Botan  1.11.15
Public Member Functions
Botan::Credentials_Manager Class Reference

#include <credentials_manager.h>

List of all members.

Public Member Functions

virtual bool attempt_srp (const std::string &type, const std::string &context)
virtual std::vector
< X509_Certificate
cert_chain (const std::vector< std::string > &cert_key_types, const std::string &type, const std::string &context)
std::vector< X509_Certificatecert_chain_single_type (const std::string &cert_key_type, const std::string &type, const std::string &context)
virtual Private_Keyprivate_key_for (const X509_Certificate &cert, const std::string &type, const std::string &context)
virtual SymmetricKey psk (const std::string &type, const std::string &context, const std::string &identity)
virtual std::string psk_identity (const std::string &type, const std::string &context, const std::string &identity_hint)
virtual std::string psk_identity_hint (const std::string &type, const std::string &context)
virtual std::string srp_identifier (const std::string &type, const std::string &context)
virtual std::string srp_password (const std::string &type, const std::string &context, const std::string &identifier)
virtual bool srp_verifier (const std::string &type, const std::string &context, const std::string &identifier, std::string &group_name, BigInt &verifier, std::vector< byte > &salt, bool generate_fake_on_unknown)
virtual std::vector
< Certificate_Store * > 
trusted_certificate_authorities (const std::string &type, const std::string &context)
virtual void verify_certificate_chain (const std::string &type, const std::string &hostname, const std::vector< X509_Certificate > &cert_chain)
virtual ~Credentials_Manager ()

Detailed Description

Interface for a credentials manager.

A type is a fairly static value that represents the general nature of the transaction occuring. Currently used values are "tls-client" and "tls-server". Context represents a hostname, email address, username, or other identifier.

Definition at line 28 of file credentials_manager.h.


Constructor & Destructor Documentation

virtual Botan::Credentials_Manager::~Credentials_Manager ( ) [inline, virtual]

Definition at line 31 of file credentials_manager.h.

{}

Member Function Documentation

bool Botan::Credentials_Manager::attempt_srp ( const std::string &  type,
const std::string &  context 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
Returns:
true if we should attempt SRP authentication

Definition at line 33 of file credentials_manager.cpp.

   {
   return false;
   }
std::vector< X509_Certificate > Botan::Credentials_Manager::cert_chain ( const std::vector< std::string > &  cert_key_types,
const std::string &  type,
const std::string &  context 
) [virtual]

Return a cert chain we can use, ordered from leaf to root, or else an empty vector.

It is assumed that the caller can get the private key of the leaf with private_key_for

Parameters:
cert_key_typesspecifies the key types desired ("RSA", "DSA", "ECDSA", etc), or empty if there is no preference by the caller.
typespecifies the type of operation occuring
contextspecifies a context relative to type.

Definition at line 63 of file credentials_manager.cpp.

Referenced by cert_chain_single_type().

   {
   return std::vector<X509_Certificate>();
   }
std::vector< X509_Certificate > Botan::Credentials_Manager::cert_chain_single_type ( const std::string &  cert_key_type,
const std::string &  type,
const std::string &  context 
)

Return a cert chain we can use, ordered from leaf to root, or else an empty vector.

It is assumed that the caller can get the private key of the leaf with private_key_for

Parameters:
cert_key_typespecifies the type of key requested ("RSA", "DSA", "ECDSA", etc)
typespecifies the type of operation occuring
contextspecifies a context relative to type.

Definition at line 71 of file credentials_manager.cpp.

References cert_chain().

   {
   std::vector<std::string> cert_types;
   cert_types.push_back(cert_key_type);
   return cert_chain(cert_types, type, context);
   }
Private_Key * Botan::Credentials_Manager::private_key_for ( const X509_Certificate cert,
const std::string &  type,
const std::string &  context 
) [virtual]
Returns:
private key associated with this certificate if we should use it with this context. cert was returned by cert_chain
Note:
this object should retain ownership of the returned key; it should not be deleted by the caller.

Definition at line 81 of file credentials_manager.cpp.

