Botan  2.12.1
Crypto and TLS for C++11
certstor_flatfile.h
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2019 Jack Lloyd
4 * (C) 2019 Patrick Schmidt
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_CERT_STORE_FLATFILE_H_
10 #define BOTAN_CERT_STORE_FLATFILE_H_
11 
12 #include <botan/certstor.h>
13 
14 #include <vector>
15 #include <memory>
16 #include <map>
17 
18 namespace Botan {
19 /**
20 * Certificate Store that is backed by a file of PEMs of trusted CAs.
21 */
23  {
24  public:
25  /**
26  * Construct a new Certificate_Store given a file path to a file including
27  * PEMs of trusted self-signed CAs.
28  *
29  * @param file the name of the file to read certificates from
30  * @param ignore_non_ca if true, certs that are not self-signed CA certs will
31  * be ignored. Otherwise (if false), an exception will be thrown instead.
32  */
33  Flatfile_Certificate_Store(const std::string& file, bool ignore_non_ca = false);
34 
37  Flatfile_Certificate_Store& operator=(const Flatfile_Certificate_Store&) = default;
39 
40  /**
41  * @return DNs for all certificates managed by the store
42  */
43  std::vector<X509_DN> all_subjects() const override;
44 
45  /**
46  * Find a certificate by Subject DN and (optionally) key identifier
47  * @return the first certificate that matches
48  */
49  std::shared_ptr<const X509_Certificate> find_cert(
50  const X509_DN& subject_dn,
51  const std::vector<uint8_t>& key_id) const override;
52 
53  /**
54  * Find all certificates with a given Subject DN.
55  * Subject DN and even the key identifier might not be unique.
56  */
57  std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
58  const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
59 
60  /**
61  * Find a certificate by searching for one with a matching SHA-1 hash of
62  * public key.
63  * @return a matching certificate or nullptr otherwise
64  */
65  std::shared_ptr<const X509_Certificate>
66  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
67 
68  std::shared_ptr<const X509_Certificate>
69  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
70 
71  /**
72  * Fetching CRLs is not supported by this certificate store. This will
73  * always return an empty list.
74  */
75  std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
76 
77  private:
78  std::vector<X509_DN> m_all_subjects;
79  std::map<X509_DN, std::vector<std::shared_ptr<const X509_Certificate>>> m_dn_to_cert;
80  std::map<std::vector<uint8_t>, std::shared_ptr<const X509_Certificate>> m_pubkey_sha1_to_cert;
81  std::map<std::vector<uint8_t>, std::shared_ptr<const X509_Certificate>> m_subject_dn_sha256_to_cert;
82  };
83 }
84 
85 #endif
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13