Botan
1.11.15
|
#include <credentials_manager.h>
Public Member Functions | |
virtual bool | attempt_srp (const std::string &type, const std::string &context) |
virtual std::vector < X509_Certificate > | cert_chain (const std::vector< std::string > &cert_key_types, const std::string &type, const std::string &context) |
std::vector< X509_Certificate > | cert_chain_single_type (const std::string &cert_key_type, const std::string &type, const std::string &context) |
virtual Private_Key * | private_key_for (const X509_Certificate &cert, const std::string &type, const std::string &context) |
virtual SymmetricKey | psk (const std::string &type, const std::string &context, const std::string &identity) |
virtual std::string | psk_identity (const std::string &type, const std::string &context, const std::string &identity_hint) |
virtual std::string | psk_identity_hint (const std::string &type, const std::string &context) |
virtual std::string | srp_identifier (const std::string &type, const std::string &context) |
virtual std::string | srp_password (const std::string &type, const std::string &context, const std::string &identifier) |
virtual bool | srp_verifier (const std::string &type, const std::string &context, const std::string &identifier, std::string &group_name, BigInt &verifier, std::vector< byte > &salt, bool generate_fake_on_unknown) |
virtual std::vector < Certificate_Store * > | trusted_certificate_authorities (const std::string &type, const std::string &context) |
virtual void | verify_certificate_chain (const std::string &type, const std::string &hostname, const std::vector< X509_Certificate > &cert_chain) |
virtual | ~Credentials_Manager () |
Interface for a credentials manager.
A type is a fairly static value that represents the general nature of the transaction occuring. Currently used values are "tls-client" and "tls-server". Context represents a hostname, email address, username, or other identifier.
Definition at line 28 of file credentials_manager.h.
virtual Botan::Credentials_Manager::~Credentials_Manager | ( | ) | [inline, virtual] |
Definition at line 31 of file credentials_manager.h.
{}
bool Botan::Credentials_Manager::attempt_srp | ( | const std::string & | type, |
const std::string & | context | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
Definition at line 33 of file credentials_manager.cpp.
{ return false; }
std::vector< X509_Certificate > Botan::Credentials_Manager::cert_chain | ( | const std::vector< std::string > & | cert_key_types, |
const std::string & | type, | ||
const std::string & | context | ||
) | [virtual] |
Return a cert chain we can use, ordered from leaf to root, or else an empty vector.
It is assumed that the caller can get the private key of the leaf with private_key_for
cert_key_types | specifies the key types desired ("RSA", "DSA", "ECDSA", etc), or empty if there is no preference by the caller. |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
Definition at line 63 of file credentials_manager.cpp.
Referenced by cert_chain_single_type().
{
return std::vector<X509_Certificate>();
}
std::vector< X509_Certificate > Botan::Credentials_Manager::cert_chain_single_type | ( | const std::string & | cert_key_type, |
const std::string & | type, | ||
const std::string & | context | ||
) |
Return a cert chain we can use, ordered from leaf to root, or else an empty vector.
It is assumed that the caller can get the private key of the leaf with private_key_for
cert_key_type | specifies the type of key requested ("RSA", "DSA", "ECDSA", etc) |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
Definition at line 71 of file credentials_manager.cpp.
References cert_chain().
{ std::vector<std::string> cert_types; cert_types.push_back(cert_key_type); return cert_chain(cert_types, type, context); }
Private_Key * Botan::Credentials_Manager::private_key_for | ( | const X509_Certificate & | cert, |
const std::string & | type, | ||
const std::string & | context | ||
) | [virtual] |
Definition at line 81 of file credentials_manager.cpp.
{ return nullptr; }
SymmetricKey Botan::Credentials_Manager::psk | ( | const std::string & | type, |
const std::string & | context, | ||
const std::string & | identity | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
identity | is a PSK identity previously returned by psk_identity for the same type and context. |
Definition at line 26 of file credentials_manager.cpp.
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().
{ throw Internal_Error("No PSK set for identity " + identity); }
std::string Botan::Credentials_Manager::psk_identity | ( | const std::string & | type, |
const std::string & | context, | ||
const std::string & | identity_hint | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
identity_hint | was passed by the server (but may be empty) |
Definition at line 19 of file credentials_manager.cpp.
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().
{ return ""; }
std::string Botan::Credentials_Manager::psk_identity_hint | ( | const std::string & | type, |
const std::string & | context | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
Definition at line 13 of file credentials_manager.cpp.
Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().
{ return ""; }
std::string Botan::Credentials_Manager::srp_identifier | ( | const std::string & | type, |
const std::string & | context | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
Definition at line 39 of file credentials_manager.cpp.
Referenced by Botan::TLS::Client::Client(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().
{ return ""; }
std::string Botan::Credentials_Manager::srp_password | ( | const std::string & | type, |
const std::string & | context, | ||
const std::string & | identifier | ||
) | [virtual] |
type | specifies the type of operation occuring |
context | specifies a context relative to type. |
identifier | specifies what identifier we want the password for. This will be a value previously returned by srp_identifier. |
Definition at line 45 of file credentials_manager.cpp.
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().
{ return ""; }
bool Botan::Credentials_Manager::srp_verifier | ( | const std::string & | type, |
const std::string & | context, | ||
const std::string & | identifier, | ||
std::string & | group_name, | ||
BigInt & | verifier, | ||
std::vector< byte > & | salt, | ||
bool | generate_fake_on_unknown | ||
) | [virtual] |
Retrieve SRP verifier parameters
Definition at line 52 of file credentials_manager.cpp.
Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().
{ return false; }
std::vector< Certificate_Store * > Botan::Credentials_Manager::trusted_certificate_authorities | ( | const std::string & | type, |
const std::string & | context | ||
) | [virtual] |
Return a list of the certificates of CAs that we trust in this type/context.
type | specifies the type of operation occuring |
context | specifies a context relative to type. For instance for type "tls-client", context specifies the servers name. |
Definition at line 89 of file credentials_manager.cpp.
Referenced by verify_certificate_chain().
{
return std::vector<Certificate_Store*>();
}
void Botan::Credentials_Manager::verify_certificate_chain | ( | const std::string & | type, |
const std::string & | hostname, | ||
const std::vector< X509_Certificate > & | cert_chain | ||
) | [virtual] |
Check the certificate chain is valid up to a trusted root, and optionally (if hostname != "") that the hostname given is consistent with the leaf certificate.
This function should throw an exception derived from std::exception with an informative what() result if the certificate chain cannot be verified.
type | specifies the type of operation occuring |
hostname | specifies the purported hostname |
cert_chain | specifies a certificate chain leading to a trusted root CA certificate. |
Definition at line 109 of file credentials_manager.cpp.
References trusted_certificate_authorities(), and Botan::x509_path_validate().
{ if(cert_chain.empty()) throw std::invalid_argument("Certificate chain was empty"); auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname); Path_Validation_Restrictions restrictions; auto result = x509_path_validate(cert_chain, restrictions, trusted_CAs); if(!result.successful_validation()) throw std::runtime_error("Certificate validation failure: " + result.result_string()); if(!cert_in_some_store(trusted_CAs, result.trust_root())) throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname)) throw std::runtime_error("Certificate did not match hostname"); }