diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2017-06-24 09:21:37 +0200 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2017-06-24 09:21:37 +0200 |
| commit | 3d39f109ba8ea7ae9778c58bd1665b9e8e0f45cb (patch) | |
| tree | 9a5684babcd16d302fbe59c56b6045660ad62488 /src/network/credentials_manager.hpp | |
| parent | f9cee98aacd6aea8ccb7f5677b4ff1e1e234e4d1 (diff) | |
| parent | c21cbbf9667991d2b928562a9c199e625d3f9bba (diff) | |
| download | biboumi-3d39f109ba8ea7ae9778c58bd1665b9e8e0f45cb.tar.gz biboumi-3d39f109ba8ea7ae9778c58bd1665b9e8e0f45cb.tar.bz2 biboumi-3d39f109ba8ea7ae9778c58bd1665b9e8e0f45cb.tar.xz biboumi-3d39f109ba8ea7ae9778c58bd1665b9e8e0f45cb.zip | |
Updated version 5.0 from 'upstream/5.0'
with Debian dir 2ae31d03ffb1d79153a692af23c7b2b097cc4b2b
Diffstat (limited to 'src/network/credentials_manager.hpp')
| -rw-r--r-- | src/network/credentials_manager.hpp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp new file mode 100644 index 0000000..e7c247d --- /dev/null +++ b/src/network/credentials_manager.hpp @@ -0,0 +1,55 @@ +#pragma once + +#include "biboumi.h" + +#ifdef BOTAN_FOUND + +#include <botan/botan.h> +#include <botan/tls_client.h> + +class TCPSocketHandler; + +/** + * If the given cert isn’t valid, based on the given hostname + * and fingerprint, then throws the exception if it’s non-empty. + * + * Must be called after the standard (from Botan) way of + * checking the certificate, if we want to also accept certificates based + * on a trusted fingerprint. + */ +void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs, + const std::string& hostname, const std::string& trusted_fingerprint, + const std::exception_ptr& exc); + +class BasicCredentialsManager: public Botan::Credentials_Manager +{ +public: + BasicCredentialsManager(const TCPSocketHandler* const socket_handler); + + BasicCredentialsManager(BasicCredentialsManager&&) = delete; + BasicCredentialsManager(const BasicCredentialsManager&) = delete; + BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete; + BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete; + +#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34) + void verify_certificate_chain(const std::string& type, + const std::string& purported_hostname, + const std::vector<Botan::X509_Certificate>&) override final; +#endif + std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type, + const std::string& context) override final; + void set_trusted_fingerprint(const std::string& fingerprint); + const std::string& get_trusted_fingerprint() const; + +private: + const TCPSocketHandler* const socket_handler; + + static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths); + static void load_certs(); + static Botan::Certificate_Store_In_Memory certificate_store; + static bool certs_loaded; + std::string trusted_fingerprint; +}; + +#endif //BOTAN_FOUND + |