/src/botan/src/lib/tls/credentials_manager.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Credentials Manager |
3 | | * (C) 2011,2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/credentials_manager.h> |
9 | | |
10 | | #include <botan/pkix_types.h> |
11 | | #include <botan/internal/fmt.h> |
12 | | |
13 | | namespace Botan { |
14 | | |
15 | 0 | std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) { |
16 | 0 | return ""; |
17 | 0 | } |
18 | | |
19 | | std::string Credentials_Manager::psk_identity(const std::string& /*unused*/, |
20 | | const std::string& /*unused*/, |
21 | 0 | const std::string& /*unused*/) { |
22 | 0 | return ""; |
23 | 0 | } |
24 | | |
25 | | SymmetricKey Credentials_Manager::psk(const std::string& type, |
26 | | const std::string& context, |
27 | 18.8k | const std::string& identity) { |
28 | 18.8k | auto side = [&] { |
29 | 18.8k | if(type == "tls-client") { |
30 | 0 | return TLS::Connection_Side::Client; |
31 | 18.8k | } else if(type == "tls-server") { |
32 | 18.8k | return TLS::Connection_Side::Server; |
33 | 18.8k | } else { |
34 | 0 | throw Internal_Error(fmt("No PSK set for type {}", type)); |
35 | 0 | } |
36 | 18.8k | }(); |
37 | | |
38 | | // New applications should use the appropriate credentials methods. This is a |
39 | | // retrofit of the behaviour before Botan 3.2.0 and will be removed in a |
40 | | // future major release. |
41 | | // |
42 | | // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")` |
43 | 18.8k | if(side == TLS::Connection_Side::Server && context == "session-ticket") { |
44 | 147 | if(auto key = session_ticket_key(); !key.empty()) { |
45 | 147 | return SymmetricKey(std::move(key)); |
46 | 147 | } |
47 | 18.6k | } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") { |
48 | 3.99k | if(auto key = dtls_cookie_secret(); !key.empty()) { |
49 | 3.99k | return SymmetricKey(std::move(key)); |
50 | 3.99k | } |
51 | 14.7k | } else /* context is a host name */ { |
52 | | // Assuming that find_preshared_keys returns _exactly_ one or no keys when |
53 | | // searching for a single specific identity. |
54 | 14.7k | if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) { |
55 | 14.5k | return SymmetricKey(psks.front().extract_master_secret()); |
56 | 14.5k | } |
57 | 14.7k | } |
58 | | |
59 | 111 | throw Internal_Error(fmt("No PSK set for identity {}", identity)); |
60 | 18.8k | } |
61 | | |
62 | | std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */, |
63 | | TLS::Connection_Side /* whoami */, |
64 | | const std::vector<std::string>& /* identities */, |
65 | 111 | const std::optional<std::string>& /* prf */) { |
66 | 111 | return {}; |
67 | 111 | } |
68 | | |
69 | | std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host, |
70 | | TLS::Connection_Side whoami, |
71 | | const std::vector<std::string>& identities, |
72 | 0 | const std::optional<std::string>& prf) { |
73 | 0 | auto psks = find_preshared_keys(host, whoami, identities, prf); |
74 | 0 | if(psks.empty()) { |
75 | 0 | return std::nullopt; |
76 | 0 | } else { |
77 | 0 | return std::move(psks.front()); |
78 | 0 | } |
79 | 0 | } |
80 | | |
81 | | std::vector<X509_Certificate> Credentials_Manager::find_cert_chain( |
82 | | const std::vector<std::string>& key_types, |
83 | | const std::vector<AlgorithmIdentifier>& cert_signature_schemes, |
84 | | const std::vector<X509_DN>& /*unused*/, |
85 | | const std::string& type, |
86 | 64.6k | const std::string& context) { |
87 | 64.6k | return cert_chain(key_types, cert_signature_schemes, type, context); |
88 | 64.6k | } |
89 | | |
90 | | std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */, |
91 | | const std::string& /* type */, |
92 | 0 | const std::string& /* context */) { |
93 | 0 | return nullptr; |
94 | 0 | } |
95 | | |
96 | | std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/, |
97 | | const std::vector<AlgorithmIdentifier>& /*unused*/, |
98 | | const std::string& /*unused*/, |
99 | 0 | const std::string& /*unused*/) { |
100 | 0 | return std::vector<X509_Certificate>(); |
101 | 0 | } |
102 | | |
103 | | std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type( |
104 | | const std::string& cert_key_type, |
105 | | const std::vector<AlgorithmIdentifier>& cert_signature_schemes, |
106 | | const std::string& type, |
107 | 64.6k | const std::string& context) { |
108 | 64.6k | return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context); |
109 | 64.6k | } |
110 | | |
111 | | std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/, |
112 | | const std::string& /*unused*/, |
113 | 0 | const std::string& /*unused*/) { |
114 | 0 | return nullptr; |
115 | 0 | } |
116 | | |
117 | | std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */, |
118 | | const std::string& /* type */, |
119 | 0 | const std::string& /* context */) { |
120 | 0 | return nullptr; |
121 | 0 | } |
122 | | |
123 | 0 | secure_vector<uint8_t> Credentials_Manager::session_ticket_key() { |
124 | 0 | return {}; |
125 | 0 | } |
126 | | |
127 | 0 | secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() { |
128 | 0 | return {}; |
129 | 0 | } |
130 | | |
131 | | std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/, |
132 | 21.1k | const std::string& /*unused*/) { |
133 | 21.1k | return std::vector<Certificate_Store*>(); |
134 | 21.1k | } |
135 | | |
136 | | } // namespace Botan |