doxygen/credentials__manager_8h_source.html

 /*
 * Credentials Manager
 * (C) 2011,2012 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #ifndef BOTAN_CREDENTIALS_MANAGER_H_
 #define BOTAN_CREDENTIALS_MANAGER_H_

 #include <botan/pk_keys.h>
 #include <botan/x509cert.h>
 #include <botan/certstor.h>
 #include <botan/symkey.h>
 #include <string>

 namespace Botan {

 class X509_DN;
 class BigInt;

 /**
 * Interface for a credentials manager.
 *
 * A type is a fairly static value that represents the general nature
 * of the transaction occurring. Currently used values are "tls-client"
 * and "tls-server". Context represents a hostname, email address,
 * username, or other identifier.
 */
 class BOTAN_PUBLIC_API(2,0) Credentials_Manager
    {
    public:
       virtual ~Credentials_Manager() = default;

       /**
       * Return a list of the certificates of CAs that we trust in this
       * type/context.
       *
       * @param type specifies the type of operation occurring
       *
       * @param context specifies a context relative to type. For instance
       *        for type "tls-client", context specifies the servers name.
       */
       virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
          const std::string& type,
          const std::string& context);

       /**
       * Return a cert chain we can use, ordered from leaf to root,
       * or else an empty vector.
       *
       * It is assumed that the caller can get the private key of the
       * leaf with private_key_for
       *
       * @param cert_key_types specifies the key types desired ("RSA",
       *                       "DSA", "ECDSA", etc), or empty if there
       *                       is no preference by the caller.
       *
       * @param acceptable_CAs the CAs the requestor will accept (possibly empty)
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       */
       virtual std::vector<X509_Certificate> find_cert_chain(
          const std::vector<std::string>& cert_key_types,
          const std::vector<X509_DN>& acceptable_CAs,
          const std::string& type,
          const std::string& context);

       /**
       * Return a cert chain we can use, ordered from leaf to root,
       * or else an empty vector.
       *
       * This virtual function is deprecated, and will be removed in a
       * future release. Use (and override) find_cert_chain instead.
       *
       * It is assumed that the caller can get the private key of the
       * leaf with private_key_for
       *
       * @param cert_key_types specifies the key types desired ("RSA",
       *                       "DSA", "ECDSA", etc), or empty if there
       *                       is no preference by the caller.
       *
       * @param type specifies the type of operation occurring
       *
       * @param context specifies a context relative to type.
       */
       virtual std::vector<X509_Certificate> cert_chain(
          const std::vector<std::string>& cert_key_types,
          const std::string& type,
          const std::string& context);

       /**
       * Return a cert chain we can use, ordered from leaf to root,
       * or else an empty vector.
       *
       * It is assumed that the caller can get the private key of the
       * leaf with private_key_for
       *
       * @param cert_key_type specifies the type of key requested
       *                      ("RSA", "DSA", "ECDSA", etc)
       *
       * @param type specifies the type of operation occurring
       *
       * @param context specifies a context relative to type.
       */
       std::vector<X509_Certificate> cert_chain_single_type(
          const std::string& cert_key_type,
          const std::string& type,
          const std::string& context);

       /**
       * @return private key associated with this certificate if we should
       *         use it with this context. cert was returned by cert_chain
       * @note this object should retain ownership of the returned key;
       *       it should not be deleted by the caller.
       */
       virtual Private_Key* private_key_for(const X509_Certificate& cert,
                                            const std::string& type,
                                            const std::string& context);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @return true if we should attempt SRP authentication
       */
       virtual bool attempt_srp(const std::string& type,
                                const std::string& context);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @return identifier for client-side SRP auth, if available
                 for this type/context. Should return empty string
                 if password auth not desired/available.
       */
       virtual std::string srp_identifier(const std::string& type,
                                          const std::string& context);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @param identifier specifies what identifier we want the
       *        password for. This will be a value previously returned
       *        by srp_identifier.
       * @return password for client-side SRP auth, if available
                 for this identifier/type/context.
       */
       virtual std::string srp_password(const std::string& type,
                                        const std::string& context,
                                        const std::string& identifier);

       /**
       * Retrieve SRP verifier parameters
       */
       virtual bool srp_verifier(const std::string& type,
                                 const std::string& context,
                                 const std::string& identifier,
                                 std::string& group_name,
                                 BigInt& verifier,
                                 std::vector<uint8_t>& salt,
                                 bool generate_fake_on_unknown);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @return the PSK identity hint for this type/context
       */
       virtual std::string psk_identity_hint(const std::string& type,
                                             const std::string& context);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @param identity_hint was passed by the server (but may be empty)
       * @return the PSK identity we want to use
       */
       virtual std::string psk_identity(const std::string& type,
                                        const std::string& context,
                                        const std::string& identity_hint);

       /**
       * @param type specifies the type of operation occurring
       * @param context specifies a context relative to type.
       * @param identity is a PSK identity previously returned by
                psk_identity for the same type and context.
       * @return the PSK used for identity, or throw an exception if no
       * key exists
       */
       virtual SymmetricKey psk(const std::string& type,
                                const std::string& context,
                                const std::string& identity);
    };

 }

 #endif
Botan::OctetString
Definition: symkey.h:19

Botan::BigInt
Definition: bigint.h:24

Botan::Private_Key
Definition: pk_keys.h:181

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31

type
MechanismType type
Definition: p11_mechanism.cpp:44

Botan::X509_Certificate
Definition: x509cert.h:40

Botan
Definition: alg_id.cpp:13

Botan::Credentials_Manager
Definition: credentials_manager.h:30