/src/botan/build/include/botan/credentials_manager.h
Line | Count | Source |
1 | | /* |
2 | | * Credentials Manager |
3 | | * (C) 2011,2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_CREDENTIALS_MANAGER_H_ |
9 | | #define BOTAN_CREDENTIALS_MANAGER_H_ |
10 | | |
11 | | #include <botan/pk_keys.h> |
12 | | #include <botan/x509cert.h> |
13 | | #include <botan/certstor.h> |
14 | | #include <botan/symkey.h> |
15 | | #include <string> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | class X509_DN; |
20 | | class BigInt; |
21 | | |
22 | | /** |
23 | | * Interface for a credentials manager. |
24 | | * |
25 | | * A type is a fairly static value that represents the general nature |
26 | | * of the transaction occurring. Currently used values are "tls-client" |
27 | | * and "tls-server". Context represents a hostname, email address, |
28 | | * username, or other identifier. |
29 | | */ |
30 | | class BOTAN_PUBLIC_API(2,0) Credentials_Manager |
31 | | { |
32 | | public: |
33 | 10.1k | virtual ~Credentials_Manager() = default; |
34 | | |
35 | | /** |
36 | | * Return a list of the certificates of CAs that we trust in this |
37 | | * type/context. |
38 | | * |
39 | | * @param type specifies the type of operation occurring |
40 | | * |
41 | | * @param context specifies a context relative to type. For instance |
42 | | * for type "tls-client", context specifies the servers name. |
43 | | */ |
44 | | virtual std::vector<Certificate_Store*> trusted_certificate_authorities( |
45 | | const std::string& type, |
46 | | const std::string& context); |
47 | | |
48 | | /** |
49 | | * Return a cert chain we can use, ordered from leaf to root, |
50 | | * or else an empty vector. |
51 | | * |
52 | | * It is assumed that the caller can get the private key of the |
53 | | * leaf with private_key_for |
54 | | * |
55 | | * @param cert_key_types specifies the key types desired ("RSA", |
56 | | * "DSA", "ECDSA", etc), or empty if there |
57 | | * is no preference by the caller. |
58 | | * |
59 | | * @param acceptable_CAs the CAs the requestor will accept (possibly empty) |
60 | | * @param type specifies the type of operation occurring |
61 | | * @param context specifies a context relative to type. |
62 | | */ |
63 | | virtual std::vector<X509_Certificate> find_cert_chain( |
64 | | const std::vector<std::string>& cert_key_types, |
65 | | const std::vector<X509_DN>& acceptable_CAs, |
66 | | const std::string& type, |
67 | | const std::string& context); |
68 | | |
69 | | /** |
70 | | * Return a cert chain we can use, ordered from leaf to root, |
71 | | * or else an empty vector. |
72 | | * |
73 | | * This virtual function is deprecated, and will be removed in a |
74 | | * future release. Use (and override) find_cert_chain instead. |
75 | | * |
76 | | * It is assumed that the caller can get the private key of the |
77 | | * leaf with private_key_for |
78 | | * |
79 | | * @param cert_key_types specifies the key types desired ("RSA", |
80 | | * "DSA", "ECDSA", etc), or empty if there |
81 | | * is no preference by the caller. |
82 | | * |
83 | | * @param type specifies the type of operation occurring |
84 | | * |
85 | | * @param context specifies a context relative to type. |
86 | | */ |
87 | | virtual std::vector<X509_Certificate> cert_chain( |
88 | | const std::vector<std::string>& cert_key_types, |
89 | | const std::string& type, |
90 | | const std::string& context); |
91 | | |
92 | | /** |
93 | | * Return a cert chain we can use, ordered from leaf to root, |
94 | | * or else an empty vector. |
95 | | * |
96 | | * It is assumed that the caller can get the private key of the |
97 | | * leaf with private_key_for |
98 | | * |
99 | | * @param cert_key_type specifies the type of key requested |
100 | | * ("RSA", "DSA", "ECDSA", etc) |
101 | | * |
102 | | * @param type specifies the type of operation occurring |
103 | | * |
104 | | * @param context specifies a context relative to type. |
105 | | */ |
106 | | std::vector<X509_Certificate> cert_chain_single_type( |
107 | | const std::string& cert_key_type, |
108 | | const std::string& type, |
109 | | const std::string& context); |
110 | | |
111 | | /** |
112 | | * @return private key associated with this certificate if we should |
113 | | * use it with this context. cert was returned by cert_chain |
114 | | * @note this object should retain ownership of the returned key; |
115 | | * it should not be deleted by the caller. |
116 | | */ |
117 | | virtual Private_Key* private_key_for(const X509_Certificate& cert, |
118 | | const std::string& type, |
119 | | const std::string& context); |
120 | | |
121 | | /** |
122 | | * @param type specifies the type of operation occurring |
123 | | * @param context specifies a context relative to type. |
124 | | * @return true if we should attempt SRP authentication |
125 | | */ |
126 | | virtual bool attempt_srp(const std::string& type, |
127 | | const std::string& context); |
128 | | |
129 | | /** |
130 | | * @param type specifies the type of operation occurring |
131 | | * @param context specifies a context relative to type. |
132 | | * @return identifier for client-side SRP auth, if available |
133 | | for this type/context. Should return empty string |
134 | | if password auth not desired/available. |
135 | | */ |
136 | | virtual std::string srp_identifier(const std::string& type, |
137 | | const std::string& context); |
138 | | |
139 | | /** |
140 | | * @param type specifies the type of operation occurring |
141 | | * @param context specifies a context relative to type. |
142 | | * @param identifier specifies what identifier we want the |
143 | | * password for. This will be a value previously returned |
144 | | * by srp_identifier. |
145 | | * @return password for client-side SRP auth, if available |
146 | | for this identifier/type/context. |
147 | | */ |
148 | | virtual std::string srp_password(const std::string& type, |
149 | | const std::string& context, |
150 | | const std::string& identifier); |
151 | | |
152 | | /** |
153 | | * Retrieve SRP verifier parameters |
154 | | */ |
155 | | virtual bool srp_verifier(const std::string& type, |
156 | | const std::string& context, |
157 | | const std::string& identifier, |
158 | | std::string& group_name, |
159 | | BigInt& verifier, |
160 | | std::vector<uint8_t>& salt, |
161 | | bool generate_fake_on_unknown); |
162 | | |
163 | | /** |
164 | | * @param type specifies the type of operation occurring |
165 | | * @param context specifies a context relative to type. |
166 | | * @return the PSK identity hint for this type/context |
167 | | */ |
168 | | virtual std::string psk_identity_hint(const std::string& type, |
169 | | const std::string& context); |
170 | | |
171 | | /** |
172 | | * @param type specifies the type of operation occurring |
173 | | * @param context specifies a context relative to type. |
174 | | * @param identity_hint was passed by the server (but may be empty) |
175 | | * @return the PSK identity we want to use |
176 | | */ |
177 | | virtual std::string psk_identity(const std::string& type, |
178 | | const std::string& context, |
179 | | const std::string& identity_hint); |
180 | | |
181 | | /** |
182 | | * @param type specifies the type of operation occurring |
183 | | * @param context specifies a context relative to type. |
184 | | * @param identity is a PSK identity previously returned by |
185 | | psk_identity for the same type and context. |
186 | | * @return the PSK used for identity, or throw an exception if no |
187 | | * key exists |
188 | | */ |
189 | | virtual SymmetricKey psk(const std::string& type, |
190 | | const std::string& context, |
191 | | const std::string& identity); |
192 | | }; |
193 | | |
194 | | } |
195 | | |
196 | | #endif |