   {
   return nullptr;
   }
SymmetricKey Botan::Credentials_Manager::psk ( const std::string &  type,
const std::string &  context,
const std::string &  identity 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
identityis a PSK identity previously returned by psk_identity for the same type and context.
Returns:
the PSK used for identity, or throw an exception if no key exists

Definition at line 26 of file credentials_manager.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   throw Internal_Error("No PSK set for identity " + identity);
   }
std::string Botan::Credentials_Manager::psk_identity ( const std::string &  type,
const std::string &  context,
const std::string &  identity_hint 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
identity_hintwas passed by the server (but may be empty)
Returns:
the PSK identity we want to use

Definition at line 19 of file credentials_manager.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   return "";
   }
std::string Botan::Credentials_Manager::psk_identity_hint ( const std::string &  type,
const std::string &  context 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
Returns:
the PSK identity hint for this type/context

Definition at line 13 of file credentials_manager.cpp.

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

   {
   return "";
   }
std::string Botan::Credentials_Manager::srp_identifier ( const std::string &  type,
const std::string &  context 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
Returns:
identifier for client-side SRP auth, if available for this type/context. Should return empty string if password auth not desired/available.

Definition at line 39 of file credentials_manager.cpp.

Referenced by Botan::TLS::Client::Client(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   return "";
   }
std::string Botan::Credentials_Manager::srp_password ( const std::string &  type,
const std::string &  context,
const std::string &  identifier 
) [virtual]
Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type.
identifierspecifies what identifier we want the password for. This will be a value previously returned by srp_identifier.
Returns:
password for client-side SRP auth, if available for this identifier/type/context.

Definition at line 45 of file credentials_manager.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

   {
   return "";
   }
bool Botan::Credentials_Manager::srp_verifier ( const std::string &  type,
const std::string &  context,
const std::string &  identifier,
std::string &  group_name,
BigInt verifier,
std::vector< byte > &  salt,
bool  generate_fake_on_unknown 
) [virtual]

Retrieve SRP verifier parameters

Definition at line 52 of file credentials_manager.cpp.

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

   {
   return false;
   }
std::vector< Certificate_Store * > Botan::Credentials_Manager::trusted_certificate_authorities ( const std::string &  type,
const std::string &  context 
) [virtual]

Return a list of the certificates of CAs that we trust in this type/context.

Parameters:
typespecifies the type of operation occuring
contextspecifies a context relative to type. For instance for type "tls-client", context specifies the servers name.

Definition at line 89 of file credentials_manager.cpp.

Referenced by verify_certificate_chain().

   {
   return std::vector<Certificate_Store*>();
   }
void Botan::Credentials_Manager::verify_certificate_chain ( const std::string &  type,
const std::string &  hostname,
const std::vector< X509_Certificate > &  cert_chain 
) [virtual]

Check the certificate chain is valid up to a trusted root, and optionally (if hostname != "") that the hostname given is consistent with the leaf certificate.

This function should throw an exception derived from std::exception with an informative what() result if the certificate chain cannot be verified.

Parameters:
typespecifies the type of operation occuring
hostnamespecifies the purported hostname
cert_chainspecifies a certificate chain leading to a trusted root CA certificate.

Definition at line 109 of file credentials_manager.cpp.

References trusted_certificate_authorities(), and Botan::x509_path_validate().

   {
   if(cert_chain.empty())
      throw std::invalid_argument("Certificate chain was empty");

   auto trusted_CAs = trusted_certificate_authorities(type, purported_hostname);

   Path_Validation_Restrictions restrictions;

   auto result = x509_path_validate(cert_chain,
                                    restrictions,
                                    trusted_CAs);

   if(!result.successful_validation())
      throw std::runtime_error("Certificate validation failure: " + result.result_string());

   if(!cert_in_some_store(trusted_CAs, result.trust_root()))
      throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");

   if(purported_hostname != "" && !cert_chain[0].matches_dns_name(purported_hostname))
      throw std::runtime_error("Certificate did not match hostname");
   }

The documentation for this class was generated from the following files: