Botan 3.4.0
Crypto and TLS for C&
certstor_flatfile.h
Go to the documentation of this file.
1/*
2* Certificate Store
3* (C) 1999-2019 Jack Lloyd
4* (C) 2019 Patrick Schmidt
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_CERT_STORE_FLATFILE_H_
10#define BOTAN_CERT_STORE_FLATFILE_H_
11
12#include <botan/certstor.h>
13
14#include <map>
15#include <memory>
16#include <vector>
17
18namespace Botan {
19/**
20* Certificate Store that is backed by a file of PEMs of trusted CAs.
21*/
22class BOTAN_PUBLIC_API(2, 11) Flatfile_Certificate_Store final : public Certificate_Store {
23 public:
24 /**
25 * Construct a new Certificate_Store given a file path to a file including
26 * PEMs of trusted self-signed CAs.
27 *
28 * @param file the name of the file to read certificates from
29 * @param ignore_non_ca if true, certs that are not self-signed CA certs will
30 * be ignored. Otherwise (if false), an exception will be thrown instead.
31 */
32 Flatfile_Certificate_Store(std::string_view file, bool ignore_non_ca = false);
33
34 Flatfile_Certificate_Store(const Flatfile_Certificate_Store&) = default;
35 Flatfile_Certificate_Store(Flatfile_Certificate_Store&&) = default;
36 Flatfile_Certificate_Store& operator=(const Flatfile_Certificate_Store&) = default;
37 Flatfile_Certificate_Store& operator=(Flatfile_Certificate_Store&&) = default;
38
39 /**
40 * @return DNs for all certificates managed by the store
41 */
42 std::vector<X509_DN> all_subjects() const override;
43
44 /**
45 * Find all certificates with a given Subject DN.
46 * Subject DN and even the key identifier might not be unique.
47 */
48 std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn,
49 const std::vector<uint8_t>& key_id) const override;
50
51 /**
52 * Find a certificate by searching for one with a matching SHA-1 hash of
53 * public key.
54 * @return a matching certificate or nullptr otherwise
55 */
56 std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
57
58 std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
59 const std::vector<uint8_t>& subject_hash) const override;
60
61 /**
62 * Fetching CRLs is not supported by this certificate store. This will
63 * always return an empty list.
64 */
65 std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
66
67 private:
68 std::vector<X509_DN> m_all_subjects;
69 std::map<X509_DN, std::vector<X509_Certificate>> m_dn_to_cert;
70 std::map<std::vector<uint8_t>, std::optional<X509_Certificate>> m_pubkey_sha1_to_cert;
71 std::map<std::vector<uint8_t>, std::optional<X509_Certificate>> m_subject_dn_sha256_to_cert;
72};
73} // namespace Botan
74
75#endif
Botan::Certificate_Store
Definition certstor.h:20
Botan::Flatfile_Certificate_Store
Definition certstor_flatfile.h:22
Botan::Flatfile_Certificate_Store::operator=
Flatfile_Certificate_Store & operator=(const Flatfile_Certificate_Store &)=default
Botan::Flatfile_Certificate_Store::Flatfile_Certificate_Store
Flatfile_Certificate_Store(const Flatfile_Certificate_Store &)=default
Botan::Flatfile_Certificate_Store::Flatfile_Certificate_Store
Flatfile_Certificate_Store(Flatfile_Certificate_Store &&)=default
Botan::Flatfile_Certificate_Store::operator=
Flatfile_Certificate_Store & operator=(Flatfile_Certificate_Store &&)=default
Botan::X509_Certificate
Definition x509cert.h:36
Botan::X509_DN
Definition pkix_types.h:37
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
Generated by doxygen 1.10.0