Botan 2.19.1
Crypto and TLS for C&
certstor.h
Go to the documentation of this file.
1/*
2* Certificate Store
3* (C) 1999-2010,2013 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_CERT_STORE_H_
9#define BOTAN_CERT_STORE_H_
10
11#include <botan/x509cert.h>
12#include <botan/x509_crl.h>
13
14namespace Botan {
15
16/**
17* Certificate Store Interface
18*/
20 {
21 public:
22 virtual ~Certificate_Store();
23
24 /**
25 * Find a certificate by Subject DN and (optionally) key identifier
26 * @param subject_dn the subject's distinguished name
27 * @param key_id an optional key id
28 * @return a matching certificate or nullptr otherwise
29 * If more than one certificate in the certificate store matches, then
30 * a single value is selected arbitrarily.
31 */
32 virtual std::shared_ptr<const X509_Certificate>
33 find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const;
34
35 /**
36 * Find all certificates with a given Subject DN.
37 * Subject DN and even the key identifier might not be unique.
38 */
39 virtual std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
40 const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
41
42
43 /**
44 * Find a certificate by searching for one with a matching SHA-1 hash of
45 * public key. Used for OCSP.
46 * @param key_hash SHA-1 hash of the subject's public key
47 * @return a matching certificate or nullptr otherwise
48 */
49 virtual std::shared_ptr<const X509_Certificate>
50 find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
51
52 /**
53 * Find a certificate by searching for one with a matching SHA-256 hash of
54 * raw subject name. Used for OCSP.
55 * @param subject_hash SHA-256 hash of the subject's raw name
56 * @return a matching certificate or nullptr otherwise
57 */
58 virtual std::shared_ptr<const X509_Certificate>
59 find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
60
61 /**
62 * Finds a CRL for the given certificate
63 * @param subject the subject certificate
64 * @return the CRL for subject or nullptr otherwise
65 */
66 virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const;
67
68 /**
69 * @return whether the certificate is known
70 * @param cert certififcate to be searched
71 */
72 bool certificate_known(const X509_Certificate& cert) const
73 {
74 return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
75 }
76
77 // remove this (used by TLS::Server)
78 virtual std::vector<X509_DN> all_subjects() const = 0;
79 };
80
81/**
82* In Memory Certificate Store
83*/
85 {
86 public:
87 /**
88 * Attempt to parse all files in dir (including subdirectories)
89 * as certificates. Ignores errors.
90 */
91 explicit Certificate_Store_In_Memory(const std::string& dir);
92
93 /**
94 * Adds given certificate to the store.
95 */
97
98 /**
99 * Create an empty store.
100 */
102
103 /**
104 * Add a certificate to the store.
105 * @param cert certificate to be added
106 */
107 void add_certificate(const X509_Certificate& cert);
108
109 /**
110 * Add a certificate already in a shared_ptr to the store.
111 * @param cert certificate to be added
112 */
113 void add_certificate(std::shared_ptr<const X509_Certificate> cert);
114
115 /**
116 * Add a certificate revocation list (CRL) to the store.
117 * @param crl CRL to be added
118 */
119 void add_crl(const X509_CRL& crl);
120
121 /**
122 * Add a certificate revocation list (CRL) to the store as a shared_ptr
123 * @param crl CRL to be added
124 */
125 void add_crl(std::shared_ptr<const X509_CRL> crl);
126
127 /**
128 * @return DNs for all certificates managed by the store
129 */
130 std::vector<X509_DN> all_subjects() const override;
131
132 /*
133 * Find a certificate by Subject DN and (optionally) key identifier
134 * @return the first certificate that matches
135 */
136 std::shared_ptr<const X509_Certificate> find_cert(
137 const X509_DN& subject_dn,
138 const std::vector<uint8_t>& key_id) const override;
139
140 /*
141 * Find all certificates with a given Subject DN.
142 * Subject DN and even the key identifier might not be unique.
143 */
144 std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
145 const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
146
147 std::shared_ptr<const X509_Certificate>
148 find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
149
150 std::shared_ptr<const X509_Certificate>
151 find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
152
153 /**
154 * Finds a CRL for the given certificate
155 */
156 std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
157 private:
158 // TODO: Add indexing on the DN and key id to avoid linear search
159 std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
160 std::vector<std::shared_ptr<const X509_CRL>> m_crls;
161 };
162
163}
164
165#endif
Certificate_Store_In_Memory(const std::string &dir)
bool certificate_known(const X509_Certificate &cert) const
Definition: certstor.h:72
virtual std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const =0
virtual std::shared_ptr< const X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const =0
virtual std::vector< X509_DN > all_subjects() const =0
virtual std::shared_ptr< const X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const =0
const X509_DN & subject_dn() const
Definition: x509cert.cpp:476
const std::vector< uint8_t > & subject_key_id() const
Definition: x509cert.cpp:455
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13