diff options
-rw-r--r-- | src/credentials/credentials_manager.h | 135 |
1 files changed, 69 insertions, 66 deletions
diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 57ebd8b38..9ae978048 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -29,24 +29,68 @@ class BOTAN_DLL Credentials_Manager public: virtual ~Credentials_Manager() {} - virtual std::string psk_identity_hint(const std::string& type, - const std::string& context); + /** + * Return a list of the certificates of CAs that we trust in this + * type/context. + */ + virtual std::vector<X509_Certificate> trusted_certificate_authorities( + const std::string& type, + const std::string& context); /** - * @param identity_hint was passed by the server (but may be empty) - * @return the PSK identity we want to use + * Check the certificate chain is valid up to a trusted root, and + * optionally (if hostname != "") that the hostname given is + * consistent with the leaf certificate. + * + * This function should throw an exception derived from + * std::exception with an informative what() result if the + * certificate chain cannot be verified. */ - virtual std::string psk_identity(const std::string& type, - const std::string& context, - const std::string& identity_hint); + virtual void verify_certificate_chain( + const std::string& type, + const std::string& hostname, + const std::vector<X509_Certificate>& cert_chain); /** - * @return the PSK used for identity, or throw an exception if no - * key exists + * Return a cert chain we can use, ordered from leaf to root, + * or else an empty vector. + * + * It is assumed that the caller can get the private key of the + * leaf with private_key_for + * + * @param cert_key_types specifies the key types desired ("RSA", + * "DSA", "ECDSA", etc), or empty if there + * is no preference by the caller. */ - virtual SymmetricKey psk(const std::string& type, - const std::string& context, - const std::string& identity); + virtual std::vector<X509_Certificate> cert_chain( + const std::vector<std::string>& cert_key_types, + const std::string& type, + const std::string& context); + + /** + * Return a cert chain we can use, ordered from leaf to root, + * or else an empty vector. + * + * It is assumed that the caller can get the private key of the + * leaf with private_key_for + * + * @param cert_key_type specifies the type of key requested + * ("RSA", "DSA", "ECDSA", etc) + */ + std::vector<X509_Certificate> cert_chain_single_type( + const std::string& cert_key_type, + const std::string& type, + const std::string& context); + + /** + * @return private key associated with this certificate if we should + * use it with this context. cert was returned by cert_chain + * @note this object should retain ownership of the returned key; + * it should not be deleted by the caller. + */ + virtual Private_Key* private_key_for(const X509_Certificate& cert, + const std::string& type, + const std::string& context); /** * Return true if we should attempt SRP authentication @@ -85,67 +129,26 @@ class BOTAN_DLL Credentials_Manager bool generate_fake_on_unknown); /** - * Return a cert chain we can use, ordered from leaf to root, - * or else an empty vector. - * - * It is assumed that the caller can get the private key of the - * leaf with private_key_for - * - * @param cert_key_types specifies the key types desired ("RSA", - * "DSA", "ECDSA", etc), or empty if there - * is no preference by the caller. - */ - virtual std::vector<X509_Certificate> cert_chain( - const std::vector<std::string>& cert_key_types, - const std::string& type, - const std::string& context); - - /** - * Return a cert chain we can use, ordered from leaf to root, - * or else an empty vector. - * - * It is assumed that the caller can get the private key of the - * leaf with private_key_for - * - * @param cert_key_type specifies the type of key requested - * ("RSA", "DSA", "ECDSA", etc) - */ - std::vector<X509_Certificate> cert_chain_single_type( - const std::string& cert_key_type, - const std::string& type, - const std::string& context); - - /** - * Return a list of the certificates of CAs that we trust in this - * type/context. + * @return the PSK identity hint for this type/context */ - virtual std::vector<X509_Certificate> trusted_certificate_authorities( - const std::string& type, - const std::string& context); + virtual std::string psk_identity_hint(const std::string& type, + const std::string& context); /** - * Check the certificate chain is valid up to a trusted root, and - * optionally (if hostname != "") that the hostname given is - * consistent with the leaf certificate. - * - * This function should throw an exception derived from - * std::exception with an informative what() result if the - * certificate chain cannot be verified. + * @param identity_hint was passed by the server (but may be empty) + * @return the PSK identity we want to use */ - virtual void verify_certificate_chain( - const std::string& type, - const std::string& hostname, - const std::vector<X509_Certificate>& cert_chain); + virtual std::string psk_identity(const std::string& type, + const std::string& context, + const std::string& identity_hint); /** - * @return private key associated with this certificate if we should - * use it with this context. cert was returned by cert_chain - * @note this object should retain ownership of the returned key; - * it should not be deleted by the caller. + * @return the PSK used for identity, or throw an exception if no + * key exists */ - virtual Private_Key* private_key_for(const X509_Certificate& cert, - const std::string& type, - const std::string& context); + virtual SymmetricKey psk(const std::string& type, + const std::string& context, + const std::string& identity); }; } |