Botan 3.9.0
Crypto and TLS for C&
certstor.h
Go to the documentation of this file.
1/*
2* Certificate Store
3* (C) 1999-2010,2013 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_CERT_STORE_H_
9#define BOTAN_CERT_STORE_H_
10
11#include <botan/x509_crl.h>
12#include <botan/x509cert.h>
13#include <optional>
14
15namespace Botan {
16
17/**
18* Certificate Store Interface
19*/
20class BOTAN_PUBLIC_API(2, 0) Certificate_Store /* NOLINT(*-special-member-functions) */ {
21 public:
22 virtual ~Certificate_Store();
23
24 /**
25 * Find a certificate by Subject DN and (optionally) key identifier
26 * @param subject_dn the subject's distinguished name
27 * @param key_id an optional key id
28 * @return a matching certificate or nullopt otherwise
29 * If more than one certificate in the certificate store matches, then
30 * a single value is selected arbitrarily.
31 */
32 virtual std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn,
33 const std::vector<uint8_t>& key_id) const;
34
35 /**
36 * Find all certificates with a given Subject DN.
37 * Subject DN and even the key identifier might not be unique.
38 */
39 virtual std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn,
40 const std::vector<uint8_t>& key_id) const = 0;
41
42 /**
43 * Find a certificate by searching for one with a matching SHA-1 hash of
44 * public key. Used for OCSP.
45 * @param key_hash SHA-1 hash of the subject's public key
46 * @return a matching certificate or nullopt otherwise
47 */
48 virtual std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
49
50 /**
51 * Find a certificate by searching for one with a matching SHA-256 hash of
52 * raw subject name. Used for OCSP.
53 * @param subject_hash SHA-256 hash of the subject's raw name
54 * @return a matching certificate or nullopt otherwise
55 */
56 virtual std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
57 const std::vector<uint8_t>& subject_hash) const = 0;
58
59 /**
60 * Finds a CRL for the given certificate
61 * @param subject the subject certificate
62 * @return the CRL for subject or nullopt otherwise
63 */
64 virtual std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const;
65
66 /**
67 * @return whether the certificate is known
68 * @param cert certififcate to be searched
69 */
70 bool certificate_known(const X509_Certificate& cert) const {
71 return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();
72 }
73
74 // remove this (used by TLS::Server)
75 virtual std::vector<X509_DN> all_subjects() const = 0;
76};
77
78/**
79* In Memory Certificate Store
80*/
81class BOTAN_PUBLIC_API(2, 0) Certificate_Store_In_Memory final : public Certificate_Store {
82 public:
83#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
84 /**
85 * Attempt to parse all files in dir (including subdirectories)
86 * as certificates. Ignores errors.
87 */
88 explicit Certificate_Store_In_Memory(std::string_view dir);
89#endif
90
91 /**
92 * Adds given certificate to the store.
93 */
94 explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
95
96 /**
97 * Create an empty store.
98 */
99 Certificate_Store_In_Memory() = default;
100
101 /**
102 * Add a certificate to the store.
103 * @param cert certificate to be added
104 */
105 void add_certificate(const X509_Certificate& cert);
106
107 /**
108 * Add a certificate revocation list (CRL) to the store.
109 * @param crl CRL to be added
110 */
111 void add_crl(const X509_CRL& crl);
112
113 /**
114 * @return DNs for all certificates managed by the store
115 */
116 std::vector<X509_DN> all_subjects() const override;
117
118 /*
119 * Find a certificate by Subject DN and (optionally) key identifier
120 * @return the first certificate that matches
121 */
122 std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn,
123 const std::vector<uint8_t>& key_id) const override;
124
125 /*
126 * Find all certificates with a given Subject DN.
127 * Subject DN and even the key identifier might not be unique.
128 */
129 std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn,
130 const std::vector<uint8_t>& key_id) const override;
131
132 std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
133
134 std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
135 const std::vector<uint8_t>& subject_hash) const override;
136
137 /**
138 * Finds a CRL for the given certificate
139 */
140 std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
141
142 private:
143 // TODO: Add indexing on the DN and key id to avoid linear search
144 std::vector<X509_Certificate> m_certs;
145 std::vector<X509_CRL> m_crls;
146};
147
148} // namespace Botan
149
150#endif
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory
Certificate_Store_In_Memory(const X509_Certificate &cert)
Definition certstor.cpp:170
Botan::Certificate_Store_In_Memory::find_all_certs
std::vector< X509_Certificate > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
Definition certstor.cpp:75
Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1
std::optional< X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const override
Definition certstor.cpp:96
Botan::Certificate_Store_In_Memory::find_cert
std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
Definition certstor.cpp:55
Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory
Certificate_Store_In_Memory()=default
Botan::Certificate_Store_In_Memory::add_crl
void add_crl(const X509_CRL &crl)
Definition certstor.cpp:132
Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256
std::optional< X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const override
Definition certstor.cpp:114
Botan::Certificate_Store_In_Memory::find_crl_for
std::optional< X509_CRL > find_crl_for(const X509_Certificate &subject) const override
Definition certstor.cpp:149
Botan::Certificate_Store_In_Memory::add_certificate
void add_certificate(const X509_Certificate &cert)
Definition certstor.cpp:36
Botan::Certificate_Store_In_Memory::all_subjects
std::vector< X509_DN > all_subjects() const override
Definition certstor.cpp:46
Botan::Certificate_Store
Definition certstor.h:20
Botan::Certificate_Store::find_crl_for
virtual std::optional< X509_CRL > find_crl_for(const X509_Certificate &subject) const
Definition certstor.cpp:32
Botan::Certificate_Store::certificate_known
bool certificate_known(const X509_Certificate &cert) const
Definition certstor.h:70
Botan::Certificate_Store::all_subjects
virtual std::vector< X509_DN > all_subjects() const =0
Botan::Certificate_Store::find_cert_by_raw_subject_dn_sha256
virtual std::optional< X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const =0
Botan::Certificate_Store::~Certificate_Store
virtual ~Certificate_Store()
Botan::Certificate_Store::find_cert_by_pubkey_sha1
virtual std::optional< X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const =0
Botan::Certificate_Store::find_all_certs
virtual std::vector< X509_Certificate > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const =0
Botan::Certificate_Store::find_cert
virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition certstor.cpp:20
Botan::X509_CRL
Definition x509_crl.h:90
Botan::X509_Certificate
Definition x509cert.h:36
Botan::X509_Certificate::subject_dn
const X509_DN & subject_dn() const
Definition x509cert.cpp:411
Botan::X509_Certificate::subject_key_id
const std::vector< uint8_t > & subject_key_id() const
Definition x509cert.cpp:395
Botan::X509_DN
Definition pkix_types.h:41
Generated by doxygen 1.14.0