Botan  2.8.0
Crypto and TLS for C++11
certstor_sql.h
Go to the documentation of this file.
1 /*
2 * Certificate Store in SQL
3 * (C) 2016 Kai Michaelis, Rohde & Schwarz Cybersecurity
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CERT_STORE_SQL_H_
9 #define BOTAN_CERT_STORE_SQL_H_
10 
11 #include <botan/certstor.h>
12 #include <botan/x509cert.h>
13 #include <botan/x509_crl.h>
14 #include <botan/database.h>
15 #include <botan/mutex.h>
16 
17 namespace Botan {
18 
19 class Private_Key;
20 class RandomNumberGenerator;
21 
22 /**
23  * Certificate and private key store backed by an SQL database.
24  */
26  {
27  public:
28  /**
29  * Create/open a certificate store.
30  * @param db underlying database storage
31  * @param passwd password to encrypt private keys in the database
32  * @param rng used for encrypting keys
33  * @param table_prefix optional prefix for db table names
34  */
35  explicit Certificate_Store_In_SQL(const std::shared_ptr<SQL_Database> db,
36  const std::string& passwd,
38  const std::string& table_prefix = "");
39 
40  /**
41  * Returns the first certificate with matching subject DN and optional key ID.
42  */
43  std::shared_ptr<const X509_Certificate>
44  find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
45 
46  /*
47  * Find all certificates with a given Subject DN.
48  * Subject DN and even the key identifier might not be unique.
49  */
50  std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
51  const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
52 
53  std::shared_ptr<const X509_Certificate>
54  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
55 
56  std::shared_ptr<const X509_Certificate>
57  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
58 
59  /**
60  * Returns all subject DNs known to the store instance.
61  */
62  std::vector<X509_DN> all_subjects() const override;
63 
64  /**
65  * Inserts "cert" into the store, returns false if the certificate is
66  * already known and true if insertion was successful.
67  */
68  bool insert_cert(const X509_Certificate& cert);
69 
70  /**
71  * Removes "cert" from the store. Returns false if the certificate could not
72  * be found and true if removal was successful.
73  */
74  bool remove_cert(const X509_Certificate& cert);
75 
76  /// Returns the private key for "cert" or an empty shared_ptr if none was found.
77  std::shared_ptr<const Private_Key> find_key(const X509_Certificate&) const;
78 
79  /// Returns all certificates for private key "key".
80  std::vector<std::shared_ptr<const X509_Certificate>>
81  find_certs_for_key(const Private_Key& key) const;
82 
83  /**
84  * Inserts "key" for "cert" into the store, returns false if the key is
85  * already known and true if insertion was successful.
86  */
87  bool insert_key(const X509_Certificate& cert, const Private_Key& key);
88 
89  /// Removes "key" from the store.
90  void remove_key(const Private_Key& key);
91 
92  /// Marks "cert" as revoked starting from "time".
93  void revoke_cert(const X509_Certificate&, CRL_Code, const X509_Time& time = X509_Time());
94 
95  /// Reverses the revokation for "cert".
96  void affirm_cert(const X509_Certificate&);
97 
98  /**
99  * Generates Certificate Revocation Lists for all certificates marked as revoked.
100  * A CRL is returned for each unique issuer DN.
101  */
102  std::vector<X509_CRL> generate_crls() const;
103 
104  /**
105  * Generates a CRL for all certificates issued by the given issuer.
106  */
107  std::shared_ptr<const X509_CRL>
108  find_crl_for(const X509_Certificate& issuer) const override;
109 
110  private:
111  RandomNumberGenerator& m_rng;
112  std::shared_ptr<SQL_Database> m_database;
113  std::string m_prefix;
114  std::string m_password;
115  mutex_type m_mutex;
116  };
117 
118 }
119 #endif
CRL_Code
Definition: crl_ent.h:22
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: alg_id.cpp:13