/usr/include/botan-2/botan/credentials_manager.h is in libbotan-2-dev 2.4.0-5ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 | /*
* Credentials Manager
* (C) 2011,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_CREDENTIALS_MANAGER_H_
#define BOTAN_CREDENTIALS_MANAGER_H_
#include <botan/pk_keys.h>
#include <botan/x509cert.h>
#include <botan/certstor.h>
#include <botan/symkey.h>
#include <string>
namespace Botan {
class BigInt;
/**
* Interface for a credentials manager.
*
* A type is a fairly static value that represents the general nature
* of the transaction occurring. Currently used values are "tls-client"
* and "tls-server". Context represents a hostname, email address,
* username, or other identifier.
*/
class BOTAN_PUBLIC_API(2,0) Credentials_Manager
{
public:
virtual ~Credentials_Manager() = default;
/**
* Return a list of the certificates of CAs that we trust in this
* type/context.
*
* @param type specifies the type of operation occurring
*
* @param context specifies a context relative to type. For instance
* for type "tls-client", context specifies the servers name.
*/
virtual std::vector<Certificate_Store*> trusted_certificate_authorities(
const std::string& type,
const std::string& context);
/**
* Return a cert chain we can use, ordered from leaf to root,
* or else an empty vector.
*
* It is assumed that the caller can get the private key of the
* leaf with private_key_for
*
* @param cert_key_types specifies the key types desired ("RSA",
* "DSA", "ECDSA", etc), or empty if there
* is no preference by the caller.
*
* @param type specifies the type of operation occurring
*
* @param context specifies a context relative to type.
*/
virtual std::vector<X509_Certificate> cert_chain(
const std::vector<std::string>& cert_key_types,
const std::string& type,
const std::string& context);
/**
* Return a cert chain we can use, ordered from leaf to root,
* or else an empty vector.
*
* It is assumed that the caller can get the private key of the
* leaf with private_key_for
*
* @param cert_key_type specifies the type of key requested
* ("RSA", "DSA", "ECDSA", etc)
*
* @param type specifies the type of operation occurring
*
* @param context specifies a context relative to type.
*/
std::vector<X509_Certificate> cert_chain_single_type(
const std::string& cert_key_type,
const std::string& type,
const std::string& context);
/**
* @return private key associated with this certificate if we should
* use it with this context. cert was returned by cert_chain
* @note this object should retain ownership of the returned key;
* it should not be deleted by the caller.
*/
virtual Private_Key* private_key_for(const X509_Certificate& cert,
const std::string& type,
const std::string& context);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @return true if we should attempt SRP authentication
*/
virtual bool attempt_srp(const std::string& type,
const std::string& context);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @return identifier for client-side SRP auth, if available
for this type/context. Should return empty string
if password auth not desired/available.
*/
virtual std::string srp_identifier(const std::string& type,
const std::string& context);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @param identifier specifies what identifier we want the
* password for. This will be a value previously returned
* by srp_identifier.
* @return password for client-side SRP auth, if available
for this identifier/type/context.
*/
virtual std::string srp_password(const std::string& type,
const std::string& context,
const std::string& identifier);
/**
* Retrieve SRP verifier parameters
*/
virtual bool srp_verifier(const std::string& type,
const std::string& context,
const std::string& identifier,
std::string& group_name,
BigInt& verifier,
std::vector<uint8_t>& salt,
bool generate_fake_on_unknown);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @return the PSK identity hint for this type/context
*/
virtual std::string psk_identity_hint(const std::string& type,
const std::string& context);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @param identity_hint was passed by the server (but may be empty)
* @return the PSK identity we want to use
*/
virtual std::string psk_identity(const std::string& type,
const std::string& context,
const std::string& identity_hint);
/**
* @param type specifies the type of operation occurring
* @param context specifies a context relative to type.
* @param identity is a PSK identity previously returned by
psk_identity for the same type and context.
* @return the PSK used for identity, or throw an exception if no
* key exists
*/
virtual SymmetricKey psk(const std::string& type,
const std::string& context,
const std::string& identity);
};
}
#endif
|