http: Add parameter for server name on Secure_server

fwsGonzo · fwsGonzo · commit 28cabc059bf2 · 2017-03-15T18:09:20.000+01:00
diff --git a/api/net/http/secure_server.hpp b/api/net/http/secure_server.hpp
@@ -29,13 +29,15 @@ class Secure_server : public http::Server
 {
 public:
   Secure_server(
+      const std::string& name,
       fs::Dirent& ca_key,
       fs::Dirent& ca_cert,
       fs::Dirent& server_key,
       TCP& tcp,
       Request_handler cb);
 
   Secure_server(
+      const std::string& name,
       fs::Dirent& ca_key,
       fs::Dirent& ca_cert,
       fs::Dirent& server_key,
@@ -48,6 +50,7 @@ class Secure_server : public http::Server
       Request_handler cb)
     : http::Server(tcp, cb), rng(in_rng), credman(in_credman)
   {
+    assert(credman != nullptr);
     on_connect = {this, &Secure_server::secure_connect};
   }
 
diff --git a/api/net/tls/credman.hpp b/api/net/tls/credman.hpp
@@ -24,7 +24,6 @@
 #include <botan/rng.h>
 #include <botan/x509cert.h>
 #include <botan/x509_ca.h>
-//#include <botan/x509path.h>
 #include <botan/x509self.h>
 #include <memory>
 
@@ -59,24 +58,22 @@ class Credman : public Botan::Credentials_Manager
 
   std::vector<Botan::X509_Certificate> cert_chain(
               const std::vector<std::string>& cert_key_types,
-              const std::string& type,
+              const std::string&,
               const std::string&) override
   {
     std::vector<Botan::X509_Certificate> chain;
 
-    if (type == "tls-server" || (type == "tls-client" && m_provides_client_certs))
+    bool have_match = false;
+    for (size_t i = 0; i != cert_key_types.size(); ++i)
+        if(cert_key_types[i] == m_server_key->algo_name())
+            have_match = true;
+
+    if(have_match)
     {
-      bool have_match = false;
-      for (size_t i = 0; i != cert_key_types.size(); ++i)
-          if(cert_key_types[i] == m_server_key->algo_name())
-              have_match = true;
-
-      if(have_match)
-      {
-        chain.push_back(m_server_cert);
-        chain.push_back(m_ca_cert);
-      }
+      chain.push_back(m_server_cert);
+      chain.push_back(m_ca_cert);
     }
+
     return chain;
   }
 
@@ -87,17 +84,8 @@ class Credman : public Botan::Credentials_Manager
     return m_server_key.get();
   }
 
-  Botan::SymmetricKey psk(const std::string&,
-        const std::string&,
-        const std::string&) override
-  {
-    //if (type == "tls-server" && context == "session-ticket")
-    //  return Botan::SymmetricKey("AABBCCDDEEFF012345678012345678");
-
-    return Botan::SymmetricKey("20B602D1475F2DF888FCB60D2AE03AFD"); // PSK key
-  }
-
   static Credman* create(
+        const std::string& name,
         Botan::RandomNumberGenerator&  rng,
         std::unique_ptr<Botan::Private_Key> ca_key,
         Botan::X509_Certificate ca_cert,
@@ -118,6 +106,7 @@ class Credman : public Botan::Credentials_Manager
  * 
 **/
 inline Credman* Credman::create(
+        const std::string& server_name,
         Botan::RandomNumberGenerator&  rng,
         std::unique_ptr<Botan::Private_Key> ca_key,
         Botan::X509_Certificate ca_cert,
@@ -132,7 +121,7 @@ inline Credman* Credman::create(
 
   // create certificate request
   Botan::X509_Cert_Options server_opts;
-  server_opts.common_name = "server.example.com";
+  server_opts.common_name = server_name;
   server_opts.country = "VT";
 
   auto req = Botan::X509::create_cert_req(server_opts, *server_key, "SHA-256", rng);
diff --git a/api/net/tls/server.hpp b/api/net/tls/server.hpp
@@ -35,15 +35,13 @@ class Server : public Botan::TLS::Callbacks, public tcp::Stream
 public:
   using Connection_ptr = tcp::Connection_ptr;
 
-
   Server(Connection_ptr remote,
-             Botan::RandomNumberGenerator& rng,
-             Botan::Credentials_Manager& credman) :
-    tcp::Stream({remote}),
-    m_rng(rng),
+         Botan::RandomNumberGenerator& rng,
+         Botan::Credentials_Manager& credman) 
+  : tcp::Stream({remote}),
     m_creds(credman),
-    m_session_manager(m_rng),
-    m_tls(*this, m_session_manager, m_creds, m_policy, m_rng)
+    m_session_manager(rng),
+    m_tls(*this, m_session_manager, m_creds, m_policy, rng)
   {
     assert(tcp->is_connected());
     // default read callback
@@ -95,15 +93,10 @@ class Server : public Botan::TLS::Callbacks, public tcp::Stream
 
 protected:
   void tls_read(buffer_t buf, const size_t n)
-  {
-    this->tls_receive(buf.get(), n);
-  }
-
-  void tls_receive(const uint8_t* buf, const size_t n)
   {
     try
     {
-      int rem = m_tls.received_data(buf, n);
+      int rem = m_tls.received_data(buf.get(), n);
       (void) rem;
       //printf("Finished processing (rem: %u)\n", rem);
     }
@@ -162,7 +155,6 @@ class Server : public Botan::TLS::Callbacks, public tcp::Stream
   Stream::WriteCallback   o_write;
   Stream::ConnectCallback o_connect;
 
-  Botan::RandomNumberGenerator& m_rng;
   Botan::Credentials_Manager&   m_creds;
   Botan::TLS::Strict_Policy     m_policy;
   Botan::TLS::Session_Manager_In_Memory m_session_manager;
diff --git a/src/net/http/secure_server.cpp b/src/net/http/secure_server.cpp
@@ -32,6 +32,7 @@ inline std::unique_ptr<Botan::Private_Key> read_pkey(fs::Dirent& key_file)
 namespace http
 {
   Secure_server::Secure_server(
+      const std::string& server_name,
       fs::Dirent& file_ca_key,
       fs::Dirent& file_ca_cert,
       fs::Dirent& file_server_key,
@@ -52,6 +53,7 @@ namespace http
     auto srv_key = read_pkey(file_server_key);
 
     auto* credman = net::Credman::create(
+            server_name,
             get_rng(),
             std::move(ca_key),
             Botan::X509_Certificate(vca_cert),
@@ -61,11 +63,15 @@ namespace http
   }
 
   Secure_server::Secure_server(
+      const std::string& server_name,
       fs::Dirent& file_ca_key,
       fs::Dirent& file_ca_cert,
       fs::Dirent& file_server_key,
       TCP& tcp)
-    : Secure_server(file_ca_key, file_ca_cert, file_server_key, tcp, nullptr)
+    : Secure_server(
+          server_name, 
+          file_ca_key, file_ca_cert, file_server_key, 
+          tcp, nullptr)
   {}
 
 }
