Botan  2.4.0
Crypto and TLS for C++11
credentials_manager.h
Go to the documentation of this file.
1 /*
2 * Credentials Manager
3 * (C) 2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CREDENTIALS_MANAGER_H_
9 #define BOTAN_CREDENTIALS_MANAGER_H_
10 
11 #include <botan/pk_keys.h>
12 #include <botan/x509cert.h>
13 #include <botan/certstor.h>
14 #include <botan/symkey.h>
15 #include <string>
16 
17 namespace Botan {
18 
19 class BigInt;
20 
21 /**
22 * Interface for a credentials manager.
23 *
24 * A type is a fairly static value that represents the general nature
25 * of the transaction occurring. Currently used values are "tls-client"
26 * and "tls-server". Context represents a hostname, email address,
27 * username, or other identifier.
28 */
30  {
31  public:
32  virtual ~Credentials_Manager() = default;
33 
34  /**
35  * Return a list of the certificates of CAs that we trust in this
36  * type/context.
37  *
38  * @param type specifies the type of operation occurring
39  *
40  * @param context specifies a context relative to type. For instance
41  * for type "tls-client", context specifies the servers name.
42  */
43  virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
44  const std::string& type,
45  const std::string& context);
46 
47  /**
48  * Return a cert chain we can use, ordered from leaf to root,
49  * or else an empty vector.
50  *
51  * It is assumed that the caller can get the private key of the
52  * leaf with private_key_for
53  *
54  * @param cert_key_types specifies the key types desired ("RSA",
55  * "DSA", "ECDSA", etc), or empty if there
56  * is no preference by the caller.
57  *
58  * @param type specifies the type of operation occurring
59  *
60  * @param context specifies a context relative to type.
61  */
62  virtual std::vector<X509_Certificate> cert_chain(
63  const std::vector<std::string>& cert_key_types,
64  const std::string& type,
65  const std::string& context);
66 
67  /**
68  * Return a cert chain we can use, ordered from leaf to root,
69  * or else an empty vector.
70  *
71  * It is assumed that the caller can get the private key of the
72  * leaf with private_key_for
73  *
74  * @param cert_key_type specifies the type of key requested
75  * ("RSA", "DSA", "ECDSA", etc)
76  *
77  * @param type specifies the type of operation occurring
78  *
79  * @param context specifies a context relative to type.
80  */
81  std::vector<X509_Certificate> cert_chain_single_type(
82  const std::string& cert_key_type,
83  const std::string& type,
84  const std::string& context);
85 
86  /**
87  * @return private key associated with this certificate if we should
88  * use it with this context. cert was returned by cert_chain
89  * @note this object should retain ownership of the returned key;
90  * it should not be deleted by the caller.
91  */
92  virtual Private_Key* private_key_for(const X509_Certificate& cert,
93  const std::string& type,
94  const std::string& context);
95 
96  /**
97  * @param type specifies the type of operation occurring
98  * @param context specifies a context relative to type.
99  * @return true if we should attempt SRP authentication
100  */
101  virtual bool attempt_srp(const std::string& type,
102  const std::string& context);
103 
104  /**
105  * @param type specifies the type of operation occurring
106  * @param context specifies a context relative to type.
107  * @return identifier for client-side SRP auth, if available
108  for this type/context. Should return empty string
109  if password auth not desired/available.
110  */
111  virtual std::string srp_identifier(const std::string& type,
112  const std::string& context);
113 
114  /**
115  * @param type specifies the type of operation occurring
116  * @param context specifies a context relative to type.
117  * @param identifier specifies what identifier we want the
118  * password for. This will be a value previously returned
119  * by srp_identifier.
120  * @return password for client-side SRP auth, if available
121  for this identifier/type/context.
122  */
123  virtual std::string srp_password(const std::string& type,
124  const std::string& context,
125  const std::string& identifier);
126 
127  /**
128  * Retrieve SRP verifier parameters
129  */
130  virtual bool srp_verifier(const std::string& type,
131  const std::string& context,
132  const std::string& identifier,
133  std::string& group_name,
134  BigInt& verifier,
135  std::vector<uint8_t>& salt,
136  bool generate_fake_on_unknown);
137 
138  /**
139  * @param type specifies the type of operation occurring
140  * @param context specifies a context relative to type.
141  * @return the PSK identity hint for this type/context
142  */
143  virtual std::string psk_identity_hint(const std::string& type,
144  const std::string& context);
145 
146  /**
147  * @param type specifies the type of operation occurring
148  * @param context specifies a context relative to type.
149  * @param identity_hint was passed by the server (but may be empty)
150  * @return the PSK identity we want to use
151  */
152  virtual std::string psk_identity(const std::string& type,
153  const std::string& context,
154  const std::string& identity_hint);
155 
156  /**
157  * @param type specifies the type of operation occurring
158  * @param context specifies a context relative to type.
159  * @param identity is a PSK identity previously returned by
160  psk_identity for the same type and context.
161  * @return the PSK used for identity, or throw an exception if no
162  * key exists
163  */
164  virtual SymmetricKey psk(const std::string& type,
165  const std::string& context,
166  const std::string& identity);
167  };
168 
169 }
170 
171 #endif
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
MechanismType type
Definition: alg_id.cpp:13