Botan 2.19.1
Crypto and TLS for C&
credentials_manager.h
Go to the documentation of this file.
1/*
2* Credentials Manager
3* (C) 2011,2012 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_CREDENTIALS_MANAGER_H_
9#define BOTAN_CREDENTIALS_MANAGER_H_
10
11#include <botan/pk_keys.h>
12#include <botan/x509cert.h>
13#include <botan/certstor.h>
14#include <botan/symkey.h>
15#include <string>
16
17namespace Botan {
18
19class X509_DN;
20class BigInt;
21
22/**
23* Interface for a credentials manager.
24*
25* A type is a fairly static value that represents the general nature
26* of the transaction occurring. Currently used values are "tls-client"
27* and "tls-server". Context represents a hostname, email address,
28* username, or other identifier.
29*/
31 {
32 public:
33 virtual ~Credentials_Manager() = default;
34
35 /**
36 * Return a list of the certificates of CAs that we trust in this
37 * type/context.
38 *
39 * @param type specifies the type of operation occurring
40 *
41 * @param context specifies a context relative to type. For instance
42 * for type "tls-client", context specifies the servers name.
43 */
44 virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
45 const std::string& type,
46 const std::string& context);
47
48 /**
49 * Return a cert chain we can use, ordered from leaf to root,
50 * or else an empty vector.
51 *
52 * It is assumed that the caller can get the private key of the
53 * leaf with private_key_for
54 *
55 * @param cert_key_types specifies the key types desired ("RSA",
56 * "DSA", "ECDSA", etc), or empty if there
57 * is no preference by the caller.
58 *
59 * @param acceptable_CAs the CAs the requestor will accept (possibly empty)
60 * @param type specifies the type of operation occurring
61 * @param context specifies a context relative to type.
62 */
63 virtual std::vector<X509_Certificate> find_cert_chain(
64 const std::vector<std::string>& cert_key_types,
65 const std::vector<X509_DN>& acceptable_CAs,
66 const std::string& type,
67 const std::string& context);
68
69 /**
70 * Return a cert chain we can use, ordered from leaf to root,
71 * or else an empty vector.
72 *
73 * This virtual function is deprecated, and will be removed in a
74 * future release. Use (and override) find_cert_chain instead.
75 *
76 * It is assumed that the caller can get the private key of the
77 * leaf with private_key_for
78 *
79 * @param cert_key_types specifies the key types desired ("RSA",
80 * "DSA", "ECDSA", etc), or empty if there
81 * is no preference by the caller.
82 *
83 * @param type specifies the type of operation occurring
84 *
85 * @param context specifies a context relative to type.
86 */
87 virtual std::vector<X509_Certificate> cert_chain(
88 const std::vector<std::string>& cert_key_types,
89 const std::string& type,
90 const std::string& context);
91
92 /**
93 * Return a cert chain we can use, ordered from leaf to root,
94 * or else an empty vector.
95 *
96 * It is assumed that the caller can get the private key of the
97 * leaf with private_key_for
98 *
99 * @param cert_key_type specifies the type of key requested
100 * ("RSA", "DSA", "ECDSA", etc)
101 *
102 * @param type specifies the type of operation occurring
103 *
104 * @param context specifies a context relative to type.
105 */
106 std::vector<X509_Certificate> cert_chain_single_type(
107 const std::string& cert_key_type,
108 const std::string& type,
109 const std::string& context);
110
111 /**
112 * @return private key associated with this certificate if we should
113 * use it with this context. cert was returned by cert_chain
114 * @note this object should retain ownership of the returned key;
115 * it should not be deleted by the caller.
116 */
117 virtual Private_Key* private_key_for(const X509_Certificate& cert,
118 const std::string& type,
119 const std::string& context);
120
121 /**
122 * @param type specifies the type of operation occurring
123 * @param context specifies a context relative to type.
124 * @return true if we should attempt SRP authentication
125 */
126 virtual bool attempt_srp(const std::string& type,
127 const std::string& context);
128
129 /**
130 * @param type specifies the type of operation occurring
131 * @param context specifies a context relative to type.
132 * @return identifier for client-side SRP auth, if available
133 for this type/context. Should return empty string
134 if password auth not desired/available.
135 */
136 virtual std::string srp_identifier(const std::string& type,
137 const std::string& context);
138
139 /**
140 * @param type specifies the type of operation occurring
141 * @param context specifies a context relative to type.
142 * @param identifier specifies what identifier we want the
143 * password for. This will be a value previously returned
144 * by srp_identifier.
145 * @return password for client-side SRP auth, if available
146 for this identifier/type/context.
147 */
148 virtual std::string srp_password(const std::string& type,
149 const std::string& context,
150 const std::string& identifier);
151
152 /**
153 * Retrieve SRP verifier parameters
154 */
155 virtual bool srp_verifier(const std::string& type,
156 const std::string& context,
157 const std::string& identifier,
158 std::string& group_name,
159 BigInt& verifier,
160 std::vector<uint8_t>& salt,
161 bool generate_fake_on_unknown);
162
163 /**
164 * @param type specifies the type of operation occurring
165 * @param context specifies a context relative to type.
166 * @return the PSK identity hint for this type/context
167 */
168 virtual std::string psk_identity_hint(const std::string& type,
169 const std::string& context);
170
171 /**
172 * @param type specifies the type of operation occurring
173 * @param context specifies a context relative to type.
174 * @param identity_hint was passed by the server (but may be empty)
175 * @return the PSK identity we want to use
176 */
177 virtual std::string psk_identity(const std::string& type,
178 const std::string& context,
179 const std::string& identity_hint);
180
181 /**
182 * @param type specifies the type of operation occurring
183 * @param context specifies a context relative to type.
184 * @param identity is a PSK identity previously returned by
185 psk_identity for the same type and context.
186 * @return the PSK used for identity, or throw an exception if no
187 * key exists
188 */
189 virtual SymmetricKey psk(const std::string& type,
190 const std::string& context,
191 const std::string& identity);
192 };
193
194}
195
196#endif
virtual ~Credentials_Manager()=default
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13
MechanismType type