xentara-plugin v2.0.3
The Xentara Plugin Framework
Loading...
Searching...
No Matches
Public Member Functions | List of all members
xentara::security::CertificateAuthenticator Class Reference

An authenticator that uses a user certificates. More...

#include <xentara/security/CertificateAuthenticator.hpp>

Public Member Functions

internal auto checkProofOfPossession (DerCertificate certificate, std::span< const std::byte > data, std::span< const std::byte > signature, DigestType digestType) const -> utils::eh::expected< void, std::error_code >
 Check a proof of possession.
 
auto authenticate (DerCertificate certificate) const -> utils::eh::expected< Authorization, std::error_code >
 Authenticate using a self-signed user certificate.
 
template<std::convertible_to< DerCertificate > ConcreteDerCertificate>
auto authenticate (std::span< const ConcreteDerCertificate > certificateChain) const -> utils::eh::expected< Authorization, std::error_code >
 Authenticate using a user certificate using a certificate chain.
 

Detailed Description

An authenticator that uses a user certificates.

Member Function Documentation

◆ authenticate() [1/2]

auto xentara::security::CertificateAuthenticator::authenticate ( DerCertificate  certificate) const -> utils::eh::expected< Authorization, std::error_code >

Authenticate using a self-signed user certificate.

Parameters
certificateThe certificate, in DER format. Proof of possession of the certificate’s private key must already have been done, either by the underlying protocol, or manually using checkProofOfPossession(). Note that most protocols, like TLS, perform the proof of possession for you, so you generally only need to perform a manual proof of possession if you implemented your own protocol.
Returns
Returns an authorization object, or an error code on error.

◆ authenticate() [2/2]

template<std::convertible_to< DerCertificate > ConcreteDerCertificate>
auto xentara::security::CertificateAuthenticator::authenticate ( std::span< const ConcreteDerCertificate >  certificateChain) const -> utils::eh::expected< Authorization, std::error_code >

Authenticate using a user certificate using a certificate chain.

Parameters
certificateChain

The certificate chain, containing all the certificated in the chain in DER format. The first element must be the user certificate, followed by the intermediate and root certificates, in order.

Proof of possession of the top certificate’s private key must already have been done, either by the underlying protocol, or manually using checkProofOfPossession(). Note that most protocols, like TLS, perform the proof of possession for you, so you generally only need to perform a manual proof of possession if you implemented your own protocol.

Returns
Returns an authorization object, or an error code on error.

◆ checkProofOfPossession()

internal auto xentara::security::CertificateAuthenticator::checkProofOfPossession ( DerCertificate  certificate,
std::span< const std::byte data,
std::span< const std::byte signature,
DigestType  digestType 
) const -> utils::eh::expected< void, std::error_code >

Check a proof of possession.

This function can be used to implement a custom proof of possession for a certificate’s private key.

Parameters
certificateThe certificate whose possession was to be verified, in DER format
dataThe data that the client was asked to sign.
signatureThe signature supplied by the client.
digestTypeThe type of message digest that was signed
Returns
Returns a default constructed expected on success, or an error code if an error occurred. If the signature was invalid, then Error::InvalidProofOfPossession is returned.