ceph/src/boost/libs/beast/example/common/root_certificates.hpp

   1 //
   2 // Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
   3 //
   4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
   5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
   6 //
   7 // Official repository: https://github.com/boostorg/beast
   8 //
   9
  10 #ifndef BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
  11 #define BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
  12
  13 #include <boost/asio/ssl.hpp>
  14 #include <string>
  15
  16 /*
  17     PLEASE READ
  18
  19     These root certificates here are included just to make the
  20     SSL client examples work. They are NOT intended to be
  21     illustrative of best-practices for performing TLS certificate
  22     verification.
  23
  24     A REAL program which needs to verify the authenticity of a
  25     server IP address resolved from a given DNS name needs to
  26     consult the operating system specific certificate store
  27     to validate the chain of signatures, compare the domain name
  28     properly against the domain name in the certificate, check
  29     the certificate revocation list, and probably do some other
  30     things.
  31
  32     ALL of these operations are entirely outside the scope of
  33     both Boost.Beast and Boost.Asio.
  34
  35     See (work in progress):
  36         https://github.com/djarek/certify
  37
  38     tl;dr: root_certificates.hpp should not be used in production code
  39 */
  40
  41 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
  42
  43 namespace detail {
  44
  45 inline
  46 void
  47 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
  48 {
  49     std::string const cert =
  50         /*  This is the DigiCert Global Root CA
  51
  52             CN = DigiCert High Assurance EV Root CA
  53             OU = www.digicert.com
  54             O = DigiCert Inc
  55             C = US
  56
  57             Valid to: 10 November 2031
  58
  59             Serial #:
  60             08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A
  61
  62             SHA1 Fingerprint:
  63             A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
  64
  65             SHA256 Fingerprint:
  66             43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61
  67         */
  68         "-----BEGIN CERTIFICATE-----\n"
  69         "MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n"
  70         "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
  71         "d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
  72         "QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n"
  73         "MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
  74         "b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n"
  75         "9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n"
  76         "CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n"
  77         "nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n"
  78         "43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n"
  79         "T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n"
  80         "gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n"
  81         "BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n"
  82         "TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n"
  83         "DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n"
  84         "hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n"
  85         "06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n"
  86         "PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n"
  87         "YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n"
  88         "CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n"
  89         "-----END CERTIFICATE-----\n"
  90
  91         /*  This is the GeoTrust root certificate.
  92
  93             CN = GeoTrust Global CA
  94             O = GeoTrust Inc.
  95             C = US
  96             Valid to: Friday, ‎May ‎20, ‎2022 9:00:00 PM
  97
  98             Thumbprint(sha1):
  99             ‎de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
 100         */
 101         "-----BEGIN CERTIFICATE-----\n"
 102         "MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n"
 103         "BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n"
 104         "Q049d3d3LmV4YW1wbGUuY29tMB4XDTE3MDUwMzE4MzkxMloXDTQ0MDkxODE4Mzkx\n"
 105         "MlowSTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMS0wKwYDVQQHDCRMb3MgQW5n\n"
 106         "ZWxlc089QmVhc3RDTj13d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n"
 107         "A4IBDwAwggEKAoIBAQDJ7BRKFO8fqmsEXw8v9YOVXyrQVsVbjSSGEs4Vzs4cJgcF\n"
 108         "xqGitbnLIrOgiJpRAPLy5MNcAXE1strVGfdEf7xMYSZ/4wOrxUyVw/Ltgsft8m7b\n"
 109         "Fu8TsCzO6XrxpnVtWk506YZ7ToTa5UjHfBi2+pWTxbpN12UhiZNUcrRsqTFW+6fO\n"
 110         "9d7xm5wlaZG8cMdg0cO1bhkz45JSl3wWKIES7t3EfKePZbNlQ5hPy7Pd5JTmdGBp\n"
 111         "yY8anC8u4LPbmgW0/U31PH0rRVfGcBbZsAoQw5Tc5dnb6N2GEIbq3ehSfdDHGnrv\n"
 112         "enu2tOK9Qx6GEzXh3sekZkxcgh+NlIxCNxu//Dk9AgMBAAGjUzBRMB0GA1UdDgQW\n"
 113         "BBTZh0N9Ne1OD7GBGJYz4PNESHuXezAfBgNVHSMEGDAWgBTZh0N9Ne1OD7GBGJYz\n"
 114         "4PNESHuXezAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmTJVT\n"
 115         "LH5Cru1vXtzb3N9dyolcVH82xFVwPewArchgq+CEkajOU9bnzCqvhM4CryBb4cUs\n"
 116         "gqXWp85hAh55uBOqXb2yyESEleMCJEiVTwm/m26FdONvEGptsiCmF5Gxi0YRtn8N\n"
 117         "V+KhrQaAyLrLdPYI7TrwAOisq2I1cD0mt+xgwuv/654Rl3IhOMx+fKWKJ9qLAiaE\n"
 118         "fQyshjlPP9mYVxWOxqctUdQ8UnsUKKGEUcVrA08i1OAnVKlPFjKBvk+r7jpsTPcr\n"
 119         "9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n"
 120         "UEVbkhd5qstF6qWK\n"
 121         "-----END CERTIFICATE-----\n";
 122         ;
 123
 124     ctx.add_certificate_authority(
 125         boost::asio::buffer(cert.data(), cert.size()), ec);
 126     if(ec)
 127         return;
 128 }
 129
 130 } // detail
 131
 132 // Load the root certificates into an ssl::context
 133
 134 inline
 135 void
 136 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
 137 {
 138     detail::load_root_certificates(ctx, ec);
 139 }
 140
 141 inline
 142 void
 143 load_root_certificates(ssl::context& ctx)
 144 {
 145     boost::system::error_code ec;
 146     detail::load_root_certificates(ctx, ec);
 147     if(ec)
 148         throw boost::system::system_error{ec};
 149 }
 150
 151 #endif