Botan::Certificate_Store_In_Memory Class Reference

#include <certstor.h>

Inheritance diagram for Botan::Certificate_Store_In_Memory:

Public Member Functions
void	add_certificate (const X509_Certificate &cert)
void	add_crl (const X509_CRL &crl)
std::vector< X509_DN >	all_subjects () const override
bool	certificate_known (const X509_Certificate &cert) const
	Certificate_Store_In_Memory ()=default
	Certificate_Store_In_Memory (const X509_Certificate &cert)
	Certificate_Store_In_Memory (const X509_Certificate &cert, const X509_CRL &crl)
std::vector< X509_Certificate >	find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificate >	find_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificate >	find_cert_by_issuer_dn_and_serial_number (const X509_DN &issuer_dn, std::span< const uint8_t > serial_number) const override
std::optional< X509_Certificate >	find_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
std::optional< X509_Certificate >	find_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
std::optional< X509_CRL >	find_crl_for (const X509_Certificate &subject) const override

Detailed Description

In Memory Certificate Store

Definition at line 91 of file certstor.h.

Constructor & Destructor Documentation

Certificate_Store_In_Memory() [1/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate & cert )

explicit

Adds given certificate to the store.

Definition at line 182 of file certstor.cpp.

                                                                                     {
   add_certificate(cert);
}

References add_certificate().

Certificate_Store_In_Memory() [2/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory	(	const X509_Certificate &	cert,
		const X509_CRL &	crl )

Adds given certificate and CRL to the store.

Definition at line 186 of file certstor.cpp.

                                                                                                          {
   add_certificate(cert);
   add_crl(crl);
}

References add_certificate(), and add_crl().

Certificate_Store_In_Memory() [3/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( )

default

Create an empty store.

References add_certificate(), add_crl(), all_subjects(), find_all_certs(), find_cert(), find_cert_by_issuer_dn_and_serial_number(), find_cert_by_pubkey_sha1(), find_cert_by_raw_subject_dn_sha256(), and find_crl_for().

Member Function Documentation

add_certificate()

void Botan::Certificate_Store_In_Memory::add_certificate

(

const X509_Certificate &

cert

)

Add a certificate to the store.

Parameters

cert	certificate to be added

Definition at line 37 of file certstor.cpp.

                                                                              {
   for(const auto& c : m_certs) {
      if(c == cert) {
         return;
      }
   }
 
   m_certs.push_back(cert);
}

Referenced by Botan::PKIX::build_all_certificate_paths(), Botan::PKIX::build_certificate_path(), Certificate_Store_In_Memory(), Certificate_Store_In_Memory(), and Certificate_Store_In_Memory().

add_crl()

void Botan::Certificate_Store_In_Memory::add_crl

(

const X509_CRL &

crl

)

Add a certificate revocation list (CRL) to the store.

Parameters

crl	CRL to be added

Definition at line 144 of file certstor.cpp.

                                                             {
   const X509_DN& crl_issuer = crl.issuer_dn();
 
   for(auto& c : m_crls) {
      // Found an update of a previously existing one; replace it
      if(c.issuer_dn() == crl_issuer) {
         if(c.this_update() <= crl.this_update()) {
            c = crl;
         }
         return;
      }
   }
 
   // Totally new CRL, add to the list
   m_crls.push_back(crl);
}

References Botan::X509_CRL::issuer_dn(), and Botan::X509_CRL::this_update().

Referenced by Certificate_Store_In_Memory(), and Certificate_Store_In_Memory().

all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_In_Memory::all_subjects ( ) const

overridevirtual

Returns

DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 47 of file certstor.cpp.

                                                                   {
   std::vector<X509_DN> subjects;
   subjects.reserve(m_certs.size());
   for(const auto& cert : m_certs) {
      subjects.push_back(cert.subject_dn());
   }
   return subjects;
}

Referenced by Certificate_Store_In_Memory().

certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert ) const

inlineinherited

Returns

whether the certificate is known

Parameters

cert	certififcate to be searched

Definition at line 80 of file certstor.h.

                                                                 {
         return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();
      }

References find_cert(), Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_In_Memory::find_all_certs ( const X509_DN & subject_dn, const std::vector< uint8_t > & key_id ) const

overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 76 of file certstor.cpp.

