vector<std::string>& algos,
 
102
         const std::string& type,
 
103
         const std::string& hostname) override
 
104
         {
 
105
         BOTAN_UNUSED(type);
 
106
 
 
107
         for(auto const& i : m_creds)
 
108
            {
 
109
            if(std::find(algos.begin(), algos.end(), i.key->algo_name()) == algos.end())
 
110
               {
 
111
               continue;
 
112
               }
 
113
 
 
114
            if(hostname != "" && !i.certs[0].matches_dns_name(hostname))
 
115
               {
 
116
               continue;
 
117
               }
 
118
 
 
119
            return i.certs;
 
120
            }
 
121
 
 
122
         return std::vector<Botan::X509_Certificate>();
 
123
         }
 
124
 
 
125
      Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert,
 
126
                                          const std::string& /*type*/,
 
127
                                          const std::string& /*context*/) override
 
128
         {
 
129
         for(auto const& i : m_creds)
 
130
            {
 
131
            if(cert == i.certs[0])
 
132
               {
 
133
               return i.key.get();
 
134
               }
 
135
            }
 
136
 
 
137
         return nullptr;
 
138
         }
 
139
 
 
140
   private:
 
141
      struct Certificate_Info
 
142
         {
 
143
         std::vector<Botan::X509_Certificate> certs;
 
144
         std::shared_ptr<Botan::Private_Key> key;
 
145
         };
 
146
 
 
147
      std::vector<Certificate_Info> m_creds;
 
148
      std::vector<std::shared_ptr<Botan::Certificate_Store>> m_certstores;
 
149
   };
 
150
 
 
151
#endif