2
* (C) 2014,2015 Jack Lloyd
4
* Botan is released under the Simplified BSD License (see license.txt)
7
#ifndef EXAMPLE_CREDENTIALS_MANAGER_H_
8
#define EXAMPLE_CREDENTIALS_MANAGER_H_
10
#include <botan/pkcs8.h>
11
#include <botan/credentials_manager.h>
12
#include <botan/x509self.h>
13
#include <botan/data_src.h>
16
inline bool value_exists(const std::vector<std::string>& vec,
17
const std::string& val)
19
for(size_t i = 0; i != vec.size(); ++i)
29
class Basic_Credentials_Manager : public Botan::Credentials_Manager
32
Basic_Credentials_Manager()
37
Basic_Credentials_Manager(Botan::RandomNumberGenerator& rng,
38
const std::string& server_crt,
39
const std::string& server_key)
41
Certificate_Info cert;
43
cert.key.reset(Botan::PKCS8::load_key(server_key, rng));
45
Botan::DataSource_Stream in(server_crt);
46
while(!in.end_of_data())
50
cert.certs.push_back(Botan::X509_Certificate(in));
52
catch(std::exception&)
57
// TODO: attempt to validate chain ourselves
59
m_creds.push_back(cert);
62
void load_certstores()
66
// TODO: make path configurable
67
const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" };
69
for(auto const& path : paths)
71
std::shared_ptr<Botan::Certificate_Store> cs(new Botan::Certificate_Store_In_Memory(path));
72
m_certstores.push_back(cs);
75
catch(std::exception&)
80
std::vector<Botan::Certificate_Store*>
81
trusted_certificate_authorities(const std::string& type,
82
const std::string& /*hostname*/) override
84
std::vector<Botan::Certificate_Store*> v;
86
// don't ask for client certs
87
if(type == "tls-server")
92
for(auto const& cs : m_certstores)
94
v.push_back(cs.get());
100
std::vector<Botan::X509_Certificate> cert_chain(
101
const std::vector<std::string>& algos,
102
const std::string& type,
103
const std::string& hostname) override
107
for(auto const& i : m_creds)
109
if(std::find(algos.begin(), algos.end(), i.key->algo_name()) == algos.end())
114
if(hostname != "" && !i.certs[0].matches_dns_name(hostname))
122
return std::vector<Botan::X509_Certificate>();
125
Botan::Private_Key* private_key_for(const Botan::X509_Certificate& cert,
126
const std::string& /*type*/,
127
const std::string& /*context*/) override
129
for(auto const& i : m_creds)
131
if(cert == i.certs[0])
141
struct Certificate_Info
143
std::vector<Botan::X509_Certificate> certs;
144
std::shared_ptr<Botan::Private_Key> key;
147
std::vector<Certificate_Info> m_creds;
148
std::vector<std::shared_ptr<Botan::Certificate_Store>> m_certstores;