Botan 3.6.1
Crypto and TLS for C&
certstor_macos.h
Go to the documentation of this file.
1/*
2* Certificate Store
3* (C) 1999-2019 Jack Lloyd
4* (C) 2019 René Meusel
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_CERT_STORE_SYSTEM_MACOS_H_
10#define BOTAN_CERT_STORE_SYSTEM_MACOS_H_
11
12#include <memory>
13
14#include <botan/certstor.h>
15
16namespace Botan {
17
18class Certificate_Store_MacOS_Impl;
19
20/**
21* Certificate Store that is backed by the system trust store on macOS. This
22* opens a handle to the macOS keychain and serves certificate queries directly
23* from there.
24*/
25class BOTAN_PUBLIC_API(2, 10) Certificate_Store_MacOS final : public Certificate_Store {
26 public:
27 Certificate_Store_MacOS();
28
29 Certificate_Store_MacOS(const Certificate_Store_MacOS&) = default;
30 Certificate_Store_MacOS(Certificate_Store_MacOS&&) = default;
31 Certificate_Store_MacOS& operator=(const Certificate_Store_MacOS&) = default;
32 Certificate_Store_MacOS& operator=(Certificate_Store_MacOS&&) = default;
33
34 /**
35 * @return DNs for all certificates managed by the store
36 */
37 std::vector<X509_DN> all_subjects() const override;
38
39 /**
40 * Find a certificate by Subject DN and (optionally) key identifier
41 * @return the first certificate that matches
42 */
43 std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn,
44 const std::vector<uint8_t>& key_id) const override;
45
46 /**
47 * Find all certificates with a given Subject DN.
48 * Subject DN and even the key identifier might not be unique.
49 */
50 std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn,
51 const std::vector<uint8_t>& key_id) const override;
52
53 /**
54 * Find a certificate by searching for one with a matching SHA-1 hash of
55 * public key.
56 * @return a matching certificate or nullptr otherwise
57 */
58 std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
59
60 /**
61 * @throws Not_Implemented
62 */
63 std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
64 const std::vector<uint8_t>& subject_hash) const override;
65
66 /**
67 * Fetching CRLs is not supported by the keychain on macOS. This will
68 * always return an empty list.
69 */
70 std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
71
72 private:
73 std::shared_ptr<Certificate_Store_MacOS_Impl> m_impl;
74};
75
76} // namespace Botan
77
78#endif
Botan::Certificate_Store_MacOS
Definition certstor_macos.h:25
Botan::Certificate_Store_MacOS::operator=
Certificate_Store_MacOS & operator=(Certificate_Store_MacOS &&)=default
Botan::Certificate_Store_MacOS::Certificate_Store_MacOS
Certificate_Store_MacOS(Certificate_Store_MacOS &&)=default
Botan::Certificate_Store_MacOS::Certificate_Store_MacOS
Certificate_Store_MacOS(const Certificate_Store_MacOS &)=default
Botan::Certificate_Store_MacOS::operator=
Certificate_Store_MacOS & operator=(const Certificate_Store_MacOS &)=default
Botan::Certificate_Store
Definition certstor.h:20
Botan::X509_Certificate
Definition x509cert.h:36
Botan::X509_DN
Definition pkix_types.h:38
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
Generated by doxygen 1.12.0