Botan  1.11.15
src/lib/credentials/credentials_manager.cpp
Go to the documentation of this file.
00001 /*
00002 * Credentials Manager
00003 * (C) 2011,2012 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/credentials_manager.h>
00009 #include <botan/x509path.h>
00010 
00011 namespace Botan {
00012 
00013 std::string Credentials_Manager::psk_identity_hint(const std::string&,
00014                                                    const std::string&)
00015    {
00016    return "";
00017    }
00018 
00019 std::string Credentials_Manager::psk_identity(const std::string&,
00020                                               const std::string&,
00021                                               const std::string&)
00022    {
00023    return "";
00024    }
00025 
00026 SymmetricKey Credentials_Manager::psk(const std::string&,
00027                                       const std::string&,
00028                                       const std::string& identity)
00029    {
00030    throw Internal_Error("No PSK set for identity " + identity);
00031    }
00032 
00033 bool Credentials_Manager::attempt_srp(const std::string&,
00034                                       const std::string&)
00035    {
00036    return false;
00037    }
00038 
00039 std::string Credentials_Manager::srp_identifier(const std::string&,
00040                                                 const std::string&)
00041    {
00042    return "";
00043    }
00044 
00045 std::string Credentials_Manager::srp_password(const std::string&,
00046                                               const std::string&,
00047                                               const std::string&)
00048    {
00049    return "";
00050    }
00051 
00052 bool Credentials_Manager::srp_verifier(const std::string&,
00053                                        const std::string&,
00054                                        const std::string&,
00055                                        std::string&,
00056                                        BigInt&,
00057                                        std::vector<byte>&,
00058                                        bool)
00059    {
00060    return false;
00061    }
00062 
00063 std::vector<X509_Certificate> Credentials_Manager::cert_chain(
00064    const std::vector<std::string>&,
00065    const std::string&,
00066    const std::string&)
00067    {
00068    return std::vector<X509_Certificate>();
00069    }
00070 
00071 std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
00072    const std::string& cert_key_type,
00073    const std::string& type,
00074    const std::string& context)
00075    {
00076    std::vector<std::string> cert_types;
00077    cert_types.push_back(cert_key_type);
00078    return cert_chain(cert_types, type, context);
00079    }
00080 
00081 Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&,
00082                                                   const std::string&,
00083                                                   const std::string&)
00084    {
00085    return nullptr;
00086    }
00087 
00088 std::vector<Certificate_Store*>
00089 Credentials_Manager::trusted_certificate_authorities(
00090    const std::string&,
00091    const std::string&)
00092    {
00093    return std::vector<Certificate_Store*>();
00094    }
00095 
00096 namespace {
00097 
00098 bool cert_in_some_store(const std::vector<Certificate_Store*>& trusted_CAs,
00099                         const X509_Certificate& trust_root)
00100    {
00101    for(auto CAs : trusted_CAs)
00102       if(CAs->certificate_known(trust_root))
00103          return true;
00104    return false;
00105    }
00106 
00107 }
00108 
00109 void Credentials_Manager::verify_certificate_chain(
00110    const std::string& type,
00111    const std::string& purported_hostname,
00112    const std::vector<X509_Certificate>& cert_chain)
00113    {
00114    if(cert_chain.empty())
00115       throw std::invalid_argument("Certificate chain was empty");
00116 
00117    auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname);
00118 
00119    Path_Validation_Restrictions restrictions;
00120 
00121    auto result = x509_path_validate(cert_chain,
00122                                     restrictions,
00123                                     trusted_CAs);
00124 
00125    if(!result.successful_validation())
00126       throw std::runtime_error("Certificate validation failure: " + result.result_string());
00127 
00128    if(!cert_in_some_store(trusted_CAs, result.trust_root()))
00129       throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
00130 
00131    if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname))
00132       throw std::runtime_error("Certificate did not match hostname");
00133    }
00134 
00135 }