~singpolyma/biboumi

ref: f0f3d3d4e2fb7c02a5b2ad517632ec5071fefb45 biboumi/src/network/credentials_manager.hpp -rw-r--r-- 2.0 KiB
f0f3d3d4 — louiz’ Remove the now useless “find … touch” hack in gitlab-ci.yml 5 years ago
                                                                                
81f8f45b louiz’
f928f762 Florent Le Coz
0ab40dc1 louiz’
06db9b36 Florent Le Coz
f928f762 Florent Le Coz
e8386bd1 Florent Le Coz
7784c568 louiz’
be9c577d louiz’
7784c568 louiz’
a13285d0 Florent Le Coz
f928f762 Florent Le Coz
a13285d0 Florent Le Coz
af420738 louiz’
7784c568 louiz’
f928f762 Florent Le Coz
7784c568 louiz’
f928f762 Florent Le Coz
1f8333f2 Florent Le Coz
7784c568 louiz’
f928f762 Florent Le Coz
e8386bd1 Florent Le Coz
f50f5065 louiz’
e8386bd1 Florent Le Coz
1f8333f2 Florent Le Coz
f928f762 Florent Le Coz
06db9b36 Florent Le Coz
81f8f45b louiz’
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#pragma once

#include "biboumi.h"

#ifdef BOTAN_FOUND

#include <botan/botan.h>
#include <botan/tls_client.h>

class TCPSocketHandler;

/**
 * If the given cert isn’t valid, based on the given hostname
 * and fingerprint, then throws the exception if it’s non-empty.
 *
 * Must be called after the standard (from Botan) way of
 * checking the certificate, if we want to also accept certificates based
 * on a trusted fingerprint.
 */
void check_tls_certificate(const std::vector<Botan::X509_Certificate>& certs,
                           const std::string& hostname, const std::string& trusted_fingerprint,
                           const std::exception_ptr& exc);

class BasicCredentialsManager: public Botan::Credentials_Manager
{
public:
  BasicCredentialsManager(const TCPSocketHandler* const socket_handler);

  BasicCredentialsManager(BasicCredentialsManager&&) = delete;
  BasicCredentialsManager(const BasicCredentialsManager&) = delete;
  BasicCredentialsManager& operator=(const BasicCredentialsManager&) = delete;
  BasicCredentialsManager& operator=(BasicCredentialsManager&&) = delete;

#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,34)
  void verify_certificate_chain(const std::string& type,
                                const std::string& purported_hostname,
                                const std::vector<Botan::X509_Certificate>&) override final;
#endif
  std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
                                                                         const std::string& context) override final;
  void set_trusted_fingerprint(const std::string& fingerprint);
  const std::string& get_trusted_fingerprint() const;

private:
  const TCPSocketHandler* const socket_handler;

  static bool try_to_open_one_ca_bundle(const std::vector<std::string>& paths);
  static void load_certs();
  static Botan::Certificate_Store_In_Memory certificate_store;
  static bool certs_loaded;
  std::string trusted_fingerprint;
};

#endif //BOTAN_FOUND