Botan  2.7.0
Crypto and TLS for C++11
certstor.h
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2010,2013 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CERT_STORE_H_
9 #define BOTAN_CERT_STORE_H_
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_crl.h>
13 
14 namespace Botan {
15 
16 /**
17 * Certificate Store Interface
18 */
20  {
21  public:
22  virtual ~Certificate_Store() = default;
23 
24  /**
25  * Find a certificate by Subject DN and (optionally) key identifier
26  * @param subject_dn the subject's distinguished name
27  * @param key_id an optional key id
28  * @return a matching certificate or nullptr otherwise
29  */
30  virtual std::shared_ptr<const X509_Certificate>
31  find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
32 
33  /**
34  * Find all certificates with a given Subject DN.
35  * Subject DN and even the key identifier might not be unique.
36  */
37  virtual std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
38  const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
39 
40 
41  /**
42  * Find a certificate by searching for one with a matching SHA-1 hash of
43  * public key. Used for OCSP.
44  * @param key_hash SHA-1 hash of the subject's public key
45  * @return a matching certificate or nullptr otherwise
46  */
47  virtual std::shared_ptr<const X509_Certificate>
48  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
49 
50  /**
51  * Find a certificate by searching for one with a matching SHA-256 hash of
52  * raw subject name. Used for OCSP.
53  * @param subject_hash SHA-256 hash of the subject's raw name
54  * @return a matching certificate or nullptr otherwise
55  */
56  virtual std::shared_ptr<const X509_Certificate>
57  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
58 
59  /**
60  * Finds a CRL for the given certificate
61  * @param subject the subject certificate
62  * @return the CRL for subject or nullptr otherwise
63  */
64  virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const;
65 
66  /**
67  * @return whether the certificate is known
68  * @param cert certififcate to be searched
69  */
70  bool certificate_known(const X509_Certificate& cert) const
71  {
72  return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
73  }
74 
75  // remove this (used by TLS::Server)
76  virtual std::vector<X509_DN> all_subjects() const = 0;
77  };
78 
79 /**
80 * In Memory Certificate Store
81 */
83  {
84  public:
85  /**
86  * Attempt to parse all files in dir (including subdirectories)
87  * as certificates. Ignores errors.
88  */
89  explicit Certificate_Store_In_Memory(const std::string& dir);
90 
91  /**
92  * Adds given certificate to the store.
93  */
94  explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
95 
96  /**
97  * Create an empty store.
98  */
99  Certificate_Store_In_Memory() = default;
100 
101  /**
102  * Add a certificate to the store.
103  * @param cert certificate to be added
104  */
105  void add_certificate(const X509_Certificate& cert);
106 
107  /**
108  * Add a certificate already in a shared_ptr to the store.
109  * @param cert certificate to be added
110  */
111  void add_certificate(std::shared_ptr<const X509_Certificate> cert);
112 
113  /**
114  * Add a certificate revocation list (CRL) to the store.
115  * @param crl CRL to be added
116  */
117  void add_crl(const X509_CRL& crl);
118 
119  /**
120  * Add a certificate revocation list (CRL) to the store as a shared_ptr
121  * @param crl CRL to be added
122  */
123  void add_crl(std::shared_ptr<const X509_CRL> crl);
124 
125  /**
126  * @return DNs for all certificates managed by the store
127  */
128  std::vector<X509_DN> all_subjects() const override;
129 
130  /*
131  * Find a certificate by Subject DN and (optionally) key identifier
132  * @return the first certificate that matches
133  */
134  std::shared_ptr<const X509_Certificate> find_cert(
135  const X509_DN& subject_dn,
136  const std::vector<uint8_t>& key_id) const override;
137 
138  /*
139  * Find all certificates with a given Subject DN.
140  * Subject DN and even the key identifier might not be unique.
141  */
142  std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
143  const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
144 
145  std::shared_ptr<const X509_Certificate>
146  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
147 
148  std::shared_ptr<const X509_Certificate>
149  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
150 
151  /**
152  * Finds a CRL for the given certificate
153  */
154  std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
155  private:
156  // TODO: Add indexing on the DN and key id to avoid linear search
157  std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
158  std::vector<std::shared_ptr<const X509_CRL>> m_crls;
159  };
160 
161 }
162 
163 #endif
bool certificate_known(const X509_Certificate &cert) const
Definition: certstor.h:70
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
const std::vector< uint8_t > & subject_key_id() const
Definition: x509cert.cpp:407
const X509_DN & subject_dn() const
Definition: x509cert.cpp:428
Definition: alg_id.cpp:13