Botan
1.11.15
|
00001 /* 00002 * Credentials Manager 00003 * (C) 2011,2012 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/credentials_manager.h> 00009 #include <botan/x509path.h> 00010 00011 namespace Botan { 00012 00013 std::string Credentials_Manager::psk_identity_hint(const std::string&, 00014 const std::string&) 00015 { 00016 return ""; 00017 } 00018 00019 std::string Credentials_Manager::psk_identity(const std::string&, 00020 const std::string&, 00021 const std::string&) 00022 { 00023 return ""; 00024 } 00025 00026 SymmetricKey Credentials_Manager::psk(const std::string&, 00027 const std::string&, 00028 const std::string& identity) 00029 { 00030 throw Internal_Error("No PSK set for identity " + identity); 00031 } 00032 00033 bool Credentials_Manager::attempt_srp(const std::string&, 00034 const std::string&) 00035 { 00036 return false; 00037 } 00038 00039 std::string Credentials_Manager::srp_identifier(const std::string&, 00040 const std::string&) 00041 { 00042 return ""; 00043 } 00044 00045 std::string Credentials_Manager::srp_password(const std::string&, 00046 const std::string&, 00047 const std::string&) 00048 { 00049 return ""; 00050 } 00051 00052 bool Credentials_Manager::srp_verifier(const std::string&, 00053 const std::string&, 00054 const std::string&, 00055 std::string&, 00056 BigInt&, 00057 std::vector<byte>&, 00058 bool) 00059 { 00060 return false; 00061 } 00062 00063 std::vector<X509_Certificate> Credentials_Manager::cert_chain( 00064 const std::vector<std::string>&, 00065 const std::string&, 00066 const std::string&) 00067 { 00068 return std::vector<X509_Certificate>(); 00069 } 00070 00071 std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type( 00072 const std::string& cert_key_type, 00073 const std::string& type, 00074 const std::string& context) 00075 { 00076 std::vector<std::string> cert_types; 00077 cert_types.push_back(cert_key_type); 00078 return cert_chain(cert_types, type, context); 00079 } 00080 00081 Private_Key* Credentials_Manager::private_key_for(const X509_Certificate&, 00082 const std::string&, 00083 const std::string&) 00084 { 00085 return nullptr; 00086 } 00087 00088 std::vector<Certificate_Store*> 00089 Credentials_Manager::trusted_certificate_authorities( 00090 const std::string&, 00091 const std::string&) 00092 { 00093 return std::vector<Certificate_Store*>(); 00094 } 00095 00096 namespace { 00097 00098 bool cert_in_some_store(const std::vector<Certificate_Store*>& trusted_CAs, 00099 const X509_Certificate& trust_root) 00100 { 00101 for(auto CAs : trusted_CAs) 00102 if(CAs->certificate_known(trust_root)) 00103 return true; 00104 return false; 00105 } 00106 00107 } 00108 00109 void Credentials_Manager::verify_certificate_chain( 00110 const std::string& type, 00111 const std::string& purported_hostname, 00112 const std::vector<X509_Certificate>& cert_chain) 00113 { 00114 if(cert_chain.empty()) 00115 throw std::invalid_argument("Certificate chain was empty"); 00116 00117 auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); 00118 00119 Path_Validation_Restrictions restrictions; 00120 00121 auto result = x509_path_validate(cert_chain, 00122 restrictions, 00123 trusted_CAs); 00124 00125 if(!result.successful_validation()) 00126 throw std::runtime_error("Certificate validation failure: " + result.result_string()); 00127 00128 if(!cert_in_some_store(trusted_CAs, result.trust_root())) 00129 throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); 00130 00131 if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) 00132 throw std::runtime_error("Certificate did not match hostname"); 00133 } 00134 00135 }