Botan 3.5.0
Crypto and TLS for C&
certstor_windows.h
Go to the documentation of this file.
1/*
2* Certificate Store
3* (C) 1999-2019 Jack Lloyd
4* (C) 2019 Patrick Schmidt
5* (C) 2021 René Meusel
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#ifndef BOTAN_CERT_STORE_SYSTEM_WINDOWS_H_
11#define BOTAN_CERT_STORE_SYSTEM_WINDOWS_H_
12
13#include <botan/certstor.h>
14
15#include <map>
16
17namespace Botan {
18/**
19* Certificate Store that is backed by the system trust store on Windows.
20*/
22 public:
24
29
30 /**
31 * @return DNs for all certificates managed by the store
32 */
33 std::vector<X509_DN> all_subjects() const override;
34
35 /**
36 * Find a certificate by Subject DN and (optionally) key identifier
37 * @return the first certificate that matches
38 */
39 std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn,
40 const std::vector<uint8_t>& key_id) const override;
41
42 /**
43 * Find all certificates with a given Subject DN.
44 * Subject DN and even the key identifier might not be unique.
45 */
46 std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn,
47 const std::vector<uint8_t>& key_id) const override;
48
49 /**
50 * Find a certificate by searching for one with a matching SHA-1 hash of
51 * public key.
52 * @return a matching certificate or nullptr otherwise
53 */
54 std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
55
56 /**
57 * @throws Not_Implemented
58 */
59 std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
60 const std::vector<uint8_t>& subject_hash) const override;
61
62 /**
63 * Not Yet Implemented
64 * @return nullptr;
65 */
66 std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
67
68 private:
69 /**
70 * Handle certificates that do not adhere to RFC 3280 using a subject key identifier
71 * that is not equal to the SHA-1 of the public key (w/o algorithm identifier)
72 *
73 * This method lazily builds a cache of certificates found in previous queries as well
74 * as negative results for @p key_hash queries that didn't find a certificate.
75 *
76 * See here for further details: https://github.com/randombit/botan/issues/2779
77 */
78 std::optional<X509_Certificate> find_cert_by_pubkey_sha1_via_exhaustive_search(
79 const std::vector<uint8_t>& key_hash) const;
80
81 private:
82 mutable std::map<std::vector<uint8_t>, std::optional<X509_Certificate>> m_non_rfc3289_certs;
83};
84} // namespace Botan
85
86#endif
Certificate_Store_Windows(const Certificate_Store_Windows &)=default
Certificate_Store_Windows & operator=(const Certificate_Store_Windows &)=default
Certificate_Store_Windows(Certificate_Store_Windows &&)=default
Certificate_Store_Windows & operator=(Certificate_Store_Windows &&)=default
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31