Coverage Report

Created: 2024-03-10 06:18

/src/botan/src/lib/tls/credentials_manager.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Credentials Manager
3
* (C) 2011,2012 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/credentials_manager.h>
9
10
#include <botan/pkix_types.h>
11
#include <botan/internal/fmt.h>
12
13
namespace Botan {
14
15
0
std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
16
0
   return "";
17
0
}
18
19
std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
20
                                              const std::string& /*unused*/,
21
0
                                              const std::string& /*unused*/) {
22
0
   return "";
23
0
}
24
25
SymmetricKey Credentials_Manager::psk(const std::string& type,
26
                                      const std::string& context,
27
18.8k
                                      const std::string& identity) {
28
18.8k
   auto side = [&] {
29
18.8k
      if(type == "tls-client") {
30
0
         return TLS::Connection_Side::Client;
31
18.8k
      } else if(type == "tls-server") {
32
18.8k
         return TLS::Connection_Side::Server;
33
18.8k
      } else {
34
0
         throw Internal_Error(fmt("No PSK set for type {}", type));
35
0
      }
36
18.8k
   }();
37
38
   // New applications should use the appropriate credentials methods. This is a
39
   // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
40
   // future major release.
41
   //
42
   // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
43
18.8k
   if(side == TLS::Connection_Side::Server && context == "session-ticket") {
44
147
      if(auto key = session_ticket_key(); !key.empty()) {
45
147
         return SymmetricKey(std::move(key));
46
147
      }
47
18.6k
   } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
48
3.99k
      if(auto key = dtls_cookie_secret(); !key.empty()) {
49
3.99k
         return SymmetricKey(std::move(key));
50
3.99k
      }
51
14.7k
   } else /* context is a host name */ {
52
      // Assuming that find_preshared_keys returns _exactly_ one or no keys when
53
      // searching for a single specific identity.
54
14.7k
      if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
55
14.5k
         return SymmetricKey(psks.front().extract_master_secret());
56
14.5k
      }
57
14.7k
   }
58
59
111
   throw Internal_Error(fmt("No PSK set for identity {}", identity));
60
18.8k
}
61
62
std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
63
                                                                       TLS::Connection_Side /* whoami */,
64
                                                                       const std::vector<std::string>& /* identities */,
65
111
                                                                       const std::optional<std::string>& /* prf */) {
66
111
   return {};
67
111
}
68
69
std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
70
                                                                          TLS::Connection_Side whoami,
71
                                                                          const std::vector<std::string>& identities,
72
0
                                                                          const std::optional<std::string>& prf) {
73
0
   auto psks = find_preshared_keys(host, whoami, identities, prf);
74
0
   if(psks.empty()) {
75
0
      return std::nullopt;
76
0
   } else {
77
0
      return std::move(psks.front());
78
0
   }
79
0
}
80
81
std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
82
   const std::vector<std::string>& key_types,
83
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
84
   const std::vector<X509_DN>& /*unused*/,
85
   const std::string& type,
86
64.6k
   const std::string& context) {
87
64.6k
   return cert_chain(key_types, cert_signature_schemes, type, context);
88
64.6k
}
89
90
std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,
91
                                                                     const std::string& /* type */,
92
0
                                                                     const std::string& /* context */) {
93
0
   return nullptr;
94
0
}
95
96
std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
97
                                                              const std::vector<AlgorithmIdentifier>& /*unused*/,
98
                                                              const std::string& /*unused*/,
99
0
                                                              const std::string& /*unused*/) {
100
0
   return std::vector<X509_Certificate>();
101
0
}
102
103
std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
104
   const std::string& cert_key_type,
105
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
106
   const std::string& type,
107
64.6k
   const std::string& context) {
108
64.6k
   return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
109
64.6k
}
110
111
std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
112
                                                                  const std::string& /*unused*/,
113
0
                                                                  const std::string& /*unused*/) {
114
0
   return nullptr;
115
0
}
116
117
std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,
118
                                                                  const std::string& /* type */,
119
0
                                                                  const std::string& /* context */) {
120
0
   return nullptr;
121
0
}
122
123
0
secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
124
0
   return {};
125
0
}
126
127
0
secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
128
0
   return {};
129
0
}
130
131
std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
132
21.1k
                                                                                     const std::string& /*unused*/) {
133
21.1k
   return std::vector<Certificate_Store*>();
134
21.1k
}
135
136
}  // namespace Botan