9#include <botan/certstor_flatfile.h>
11#include <botan/assert.h>
12#include <botan/data_src.h>
14#include <botan/pkix_types.h>
19std::vector<std::vector<uint8_t>> decode_all_certificates(DataSource& source) {
20 std::vector<std::vector<uint8_t>> pems;
22 while(!source.end_of_data()) {
24 std::vector<uint8_t> cert;
28 if(label ==
"CERTIFICATE" || label ==
"X509 CERTIFICATE" || label ==
"TRUSTED CERTIFICATE") {
31 }
catch(
const Decoding_Error&) {}
40 throw Invalid_Argument(
"Flatfile_Certificate_Store::Flatfile_Certificate_Store invalid file path");
45 for(
const std::vector<uint8_t>& der : decode_all_certificates(file_stream)) {
56 m_dn_to_cert[cert.
subject_dn()].push_back(cert);
59 }
else if(!ignore_non_ca) {
64 if(m_all_subjects.empty()) {
65 throw Invalid_Argument(
"Flatfile_Certificate_Store::Flatfile_Certificate_Store cert file is empty");
70 return m_all_subjects;
74 const std::vector<uint8_t>& key_id)
const {
75 std::vector<X509_Certificate> found_certs;
77 const auto certs = m_dn_to_cert.at(subject_dn);
79 for(
const auto& cert : certs) {
80 if(key_id.empty() || key_id == cert.subject_key_id()) {
81 found_certs.push_back(cert);
84 }
catch(
const std::out_of_range&) {
92 const std::vector<uint8_t>& key_hash)
const {
93 if(key_hash.size() != 20) {
94 throw Invalid_Argument(
"Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 invalid hash");
97 auto found_cert = m_pubkey_sha1_to_cert.find(key_hash);
99 if(found_cert != m_pubkey_sha1_to_cert.end()) {
100 return found_cert->second;
107 const std::vector<uint8_t>& subject_hash)
const {
108 if(subject_hash.size() != 32) {
109 throw Invalid_Argument(
"Flatfile_Certificate_Store::find_cert_by_raw_subject_dn_sha256 invalid hash");
112 auto found_cert = m_subject_dn_sha256_to_cert.find(subject_hash);
114 if(found_cert != m_subject_dn_sha256_to_cert.end()) {
115 return found_cert->second;
std::optional< X509_CRL > find_crl_for(const X509_Certificate &subject) const override
std::vector< X509_DN > all_subjects() const override
std::optional< X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const override
std::vector< X509_Certificate > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const override
Flatfile_Certificate_Store(std::string_view file, bool ignore_non_ca=false)
const X509_DN & subject_dn() const
std::vector< uint8_t > raw_subject_dn_sha256() const
const std::vector< uint8_t > & subject_public_key_bitstring_sha1() const
bool is_self_signed() const
std::string to_string() const
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
std::vector< T > unlock(const secure_vector< T > &in)