Botan  2.1.0
Crypto and TLS for C++11
credentials_manager.h
Go to the documentation of this file.
1 /*
2 * Credentials Manager
3 * (C) 2011,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CREDENTIALS_MANAGER_H__
9 #define BOTAN_CREDENTIALS_MANAGER_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/certstor.h>
13 #include <botan/symkey.h>
14 #include <string>
15 
16 namespace Botan {
17 
18 class BigInt;
19 
20 /**
21 * Interface for a credentials manager.
22 *
23 * A type is a fairly static value that represents the general nature
24 * of the transaction occurring. Currently used values are "tls-client"
25 * and "tls-server". Context represents a hostname, email address,
26 * username, or other identifier.
27 */
28 class BOTAN_DLL Credentials_Manager
29  {
30  public:
31  virtual ~Credentials_Manager() = default;
32 
33  /**
34  * Return a list of the certificates of CAs that we trust in this
35  * type/context.
36  *
37  * @param type specifies the type of operation occurring
38  *
39  * @param context specifies a context relative to type. For instance
40  * for type "tls-client", context specifies the servers name.
41  */
42  virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
43  const std::string& type,
44  const std::string& context);
45 
46  /**
47  * Return a cert chain we can use, ordered from leaf to root,
48  * or else an empty vector.
49  *
50  * It is assumed that the caller can get the private key of the
51  * leaf with private_key_for
52  *
53  * @param cert_key_types specifies the key types desired ("RSA",
54  * "DSA", "ECDSA", etc), or empty if there
55  * is no preference by the caller.
56  *
57  * @param type specifies the type of operation occurring
58  *
59  * @param context specifies a context relative to type.
60  */
61  virtual std::vector<X509_Certificate> cert_chain(
62  const std::vector<std::string>& cert_key_types,
63  const std::string& type,
64  const std::string& context);
65 
66  /**
67  * Return a cert chain we can use, ordered from leaf to root,
68  * or else an empty vector.
69  *
70  * It is assumed that the caller can get the private key of the
71  * leaf with private_key_for
72  *
73  * @param cert_key_type specifies the type of key requested
74  * ("RSA", "DSA", "ECDSA", etc)
75  *
76  * @param type specifies the type of operation occurring
77  *
78  * @param context specifies a context relative to type.
79  */
80  std::vector<X509_Certificate> cert_chain_single_type(
81  const std::string& cert_key_type,
82  const std::string& type,
83  const std::string& context);
84 
85  /**
86  * @return private key associated with this certificate if we should
87  * use it with this context. cert was returned by cert_chain
88  * @note this object should retain ownership of the returned key;
89  * it should not be deleted by the caller.
90  */
91  virtual Private_Key* private_key_for(const X509_Certificate& cert,
92  const std::string& type,
93  const std::string& context);
94 
95  /**
96  * @param type specifies the type of operation occurring
97  * @param context specifies a context relative to type.
98  * @return true if we should attempt SRP authentication
99  */
100  virtual bool attempt_srp(const std::string& type,
101  const std::string& context);
102 
103  /**
104  * @param type specifies the type of operation occurring
105  * @param context specifies a context relative to type.
106  * @return identifier for client-side SRP auth, if available
107  for this type/context. Should return empty string
108  if password auth not desired/available.
109  */
110  virtual std::string srp_identifier(const std::string& type,
111  const std::string& context);
112 
113  /**
114  * @param type specifies the type of operation occurring
115  * @param context specifies a context relative to type.
116  * @param identifier specifies what identifier we want the
117  * password for. This will be a value previously returned
118  * by srp_identifier.
119  * @return password for client-side SRP auth, if available
120  for this identifier/type/context.
121  */
122  virtual std::string srp_password(const std::string& type,
123  const std::string& context,
124  const std::string& identifier);
125 
126  /**
127  * Retrieve SRP verifier parameters
128  */
129  virtual bool srp_verifier(const std::string& type,
130  const std::string& context,
131  const std::string& identifier,
132  std::string& group_name,
133  BigInt& verifier,
134  std::vector<uint8_t>& salt,
135  bool generate_fake_on_unknown);
136 
137  /**
138  * @param type specifies the type of operation occurring
139  * @param context specifies a context relative to type.
140  * @return the PSK identity hint for this type/context
141  */
142  virtual std::string psk_identity_hint(const std::string& type,
143  const std::string& context);
144 
145  /**
146  * @param type specifies the type of operation occurring
147  * @param context specifies a context relative to type.
148  * @param identity_hint was passed by the server (but may be empty)
149  * @return the PSK identity we want to use
150  */
151  virtual std::string psk_identity(const std::string& type,
152  const std::string& context,
153  const std::string& identity_hint);
154 
155  /**
156  * @param type specifies the type of operation occurring
157  * @param context specifies a context relative to type.
158  * @param identity is a PSK identity previously returned by
159  psk_identity for the same type and context.
160  * @return the PSK used for identity, or throw an exception if no
161  * key exists
162  */
163  virtual SymmetricKey psk(const std::string& type,
164  const std::string& context,
165  const std::string& identity);
166  };
167 
168 }
169 
170 #endif
MechanismType type
Definition: alg_id.cpp:13