Botan  2.12.1
Crypto and TLS for C++11
certstor_macos.h
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2019 Jack Lloyd
4 * (C) 2019 RenĂ© Meusel
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_CERT_STORE_SYSTEM_MACOS_H_
10 #define BOTAN_CERT_STORE_SYSTEM_MACOS_H_
11 
12 #include <memory>
13 
14 #include <botan/certstor.h>
15 
16 namespace Botan {
17 
18 class Certificate_Store_MacOS_Impl;
19 
20 /**
21 * Certificate Store that is backed by the system trust store on macOS. This
22 * opens a handle to the macOS keychain and serves certificate queries directly
23 * from there.
24 */
26  {
27  public:
29 
32  Certificate_Store_MacOS& operator=(const Certificate_Store_MacOS&) = default;
33  Certificate_Store_MacOS& operator=(Certificate_Store_MacOS&&) = default;
34 
35  /**
36  * @return DNs for all certificates managed by the store
37  */
38  std::vector<X509_DN> all_subjects() const override;
39 
40  /**
41  * Find a certificate by Subject DN and (optionally) key identifier
42  * @return the first certificate that matches
43  */
44  std::shared_ptr<const X509_Certificate> find_cert(
45  const X509_DN& subject_dn,
46  const std::vector<uint8_t>& key_id) const override;
47 
48  /**
49  * Find all certificates with a given Subject DN.
50  * Subject DN and even the key identifier might not be unique.
51  */
52  std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
53  const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
54 
55  /**
56  * Find a certificate by searching for one with a matching SHA-1 hash of
57  * public key.
58  * @return a matching certificate or nullptr otherwise
59  */
60  std::shared_ptr<const X509_Certificate>
61  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
62 
63  /**
64  * @throws Botan::Not_Implemented
65  */
66  std::shared_ptr<const X509_Certificate>
67  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
68 
69  /**
70  * Fetching CRLs is not supported by the keychain on macOS. This will
71  * always return an empty list.
72  */
73  std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
74 
75  private:
76  std::shared_ptr<Certificate_Store_MacOS_Impl> m_impl;
77  };
78 
79 }
80 
81 #endif
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13