                                                                                                                  {
   std::vector<X509_Certificate> matches;
 
   for(const auto& cert : m_certs) {
      if(!key_id.empty()) {
         const std::vector<uint8_t>& skid = cert.subject_key_id();
 
         if(!skid.empty() && skid != key_id) {  // no match
            continue;
         }
      }
 
      if(cert.subject_dn() == subject_dn) {
         matches.push_back(cert);
      }
   }
 
   return matches;
}

Referenced by Botan::PKIX::build_all_certificate_paths(), and Certificate_Store_In_Memory().

find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert ( const X509_DN & subject_dn, const std::vector< uint8_t > & key_id ) const

overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Parameters

subject_dn	the subject's distinguished name
key_id	an optional key id

Returns

a matching certificate or nullopt otherwise If more than one certificate in the certificate store matches, then a single value is selected arbitrarily.

Reimplemented from Botan::Certificate_Store.

Definition at line 56 of file certstor.cpp.

                                                                                                               {
   for(const auto& cert : m_certs) {
      // Only compare key ids if set in both call and in the cert
      if(!key_id.empty()) {
         const std::vector<uint8_t>& skid = cert.subject_key_id();
 
         if(!skid.empty() && skid != key_id) {  // no match
            continue;
         }
      }
 
      if(cert.subject_dn() == subject_dn) {
         return cert;
      }
   }
 
   return std::nullopt;
}

Referenced by Botan::PKIX::build_certificate_path(), and Certificate_Store_In_Memory().

find_cert_by_issuer_dn_and_serial_number()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_issuer_dn_and_serial_number ( const X509_DN & issuer_dn, std::span< const uint8_t > serial_number ) const

overridevirtual

Find a certificate by searching for one with a matching issuer DN and serial number. Used for CMS or PKCS#7.

Parameters

issuer_dn	the distinguished name of the issuer
serial_number	the certificate's serial number

Returns

a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 133 of file certstor.cpp.

                                                                         {
   for(const auto& cert : m_certs) {
      if(cert.issuer_dn() == issuer_dn && std::ranges::equal(cert.serial_number(), serial_number)) {
         return cert;
      }
   }
 
   return std::nullopt;
}

Referenced by Certificate_Store_In_Memory().

find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key. Used for OCSP.

Parameters

key_hash

SHA-1 hash of the subject's public key

Returns

a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 97 of file certstor.cpp.

                                             {
   if(key_hash.size() != 20) {
      throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
   }
 
   auto hash = HashFunction::create_or_throw("SHA-1");
 
   for(const auto& cert : m_certs) {
      hash->update(cert.subject_public_key_bitstring());
      if(key_hash == hash->final_stdvec()) {  //final_stdvec also clears the hash to initial state
         return cert;
      }
   }
 
   return std::nullopt;
}

References Botan::HashFunction::create_or_throw().

Referenced by Certificate_Store_In_Memory().

find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters

subject_hash

SHA-256 hash of the subject's raw name

Returns

a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 115 of file certstor.cpp.

                                                 {
   if(subject_hash.size() != 32) {
      throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
   }
 
   auto hash = HashFunction::create_or_throw("SHA-256");
 
   for(const auto& cert : m_certs) {
      hash->update(cert.raw_subject_dn());
      if(subject_hash == hash->final_stdvec()) {  //final_stdvec also clears the hash to initial state
         return cert;
      }
   }
 
   return std::nullopt;
}

References Botan::HashFunction::create_or_throw().

Referenced by Certificate_Store_In_Memory().

find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_In_Memory::find_crl_for ( const X509_Certificate & subject ) const

overridevirtual

Finds a CRL for the given certificate

Reimplemented from Botan::Certificate_Store.

Definition at line 161 of file certstor.cpp.

                                                                                                     {
   const std::vector<uint8_t>& key_id = subject.authority_key_id();
 
   for(const auto& c : m_crls) {
      // Only compare key ids if set in both call and in the CRL
      if(!key_id.empty()) {
         const std::vector<uint8_t>& akid = c.authority_key_id();
 
         if(!akid.empty() && akid != key_id) {  // no match
            continue;
         }
      }
 
      if(c.issuer_dn() == subject.issuer_dn()) {
         return c;
      }
   }
 
   return {};
}

References Botan::X509_Certificate::authority_key_id(), and Botan::X509_Certificate::issuer_dn().

Referenced by Certificate_Store_In_Memory().

---

The documentation for this class was generated from the following files:

• src/lib/x509/certstor.h
• src/lib/x509/certstor.cpp