aboutsummaryrefslogtreecommitdiffstats
path: root/src/credentials/credentials_manager.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-23 23:36:19 +0000
committerlloyd <[email protected]>2012-01-23 23:36:19 +0000
commitf34cc48100c672824aa70869adfb59669055d173 (patch)
tree6cbcd0d984b1a38b8024cf3b0642edc2a0498368 /src/credentials/credentials_manager.h
parente3dc1e69f53f93e03411f258e976d2befcf45f91 (diff)
The credentials manager interface seems a much better place for cert
checking, allowed client auth CAs, etc than the policy class. With this change, most users won't ever need to modify the default policy which is likely a good thing. Remove copy and paste of the credentials manager implemenation in the examples.
Diffstat (limited to 'src/credentials/credentials_manager.h')
-rw-r--r--src/credentials/credentials_manager.h27
1 files changed, 26 insertions, 1 deletions
diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h
index 43bccec69..fdcfa74da 100644
--- a/src/credentials/credentials_manager.h
+++ b/src/credentials/credentials_manager.h
@@ -62,6 +62,10 @@ class BOTAN_DLL Credentials_Manager
bool generate_fake_on_unknown);
/**
+ * Return a cert chain we can use, ordered from leaf to root.
+ * Assumed that we can get the private key of the leaf with
+ * private_key_for
+ *
* @param cert_key_type is a string representing the key type
* ("rsa", "dsa", "ecdsa", etc) or empty if no preference.
*/
@@ -71,8 +75,29 @@ class BOTAN_DLL Credentials_Manager
const std::string& context);
/**
+ * Return a list of the certificates of CAs that we trust in this
+ * type/context.
+ */
+ virtual std::vector<X509_Certificate> trusted_certificate_authorities(
+ const std::string& type,
+ const std::string& context);
+
+ /**
+ * Check the certificate chain is valid up to a trusted root, and
+ * optionally (if hostname != "") that the hostname given is
+ * consistent with the leaf certificate.
+ *
+ * This function should throw an exception derived from
+ * std::exception with an informative what() result if the
+ * certificate chain cannot be verified.
+ */
+ virtual void verify_certificate_chain(
+ const std::vector<X509_Certificate>& cert_chain,
+ const std::string& hostname = "");
+
+ /**
* @return private key associated with this certificate if we should
- * use it with this context
+ * use it with this context. cert was returned by cert_chain
*/
virtual Private_Key* private_key_for(const X509_Certificate& cert,
const std::string& type,