summaryrefslogtreecommitdiff
path: root/src/network/credentials_manager.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/credentials_manager.hpp')
-rw-r--r--src/network/credentials_manager.hpp55
1 files changed, 55 insertions, 0 deletions
diff --git a/src/network/credentials_manager.hpp b/src/network/credentials_manager.hpp
new file mode 100644
index 0000000..c463ad4
--- /dev/null
+++ b/src/network/credentials_manager.hpp
@@ -0,0 +1,55 @@
+#pragma once
+
+#include "biboumi.h"
+
+#ifdef BOTAN_FOUND
+
+#include <botan/botan.h>
+#include <botan/tls_client.h>
+
+class TCPSocketHandler;
+
+/**
+ * If the given cert isn’t valid, based on the given hostname
+ * and fingerprint, then throws the exception if it’s non-empty.
+ *
+ * Must be called after the standard (from Botan) way of
+ * checking the certificate, if we want to also accept certificates based
+ * on a trusted fingerprint.
+ */
+void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
+ const std::string& hostname, const std::string& trusted_fingerprint,
+ std::exception_ptr exc);
+
+class BasicCredentialsManager: public Botan::Credentials_Manager
+{
+public:
+ BasicCredentialsManager(const TCPSocketHandler* const socket_handler);
+
+ BasicCredentialsManager(BasicCredentialsManager&&) = delete;
+ BasicCredentialsManager(const BasicCredentialsManager&) = delete;
+ BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
+ BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;
+
+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
+ void verify_certificate_chain(const std::string& type,
+ const std::string& purported_hostname,
+ const std::vector<Botan::X509_Certificate>&) override final;
+#endif
+ std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
+ const std::string& context) override final;
+ void set_trusted_fingerprint(const std::string& fingerprint);
+ const std::string& get_trusted_fingerprint() const;
+
+private:
+ const TCPSocketHandler* const socket_handler;
+
+ static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths);
+ static void load_certs();
+ static Botan::Certificate_Store_In_Memory certificate_store;
+ static bool certs_loaded;
+ std::string trusted_fingerprint;
+};
+
+#endif //BOTAN_FOUND
+