aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/credentials/credentials_manager.h135
1 files changed, 69 insertions, 66 deletions
diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h
index 57ebd8b38..9ae978048 100644
--- a/src/credentials/credentials_manager.h
+++ b/src/credentials/credentials_manager.h
@@ -29,24 +29,68 @@ class BOTAN_DLL Credentials_Manager
public:
virtual ~Credentials_Manager() {}
- virtual std::string psk_identity_hint(const std::string& type,
- const std::string& context);
+ /**
+ * Return a list of the certificates of CAs that we trust in this
+ * type/context.
+ */
+ virtual std::vector<X509_Certificate> trusted_certificate_authorities(
+ const std::string& type,
+ const std::string& context);
/**
- * @param identity_hint was passed by the server (but may be empty)
- * @return the PSK identity we want to use
+ * Check the certificate chain is valid up to a trusted root, and
+ * optionally (if hostname != "") that the hostname given is
+ * consistent with the leaf certificate.
+ *
+ * This function should throw an exception derived from
+ * std::exception with an informative what() result if the
+ * certificate chain cannot be verified.
*/
- virtual std::string psk_identity(const std::string& type,
- const std::string& context,
- const std::string& identity_hint);
+ virtual void verify_certificate_chain(
+ const std::string& type,
+ const std::string& hostname,
+ const std::vector<X509_Certificate>& cert_chain);
/**
- * @return the PSK used for identity, or throw an exception if no
- * key exists
+ * Return a cert chain we can use, ordered from leaf to root,
+ * or else an empty vector.
+ *
+ * It is assumed that the caller can get the private key of the
+ * leaf with private_key_for
+ *
+ * @param cert_key_types specifies the key types desired ("RSA",
+ * "DSA", "ECDSA", etc), or empty if there
+ * is no preference by the caller.
*/
- virtual SymmetricKey psk(const std::string& type,
- const std::string& context,
- const std::string& identity);
+ virtual std::vector<X509_Certificate> cert_chain(
+ const std::vector<std::string>& cert_key_types,
+ const std::string& type,
+ const std::string& context);
+
+ /**
+ * Return a cert chain we can use, ordered from leaf to root,
+ * or else an empty vector.
+ *
+ * It is assumed that the caller can get the private key of the
+ * leaf with private_key_for
+ *
+ * @param cert_key_type specifies the type of key requested
+ * ("RSA", "DSA", "ECDSA", etc)
+ */
+ std::vector<X509_Certificate> cert_chain_single_type(
+ const std::string& cert_key_type,
+ const std::string& type,
+ const std::string& context);
+
+ /**
+ * @return private key associated with this certificate if we should
+ * use it with this context. cert was returned by cert_chain
+ * @note this object should retain ownership of the returned key;
+ * it should not be deleted by the caller.
+ */
+ virtual Private_Key* private_key_for(const X509_Certificate& cert,
+ const std::string& type,
+ const std::string& context);
/**
* Return true if we should attempt SRP authentication
@@ -85,67 +129,26 @@ class BOTAN_DLL Credentials_Manager
bool generate_fake_on_unknown);
/**
- * Return a cert chain we can use, ordered from leaf to root,
- * or else an empty vector.
- *
- * It is assumed that the caller can get the private key of the
- * leaf with private_key_for
- *
- * @param cert_key_types specifies the key types desired ("RSA",
- * "DSA", "ECDSA", etc), or empty if there
- * is no preference by the caller.
- */
- virtual std::vector<X509_Certificate> cert_chain(
- const std::vector<std::string>& cert_key_types,
- const std::string& type,
- const std::string& context);
-
- /**
- * Return a cert chain we can use, ordered from leaf to root,
- * or else an empty vector.
- *
- * It is assumed that the caller can get the private key of the
- * leaf with private_key_for
- *
- * @param cert_key_type specifies the type of key requested
- * ("RSA", "DSA", "ECDSA", etc)
- */
- std::vector<X509_Certificate> cert_chain_single_type(
- const std::string& cert_key_type,
- const std::string& type,
- const std::string& context);
-
- /**
- * Return a list of the certificates of CAs that we trust in this
- * type/context.
+ * @return the PSK identity hint for this type/context
*/
- virtual std::vector<X509_Certificate> trusted_certificate_authorities(
- const std::string& type,
- const std::string& context);
+ virtual std::string psk_identity_hint(const std::string& type,
+ const std::string& context);
/**
- * Check the certificate chain is valid up to a trusted root, and
- * optionally (if hostname != "") that the hostname given is
- * consistent with the leaf certificate.
- *
- * This function should throw an exception derived from
- * std::exception with an informative what() result if the
- * certificate chain cannot be verified.
+ * @param identity_hint was passed by the server (but may be empty)
+ * @return the PSK identity we want to use
*/
- virtual void verify_certificate_chain(
- const std::string& type,
- const std::string& hostname,
- const std::vector<X509_Certificate>& cert_chain);
+ virtual std::string psk_identity(const std::string& type,
+ const std::string& context,
+ const std::string& identity_hint);
/**
- * @return private key associated with this certificate if we should
- * use it with this context. cert was returned by cert_chain
- * @note this object should retain ownership of the returned key;
- * it should not be deleted by the caller.
+ * @return the PSK used for identity, or throw an exception if no
+ * key exists
*/
- virtual Private_Key* private_key_for(const X509_Certificate& cert,
- const std::string& type,
- const std::string& context);
+ virtual SymmetricKey psk(const std::string& type,
+ const std::string& context,
+ const std::string& identity);
};
}