A louloulibs/network/credentials_manager.cpp => louloulibs/network/credentials_manager.cpp +33 -0
@@ 0,0 1,33 @@
+#include <network/credentials_manager.hpp>
+#include <logger/logger.hpp>
+
+Basic_Credentials_Manager::Basic_Credentials_Manager():
+ Botan::Credentials_Manager()
+{
+ this->load_certs();
+}
+void Basic_Credentials_Manager::verify_certificate_chain(const std::string& type,
+ const std::string& purported_hostname,
+ const std::vector<Botan::X509_Certificate>& certs)
+{
+ log_debug("Checking remote certificate (" << type << ") for hostname " << purported_hostname);
+ Botan::Credentials_Manager::verify_certificate_chain(type, "louiz.org", certs);
+ log_debug("Certificate is valid");
+}
+void Basic_Credentials_Manager::load_certs()
+{
+ const std::vector<std::string> paths = {"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"};
+ for (const auto& path: paths)
+ {
+ Botan::DataSource_Stream bundle(path);
+ while (!bundle.end_of_data() && bundle.check_available(27))
+ {
+ const Botan::X509_Certificate cert(bundle);
+ this->certificate_store.add_certificate(cert);
+ }
+ }
+}
+std::vector<Botan::Certificate_Store*> Basic_Credentials_Manager::trusted_certificate_authorities(const std::string&, const std::string&)
+{
+ return {&this->certificate_store};
+}
A louloulibs/network/credentials_manager.hpp => louloulibs/network/credentials_manager.hpp +22 -0
@@ 0,0 1,22 @@
+#ifndef BIBOUMI_CREDENTIALS_MANAGER_HPP
+#define BIBOUMI_CREDENTIALS_MANAGER_HPP
+
+#include <botan/botan.h>
+#include <botan/tls_client.h>
+
+class Basic_Credentials_Manager: public Botan::Credentials_Manager
+{
+public:
+ Basic_Credentials_Manager();
+ void verify_certificate_chain(const std::string& type,
+ const std::string& purported_hostname,
+ const std::vector<Botan::X509_Certificate>&) override final;
+ std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(const std::string& type,
+ const std::string& context) override final;
+
+private:
+ void load_certs();
+ Botan::Certificate_Store_In_Memory certificate_store;
+};
+
+#endif //BIBOUMI_CREDENTIALS_MANAGER_HPP
M louloulibs/network/tcp_socket_handler.cpp => louloulibs/network/tcp_socket_handler.cpp +2 -10
@@ 19,7 19,7 @@
# include <botan/tls_exceptn.h>
Botan::AutoSeeded_RNG TCPSocketHandler::rng;
-Permissive_Credentials_Manager TCPSocketHandler::credential_manager;
+Basic_Credentials_Manager TCPSocketHandler::credential_manager;
Botan::TLS::Policy TCPSocketHandler::policy;
Botan::TLS::Session_Manager_In_Memory TCPSocketHandler::session_manager(TCPSocketHandler::rng);
@@ 451,15 451,7 @@ bool TCPSocketHandler::tls_handshake_cb(const Botan::TLS::Session& session)
void TCPSocketHandler::on_tls_activated()
{
- this->send_data("");
-}
-
-void Permissive_Credentials_Manager::verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<Botan::X509_Certificate>&)
-{ // TODO: Offer the admin to disallow connection on untrusted
- // certificates
- log_debug("Checking remote certificate (" << type << ") for hostname " << purported_hostname);
+ this->send_data({});
}
#endif // BOTAN_FOUND
M louloulibs/network/tcp_socket_handler.hpp => louloulibs/network/tcp_socket_handler.hpp +6 -18
@@ 1,9 1,13 @@
#ifndef SOCKET_HANDLER_INCLUDED
# define SOCKET_HANDLER_INCLUDED
+#include "louloulibs.h"
+
#include <network/socket_handler.hpp>
#include <network/resolver.hpp>
+#include <network/credentials_manager.hpp>
+
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ 13,23 17,6 @@
#include <string>
#include <list>
-#include "louloulibs.h"
-
-#ifdef BOTAN_FOUND
-# include <botan/botan.h>
-# include <botan/tls_client.h>
-
-/**
- * A very simple credential manager that accepts any certificate.
- */
-class Permissive_Credentials_Manager: public Botan::Credentials_Manager
-{
-public:
- void verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<Botan::X509_Certificate>&);
-};
-#endif // BOTAN_FOUND
/**
* An interface, with a series of callbacks that should be implemented in
@@ 243,7 230,7 @@ private:
* Botan stuff to manipulate a TLS session.
*/
static Botan::AutoSeeded_RNG rng;
- static Permissive_Credentials_Manager credential_manager;
+ static Basic_Credentials_Manager credential_manager;
static Botan::TLS::Policy policy;
static Botan::TLS::Session_Manager_In_Memory session_manager;
/**
@@ 267,3 254,4 @@ private:
};
#endif // SOCKET_HANDLER_INCLUDED
+