Botan  2.7.0
Crypto and TLS for C++11
credentials_manager.h
Go to the documentation of this file.
1 /*
2 * Credentials Manager
3 * (C) 2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CREDENTIALS_MANAGER_H_
9 #define BOTAN_CREDENTIALS_MANAGER_H_
10 
11 #include <botan/pk_keys.h>
12 #include <botan/x509cert.h>
13 #include <botan/certstor.h>
14 #include <botan/symkey.h>
15 #include <string>
16 
17 namespace Botan {
18 
19 class X509_DN;
20 class BigInt;
21 
22 /**
23 * Interface for a credentials manager.
24 *
25 * A type is a fairly static value that represents the general nature
26 * of the transaction occurring. Currently used values are "tls-client"
27 * and "tls-server". Context represents a hostname, email address,
28 * username, or other identifier.
29 */
31  {
32  public:
33  virtual ~Credentials_Manager() = default;
34 
35  /**
36  * Return a list of the certificates of CAs that we trust in this
37  * type/context.
38  *
39  * @param type specifies the type of operation occurring
40  *
41  * @param context specifies a context relative to type. For instance
42  * for type "tls-client", context specifies the servers name.
43  */
44  virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
45  const std::string& type,
46  const std::string& context);
47 
48  /**
49  * Return a cert chain we can use, ordered from leaf to root,
50  * or else an empty vector.
51  *
52  * It is assumed that the caller can get the private key of the
53  * leaf with private_key_for
54  *
55  * @param cert_key_types specifies the key types desired ("RSA",
56  * "DSA", "ECDSA", etc), or empty if there
57  * is no preference by the caller.
58  *
59  * @param acceptable_CAs the CAs the requestor will accept (possibly empty)
60  * @param type specifies the type of operation occurring
61  * @param context specifies a context relative to type.
62  */
63  virtual std::vector<X509_Certificate> find_cert_chain(
64  const std::vector<std::string>& cert_key_types,
65  const std::vector<X509_DN>& acceptable_CAs,
66  const std::string& type,
67  const std::string& context);
68 
69  /**
70  * Return a cert chain we can use, ordered from leaf to root,
71  * or else an empty vector.
72  *
73  * This virtual function is deprecated, and will be removed in a
74  * future release. Use (and override) find_cert_chain instead.
75  *
76  * It is assumed that the caller can get the private key of the
77  * leaf with private_key_for
78  *
79  * @param cert_key_types specifies the key types desired ("RSA",
80  * "DSA", "ECDSA", etc), or empty if there
81  * is no preference by the caller.
82  *
83  * @param type specifies the type of operation occurring
84  *
85  * @param context specifies a context relative to type.
86  */
87  virtual std::vector<X509_Certificate> cert_chain(
88  const std::vector<std::string>& cert_key_types,
89  const std::string& type,
90  const std::string& context);
91 
92  /**
93  * Return a cert chain we can use, ordered from leaf to root,
94  * or else an empty vector.
95  *
96  * It is assumed that the caller can get the private key of the
97  * leaf with private_key_for
98  *
99  * @param cert_key_type specifies the type of key requested
100  * ("RSA", "DSA", "ECDSA", etc)
101  *
102  * @param type specifies the type of operation occurring
103  *
104  * @param context specifies a context relative to type.
105  */
106  std::vector<X509_Certificate> cert_chain_single_type(
107  const std::string& cert_key_type,
108  const std::string& type,
109  const std::string& context);
110 
111  /**
112  * @return private key associated with this certificate if we should
113  * use it with this context. cert was returned by cert_chain
114  * @note this object should retain ownership of the returned key;
115  * it should not be deleted by the caller.
116  */
117  virtual Private_Key* private_key_for(const X509_Certificate& cert,
118  const std::string& type,
119  const std::string& context);
120 
121  /**
122  * @param type specifies the type of operation occurring
123  * @param context specifies a context relative to type.
124  * @return true if we should attempt SRP authentication
125  */
126  virtual bool attempt_srp(const std::string& type,
127  const std::string& context);
128 
129  /**
130  * @param type specifies the type of operation occurring
131  * @param context specifies a context relative to type.
132  * @return identifier for client-side SRP auth, if available
133  for this type/context. Should return empty string
134  if password auth not desired/available.
135  */
136  virtual std::string srp_identifier(const std::string& type,
137  const std::string& context);
138 
139  /**
140  * @param type specifies the type of operation occurring
141  * @param context specifies a context relative to type.
142  * @param identifier specifies what identifier we want the
143  * password for. This will be a value previously returned
144  * by srp_identifier.
145  * @return password for client-side SRP auth, if available
146  for this identifier/type/context.
147  */
148  virtual std::string srp_password(const std::string& type,
149  const std::string& context,
150  const std::string& identifier);
151 
152  /**
153  * Retrieve SRP verifier parameters
154  */
155  virtual bool srp_verifier(const std::string& type,
156  const std::string& context,
157  const std::string& identifier,
158  std::string& group_name,
159  BigInt& verifier,
160  std::vector<uint8_t>& salt,
161  bool generate_fake_on_unknown);
162 
163  /**
164  * @param type specifies the type of operation occurring
165  * @param context specifies a context relative to type.
166  * @return the PSK identity hint for this type/context
167  */
168  virtual std::string psk_identity_hint(const std::string& type,
169  const std::string& context);
170 
171  /**
172  * @param type specifies the type of operation occurring
173  * @param context specifies a context relative to type.
174  * @param identity_hint was passed by the server (but may be empty)
175  * @return the PSK identity we want to use
176  */
177  virtual std::string psk_identity(const std::string& type,
178  const std::string& context,
179  const std::string& identity_hint);
180 
181  /**
182  * @param type specifies the type of operation occurring
183  * @param context specifies a context relative to type.
184  * @param identity is a PSK identity previously returned by
185  psk_identity for the same type and context.
186  * @return the PSK used for identity, or throw an exception if no
187  * key exists
188  */
189  virtual SymmetricKey psk(const std::string& type,
190  const std::string& context,
191  const std::string& identity);
192  };
193 
194 }
195 
196 #endif
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
MechanismType type
Definition: alg_id.cpp:13