Botan  2.4.0
Crypto and TLS for C++11
certstor.cpp
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2010,2013 Jack Lloyd
4 * (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/certstor.h>
10 #include <botan/internal/filesystem.h>
11 #include <botan/hash.h>
12 
13 namespace Botan {
14 
15 std::shared_ptr<const X509_CRL> Certificate_Store::find_crl_for(const X509_Certificate&) const
16  {
17  return {};
18  }
19 
21  {
22  for(const auto& c : m_certs)
23  if(*c == cert)
24  return;
25 
26  m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
27  }
28 
29 void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
30  {
31  for(const auto& c : m_certs)
32  if(*c == *cert)
33  return;
34 
35  m_certs.push_back(cert);
36  }
37 
38 std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
39  {
40  std::vector<X509_DN> subjects;
41  for(const auto& cert : m_certs)
42  subjects.push_back(cert->subject_dn());
43  return subjects;
44  }
45 
46 std::shared_ptr<const X509_Certificate>
48  const std::vector<uint8_t>& key_id) const
49  {
50  for(const auto& cert : m_certs)
51  {
52  // Only compare key ids if set in both call and in the cert
53  if(key_id.size())
54  {
55  std::vector<uint8_t> skid = cert->subject_key_id();
56 
57  if(skid.size() && skid != key_id) // no match
58  continue;
59  }
60 
61  if(cert->subject_dn() == subject_dn)
62  return cert;
63  }
64 
65  return nullptr;
66  }
67 
68 std::vector<std::shared_ptr<const X509_Certificate>> Certificate_Store_In_Memory::find_all_certs(
69  const X509_DN& subject_dn,
70  const std::vector<uint8_t>& key_id) const
71  {
72  std::vector<std::shared_ptr<const X509_Certificate>> matches;
73 
74  for(const auto& cert : m_certs)
75  {
76  if(key_id.size())
77  {
78  std::vector<uint8_t> skid = cert->subject_key_id();
79 
80  if(skid.size() && skid != key_id) // no match
81  continue;
82  }
83 
84  if(cert->subject_dn() == subject_dn)
85  matches.push_back(cert);
86  }
87 
88  return matches;
89  }
90 
91 std::shared_ptr<const X509_Certificate>
92 Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const
93  {
94  if(key_hash.size() != 20)
95  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
96 
97  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
98 
99  for(const auto& cert : m_certs){
100  hash->update(cert->subject_public_key_bitstring());
101  if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
102  return cert;
103  }
104 
105  return nullptr;
106  }
107 
108 std::shared_ptr<const X509_Certificate>
109 Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
110  {
111  if(subject_hash.size() != 32)
112  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
113 
114  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
115 
116  for(const auto& cert : m_certs){
117  hash->update(cert->raw_subject_dn());
118  if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
119  return cert;
120  }
121 
122  return nullptr;
123  }
124 
126  {
127  std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
128  return add_crl(crl_s);
129  }
130 
131 void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
132  {
133  X509_DN crl_issuer = crl->issuer_dn();
134 
135  for(auto& c : m_crls)
136  {
137  // Found an update of a previously existing one; replace it
138  if(c->issuer_dn() == crl_issuer)
139  {
140  if(c->this_update() <= crl->this_update())
141  c = crl;
142  return;
143  }
144  }
145 
146  // Totally new CRL, add to the list
147  m_crls.push_back(crl);
148  }
149 
150 std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
151  {
152  const std::vector<uint8_t>& key_id = subject.authority_key_id();
153 
154  for(const auto& c : m_crls)
155  {
156  // Only compare key ids if set in both call and in the CRL
157  if(key_id.size())
158  {
159  std::vector<uint8_t> akid = c->authority_key_id();
160 
161  if(akid.size() && akid != key_id) // no match
162  continue;
163  }
164 
165  if(c->issuer_dn() == subject.issuer_dn())
166  return c;
167  }
168 
169  return {};
170  }
171 
173  {
174  add_certificate(cert);
175  }
176 
177 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
179  {
180  if(dir.empty())
181  return;
182 
183  std::vector<std::string> maybe_certs = get_files_recursive(dir);
184  for(auto&& cert_file : maybe_certs)
185  {
186  try
187  {
188  m_certs.push_back(std::make_shared<X509_Certificate>(cert_file));
189  }
190  catch(std::exception&)
191  {
192  }
193  }
194  }
195 #endif
196 
197 }
std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
Definition: certstor.cpp:68
std::shared_ptr< const X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const override
Definition: certstor.cpp:109
virtual std::shared_ptr< const X509_CRL > find_crl_for(const X509_Certificate &subject) const
Definition: certstor.cpp:15
std::shared_ptr< const X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
Definition: certstor.cpp:47
const std::vector< uint8_t > & authority_key_id() const
Definition: x509cert.cpp:389
std::shared_ptr< const X509_CRL > find_crl_for(const X509_Certificate &subject) const override
Definition: certstor.cpp:150
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:142
std::vector< X509_DN > all_subjects() const override
Definition: certstor.cpp:38
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
const X509_DN & issuer_dn() const
Definition: x509cert.cpp:410
Definition: alg_id.cpp:13
void add_certificate(const X509_Certificate &cert)
Definition: certstor.cpp:20
std::shared_ptr< const X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const override
Definition: certstor.cpp:92
void add_crl(const X509_CRL &crl)
Definition: certstor.cpp:125
std::vector< std::string > get_files_recursive(const std::string &dir)
Definition: filesystem.cpp:162
MechanismType hash