Botan 3.5.0
Crypto and TLS for C&
credentials_manager.cpp
Go to the documentation of this file.
1/*
2* Credentials Manager
3* (C) 2011,2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/credentials_manager.h>
9
10#include <botan/pkix_types.h>
11#include <botan/internal/fmt.h>
12
13namespace Botan {
14
15std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
16 return "";
17}
18
19std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
20 const std::string& /*unused*/,
21 const std::string& /*unused*/) {
22 return "";
23}
24
25SymmetricKey Credentials_Manager::psk(const std::string& type,
26 const std::string& context,
27 const std::string& identity) {
28 auto side = [&] {
29 if(type == "tls-client") {
31 } else if(type == "tls-server") {
33 } else {
34 throw Internal_Error(fmt("No PSK set for type {}", type));
35 }
36 }();
37
38 // New applications should use the appropriate credentials methods. This is a
39 // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
40 // future major release.
41 //
42 // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
43 if(side == TLS::Connection_Side::Server && context == "session-ticket") {
44 if(auto key = session_ticket_key(); !key.empty()) {
45 return SymmetricKey(std::move(key));
46 }
47 } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
48 if(auto key = dtls_cookie_secret(); !key.empty()) {
49 return SymmetricKey(std::move(key));
50 }
51 } else /* context is a host name */ {
52 // Assuming that find_preshared_keys returns _exactly_ one or no keys when
53 // searching for a single specific identity.
54 if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
55 return SymmetricKey(psks.front().extract_master_secret());
56 }
57 }
58
59 throw Internal_Error(fmt("No PSK set for identity {}", identity));
60}
61
62std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
63 TLS::Connection_Side /* whoami */,
64 const std::vector<std::string>& /* identities */,
65 const std::optional<std::string>& /* prf */) {
66 return {};
67}
68
69std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
71 const std::vector<std::string>& identities,
72 const std::optional<std::string>& prf) {
73 auto psks = find_preshared_keys(host, whoami, identities, prf);
74 if(psks.empty()) {
75 return std::nullopt;
76 } else {
77 return std::move(psks.front());
78 }
79}
80
81std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
82 const std::vector<std::string>& key_types,
83 const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
84 const std::vector<X509_DN>& /*unused*/,
85 const std::string& type,
86 const std::string& context) {
87 return cert_chain(key_types, cert_signature_schemes, type, context);
88}
89
90std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,
91 const std::string& /* type */,
92 const std::string& /* context */) {
93 return nullptr;
94}
95
96std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
97 const std::vector<AlgorithmIdentifier>& /*unused*/,
98 const std::string& /*unused*/,
99 const std::string& /*unused*/) {
100 return std::vector<X509_Certificate>();
101}
102
104 const std::string& cert_key_type,
105 const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
106 const std::string& type,
107 const std::string& context) {
108 return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
109}
110
111std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
112 const std::string& /*unused*/,
113 const std::string& /*unused*/) {
114 return nullptr;
115}
116
117std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,
118 const std::string& /* type */,
119 const std::string& /* context */) {
120 return nullptr;
121}
122
126
130
131std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
132 const std::string& /*unused*/) {
133 return std::vector<Certificate_Store*>();
134}
135
136} // namespace Botan
virtual secure_vector< uint8_t > dtls_cookie_secret()
virtual std::vector< TLS::ExternalPSK > find_preshared_keys(std::string_view host, TLS::Connection_Side whoami, const std::vector< std::string > &identities={}, const std::optional< std::string > &prf=std::nullopt)
virtual std::vector< X509_Certificate > cert_chain(const std::vector< std::string > &cert_key_types, const std::vector< AlgorithmIdentifier > &cert_signature_schemes, const std::string &type, const std::string &context)
virtual std::string psk_identity(const std::string &type, const std::string &context, const std::string &identity_hint)
virtual std::string psk_identity_hint(const std::string &type, const std::string &context)
virtual std::vector< Certificate_Store * > trusted_certificate_authorities(const std::string &type, const std::string &context)
virtual std::vector< X509_Certificate > find_cert_chain(const std::vector< std::string > &cert_key_types, const std::vector< AlgorithmIdentifier > &cert_signature_schemes, const std::vector< X509_DN > &acceptable_CAs, const std::string &type, const std::string &context)
virtual std::shared_ptr< Public_Key > find_raw_public_key(const std::vector< std::string > &key_types, const std::string &type, const std::string &context)
virtual SymmetricKey psk(const std::string &type, const std::string &context, const std::string &identity)
virtual std::optional< TLS::ExternalPSK > choose_preshared_key(std::string_view host, TLS::Connection_Side whoami, const std::vector< std::string > &identities, const std::optional< std::string > &prf=std::nullopt)
virtual std::shared_ptr< Private_Key > private_key_for(const X509_Certificate &cert, const std::string &type, const std::string &context)
virtual secure_vector< uint8_t > session_ticket_key()
std::vector< X509_Certificate > cert_chain_single_type(const std::string &cert_key_type, const std::vector< AlgorithmIdentifier > &cert_signature_schemes, const std::string &type, const std::string &context)
OctetString SymmetricKey
Definition symkey.h:140
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61