/src/botan/src/lib/tls/credentials_manager.cpp

Source (jump to first uncovered line)
/*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/credentials_manager.h>

#include <botan/pkix_types.h>
#include <botan/internal/fmt.h>

namespace Botan {

std::string Credentials_Manager::psk_identity_hint(const std::string& /*unused*/, const std::string& /*unused*/) {
   return "";
}

std::string Credentials_Manager::psk_identity(const std::string& /*unused*/,
                                              const std::string& /*unused*/,
                                              const std::string& /*unused*/) {
   return "";
}

SymmetricKey Credentials_Manager::psk(const std::string& type,
                                      const std::string& context,
                                      const std::string& identity) {
   auto side = [&] {
      if(type == "tls-client") {
         return TLS::Connection_Side::Client;
      } else if(type == "tls-server") {
         return TLS::Connection_Side::Server;
      } else {
         throw Internal_Error(fmt("No PSK set for type {}", type));
      }
   }();

   // New applications should use the appropriate credentials methods. This is a
   // retrofit of the behaviour before Botan 3.2.0 and will be removed in a
   // future major release.
   //
   // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")`
   if(side == TLS::Connection_Side::Server && context == "session-ticket") {
      if(auto key = session_ticket_key(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
      if(auto key = dtls_cookie_secret(); !key.empty()) {
         return SymmetricKey(std::move(key));
      }
   } else /* context is a host name */ {
      // Assuming that find_preshared_keys returns _exactly_ one or no keys when
      // searching for a single specific identity.
      if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
         return SymmetricKey(psks.front().extract_master_secret());
      }
   }

   throw Internal_Error(fmt("No PSK set for identity {}", identity));
}

std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
                                                                       TLS::Connection_Side /* whoami */,
                                                                       const std::vector<std::string>& /* identities */,
                                                                       const std::optional<std::string>& /* prf */) {
   return {};
}

std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
                                                                          TLS::Connection_Side whoami,
                                                                          const std::vector<std::string>& identities,
                                                                          const std::optional<std::string>& prf) {
   auto psks = find_preshared_keys(host, whoami, identities, prf);
   if(psks.empty()) {
      return std::nullopt;
   } else {
      return std::move(psks.front());
   }
}

std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
   const std::vector<std::string>& key_types,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::vector<X509_DN>& /*unused*/,
   const std::string& type,
   const std::string& context) {
   return cert_chain(key_types, cert_signature_schemes, type, context);
}

std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,
                                                                     const std::string& /* type */,
                                                                     const std::string& /* context */) {
   return nullptr;
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /*unused*/,
                                                              const std::vector<AlgorithmIdentifier>& /*unused*/,
                                                              const std::string& /*unused*/,
                                                              const std::string& /*unused*/) {
   return std::vector<X509_Certificate>();
}

std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
   const std::string& cert_key_type,
   const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
   const std::string& type,
   const std::string& context) {
   return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /*unused*/,
                                                                  const std::string& /*unused*/,
                                                                  const std::string& /*unused*/) {
   return nullptr;
}

std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,
                                                                  const std::string& /* type */,
                                                                  const std::string& /* context */) {
   return nullptr;
}

secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
   return {};
}

secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
   return {};
}

std::vector<Certificate_Store*> Credentials_Manager::trusted_certificate_authorities(const std::string& /*unused*/,
                                                                                     const std::string& /*unused*/) {
   return std::vector<Certificate_Store*>();
}

