Botan 2.19.2
Crypto and TLS for C&
certstor_sql.h
Go to the documentation of this file.
1/*
2* Certificate Store in SQL
3* (C) 2016 Kai Michaelis, Rohde & Schwarz Cybersecurity
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_CERT_STORE_SQL_H_
9#define BOTAN_CERT_STORE_SQL_H_
10
11#include <botan/certstor.h>
12#include <botan/x509cert.h>
13#include <botan/x509_crl.h>
14#include <botan/database.h>
15#include <botan/mutex.h>
16
17namespace Botan {
18
19class Private_Key;
20class RandomNumberGenerator;
21
22/**
23 * Certificate and private key store backed by an SQL database.
24 */
26 {
27 public:
28 /**
29 * Create/open a certificate store.
30 * @param db underlying database storage
31 * @param passwd password to encrypt private keys in the database
32 * @param rng used for encrypting keys
33 * @param table_prefix optional prefix for db table names
34 */
35 explicit Certificate_Store_In_SQL(const std::shared_ptr<SQL_Database> db,
36 const std::string& passwd,
38 const std::string& table_prefix = "");
39
40 /**
41 * Returns the first certificate with matching subject DN and optional key ID.
42 */
43 std::shared_ptr<const X509_Certificate>
44 find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
45
46 /*
47 * Find all certificates with a given Subject DN.
48 * Subject DN and even the key identifier might not be unique.
49 */
50 std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
51 const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
52
53 std::shared_ptr<const X509_Certificate>
54 find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
55
56 std::shared_ptr<const X509_Certificate>
57 find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
58
59 /**
60 * Returns all subject DNs known to the store instance.
61 */
62 std::vector<X509_DN> all_subjects() const override;
63
64 /**
65 * Inserts "cert" into the store, returns false if the certificate is
66 * already known and true if insertion was successful.
67 */
68 bool insert_cert(const X509_Certificate& cert);
69
70 /**
71 * Removes "cert" from the store. Returns false if the certificate could not
72 * be found and true if removal was successful.
73 */
74 bool remove_cert(const X509_Certificate& cert);
75
76 /// Returns the private key for "cert" or an empty shared_ptr if none was found.
77 std::shared_ptr<const Private_Key> find_key(const X509_Certificate&) const;
78
79 /// Returns all certificates for private key "key".
80 std::vector<std::shared_ptr<const X509_Certificate>>
81 find_certs_for_key(const Private_Key& key) const;
82
83 /**
84 * Inserts "key" for "cert" into the store, returns false if the key is
85 * already known and true if insertion was successful.
86 */
87 bool insert_key(const X509_Certificate& cert, const Private_Key& key);
88
89 /// Removes "key" from the store.
90 void remove_key(const Private_Key& key);
91
92 /// Marks "cert" as revoked starting from "time".
93 void revoke_cert(const X509_Certificate&, CRL_Code, const X509_Time& time = X509_Time());
94
95 /// Reverses the revokation for "cert".
96 void affirm_cert(const X509_Certificate&);
97
98 /**
99 * Generates Certificate Revocation Lists for all certificates marked as revoked.
100 * A CRL is returned for each unique issuer DN.
101 */
102 std::vector<X509_CRL> generate_crls() const;
103
104 /**
105 * Generates a CRL for all certificates issued by the given issuer.
106 */
107 std::shared_ptr<const X509_CRL>
108 find_crl_for(const X509_Certificate& issuer) const override;
109
110 private:
112 std::shared_ptr<SQL_Database> m_database;
113 std::string m_prefix;
114 std::string m_password;
115 mutex_type m_mutex;
116 };
117
118}
119#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13
ASN1_Time X509_Time
Definition: asn1_obj.h:386