}  // namespace Botan

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Credentials Manager
3		* (C) 2011,2012 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/credentials_manager.h>
9
10		#include <botan/pkix_types.h>
11		#include <botan/internal/fmt.h>
12
13		namespace Botan {
14
15	0	std::string Credentials_Manager::psk_identity_hint(const std::string& /unused/, const std::string& /unused/) {
16	0	return "";
17	0	}
18
19		std::string Credentials_Manager::psk_identity(const std::string& /unused/,
20		const std::string& /unused/,
21	0	const std::string& /unused/) {
22	0	return "";
23	0	}
24
25		SymmetricKey Credentials_Manager::psk(const std::string& type,
26		const std::string& context,
27	18.8k	const std::string& identity) {
28	18.8k	auto side = [&] {
29	18.8k	if(type == "tls-client") {
30	0	return TLS::Connection_Side::Client;
31	18.8k	} else if(type == "tls-server") {
32	18.8k	return TLS::Connection_Side::Server;
33	18.8k	} else {
34	0	throw Internal_Error(fmt("No PSK set for type {}", type));
35	0	}
36	18.8k	}();
37
38		// New applications should use the appropriate credentials methods. This is a
39		// retrofit of the behaviour before Botan 3.2.0 and will be removed in a
40		// future major release.
41		//
42		// TODO: deprecate `psk("...", "session-ticket" \| "dtls-cookie-secret")`
43	18.8k	if(side == TLS::Connection_Side::Server && context == "session-ticket") {
44	147	if(auto key = session_ticket_key(); !key.empty()) {
45	147	return SymmetricKey(std::move(key));
46	147	}
47	18.6k	} else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") {
48	3.99k	if(auto key = dtls_cookie_secret(); !key.empty()) {
49	3.99k	return SymmetricKey(std::move(key));
50	3.99k	}
51	14.7k	} else /* context is a host name */ {
52		// Assuming that find_preshared_keys returns _exactly_ one or no keys when
53		// searching for a single specific identity.
54	14.7k	if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) {
55	14.5k	return SymmetricKey(psks.front().extract_master_secret());
56	14.5k	}
57	14.7k	}
58
59	111	throw Internal_Error(fmt("No PSK set for identity {}", identity));
60	18.8k	}
61
62		std::vector<TLS::ExternalPSK> Credentials_Manager::find_preshared_keys(std::string_view /* host */,
63		TLS::Connection_Side /* whoami */,
64		const std::vector<std::string>& /* identities */,
65	111	const std::optional<std::string>& /* prf */) {
66	111	return {};
67	111	}
68
69		std::optional<TLS::ExternalPSK> Credentials_Manager::choose_preshared_key(std::string_view host,
70		TLS::Connection_Side whoami,
71		const std::vector<std::string>& identities,
72	0	const std::optional<std::string>& prf) {
73	0	auto psks = find_preshared_keys(host, whoami, identities, prf);
74	0	if(psks.empty()) {
75	0	return std::nullopt;
76	0	} else {
77	0	return std::move(psks.front());
78	0	}
79	0	}
80
81		std::vector<X509_Certificate> Credentials_Manager::find_cert_chain(
82		const std::vector<std::string>& key_types,
83		const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
84		const std::vector<X509_DN>& /unused/,
85		const std::string& type,
86	64.6k	const std::string& context) {
87	64.6k	return cert_chain(key_types, cert_signature_schemes, type, context);
88	64.6k	}
89
90		std::shared_ptr<Public_Key> Credentials_Manager::find_raw_public_key(const std::vector<std::string>& /* key_types */,
91		const std::string& /* type */,
92	0	const std::string& /* context */) {
93	0	return nullptr;
94	0	}
95
96		std::vector<X509_Certificate> Credentials_Manager::cert_chain(const std::vector<std::string>& /unused/,
97		const std::vector<AlgorithmIdentifier>& /unused/,
98		const std::string& /unused/,
99	0	const std::string& /unused/) {
100	0	return std::vector<X509_Certificate>();
101	0	}
102
103		std::vector<X509_Certificate> Credentials_Manager::cert_chain_single_type(
104		const std::string& cert_key_type,
105		const std::vector<AlgorithmIdentifier>& cert_signature_schemes,
106		const std::string& type,
107	64.6k	const std::string& context) {
108	64.6k	return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector<X509_DN>(), type, context);
109	64.6k	}
110
111		std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const X509_Certificate& /unused/,
112		const std::string& /unused/,
113	0	const std::string& /unused/) {
114	0	return nullptr;
115	0	}
116
117		std::shared_ptr<Private_Key> Credentials_Manager::private_key_for(const Public_Key& /* raw_public_key */,
118		const std::string& /* type */,
119	0	const std::string& /* context */) {
120	0	return nullptr;
121	0	}
122
123	0	secure_vector<uint8_t> Credentials_Manager::session_ticket_key() {
124	0	return {};
125	0	}
126
127	0	secure_vector<uint8_t> Credentials_Manager::dtls_cookie_secret() {
128	0	return {};
129	0	}
130
131		std::vector<Certificate_Store> Credentials_Manager::trusted_certificate_authorities(const std::string& /unused*/,
132	21.1k	const std::string& /unused/) {
133	21.1k	return std::vector<Certificate_Store*>();
134	21.1k	}
135
136		} // namespace Botan

Coverage Report

Created: 2024-03-10 06:18