Botan 3.12.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Certificate_Store_In_Memory Class Referencefinal

#include <certstor.h>

Inheritance diagram for Botan::Certificate_Store_In_Memory:
Botan::Certificate_Store

Public Member Functions

void add_certificate (const X509_Certificate &cert)
void add_crl (const X509_CRL &crl)
std::vector< X509_DNall_subjects () const override
bool certificate_known (const X509_Certificate &cert) const
 Certificate_Store_In_Memory ()
 Certificate_Store_In_Memory (Certificate_Store_In_Memory &&other) noexcept
 Certificate_Store_In_Memory (const Certificate_Store_In_Memory &other)
 Certificate_Store_In_Memory (const X509_Certificate &cert)
 Certificate_Store_In_Memory (const X509_Certificate &cert, const X509_CRL &crl)
bool contains (const X509_Certificate &cert) const override
std::vector< X509_Certificatefind_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificatefind_cert_by_issuer_dn_and_serial_number (const X509_DN &issuer_dn, std::span< const uint8_t > serial_number) const override
std::optional< X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
std::optional< X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
std::optional< X509_CRLfind_crl_for (const X509_Certificate &subject) const override
Certificate_Store_In_Memoryoperator= (Certificate_Store_In_Memory &&other) noexcept
Certificate_Store_In_Memoryoperator= (const Certificate_Store_In_Memory &other)=delete
 ~Certificate_Store_In_Memory () override

Detailed Description

In Memory Certificate Store

Definition at line 99 of file certstor.h.

Constructor & Destructor Documentation

◆ Certificate_Store_In_Memory() [1/5]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate & cert)
explicit

Adds given certificate to the store.

Definition at line 246 of file certstor.cpp.

246 : Certificate_Store_In_Memory() {
247 add_certificate(cert);
248}
Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory
Certificate_Store_In_Memory()
Definition certstor.cpp:63
Botan::Certificate_Store_In_Memory::add_certificate
void add_certificate(const X509_Certificate &cert)
Definition certstor.cpp:85

References add_certificate(), and Certificate_Store_In_Memory().

Referenced by Certificate_Store_In_Memory(), Certificate_Store_In_Memory(), Certificate_Store_In_Memory(), Certificate_Store_In_Memory(), operator=(), and operator=().

◆ Certificate_Store_In_Memory() [2/5]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate & cert,
const X509_CRL & crl )

Adds given certificate and CRL to the store.

Definition at line 250 of file certstor.cpp.

250 :
251 Certificate_Store_In_Memory() {
252 add_certificate(cert);
253 add_crl(crl);
254}
Botan::Certificate_Store_In_Memory::add_crl
void add_crl(const X509_CRL &crl)
Definition certstor.cpp:199

References add_certificate(), add_crl(), and Certificate_Store_In_Memory().

◆ Certificate_Store_In_Memory() [3/5]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( )

Create an empty store.

Definition at line 63 of file certstor.cpp.

63: m_impl(std::make_unique<Impl>()) {}

◆ Certificate_Store_In_Memory() [4/5]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const Certificate_Store_In_Memory & other)

Definition at line 65 of file certstor.cpp.

65 :
66 m_impl(std::make_unique<Impl>(other.impl())) {}

References Certificate_Store_In_Memory().

◆ Certificate_Store_In_Memory() [5/5]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( Certificate_Store_In_Memory && other)
defaultnoexcept

References Certificate_Store_In_Memory().

◆ ~Certificate_Store_In_Memory()

Botan::Certificate_Store_In_Memory::~Certificate_Store_In_Memory ( )
overridedefault

References add_certificate(), add_crl(), all_subjects(), contains(), find_all_certs(), find_cert(), find_cert_by_issuer_dn_and_serial_number(), find_cert_by_pubkey_sha1(), find_cert_by_raw_subject_dn_sha256(), and find_crl_for().

Member Function Documentation

◆ add_certificate()

void Botan::Certificate_Store_In_Memory::add_certificate ( const X509_Certificate & cert)

Add a certificate to the store.

Parameters
certcertificate to be added

Definition at line 85 of file certstor.cpp.

85 {
86 auto& store = impl();
87 const auto tag = cert.tag();
88 if(!store.m_cert_tags.contains(tag)) {
89 store.m_cert_tags.insert(tag);
90 const size_t idx = store.m_certs.size();
91 store.m_certs.push_back(cert);
92 store.m_dn_to_indices[cert.subject_dn()].push_back(idx);
93 }
94}

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::tag().

Referenced by Certificate_Store_In_Memory(), Certificate_Store_In_Memory(), and ~Certificate_Store_In_Memory().

◆ add_crl()

void Botan::Certificate_Store_In_Memory::add_crl ( const X509_CRL & crl)

Add a certificate revocation list (CRL) to the store.

Parameters
crlCRL to be added

Definition at line 199 of file certstor.cpp.

199 {
200 auto& store = impl();
201 const X509_DN& crl_issuer = crl.issuer_dn();
202
203 if(const auto it = store.m_issuer_dn_to_crl_idx.find(crl_issuer); it != store.m_issuer_dn_to_crl_idx.end()) {
204 auto& current_crl = store.m_crls.at(it->second);
205
206 // Found an update of a previously existing one; replace it
207 if(current_crl.this_update() <= crl.this_update()) {
208 current_crl = crl;
209 }
210
211 return;
212 }
213
214 // Totally new CRL, add to the list
215 store.m_issuer_dn_to_crl_idx.emplace(crl_issuer, store.m_crls.size());
216 store.m_crls.push_back(crl);
217}

References Botan::X509_CRL::issuer_dn(), and Botan::X509_CRL::this_update().

Referenced by Certificate_Store_In_Memory(), and ~Certificate_Store_In_Memory().

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_In_Memory::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 96 of file certstor.cpp.

96 {
97 const auto& store = impl();
98 std::vector<X509_DN> subjects;
99 subjects.reserve(store.m_certs.size());
100 for(const auto& cert : store.m_certs) {
101 subjects.push_back(cert.subject_dn());
102 }
103 return subjects;
104}

Referenced by ~Certificate_Store_In_Memory().

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert) const
inherited

Old version of contains

Definition at line 24 of file certstor.cpp.

24 {
25 return contains(cert);
26}
Botan::Certificate_Store::contains
virtual bool contains(const X509_Certificate &cert) const
Definition certstor.cpp:28

References contains().

Referenced by find_cert_by_issuer_dn_and_serial_number().

◆ contains()

bool Botan::Certificate_Store_In_Memory::contains ( const X509_Certificate & cert) const
overridevirtual
Returns
whether this certificate is contained within the store
Parameters
certcertificate to be searched

Default implementation uses find_all_certs

Reimplemented from Botan::Certificate_Store.

Definition at line 242 of file certstor.cpp.

242 {
243 return impl().m_cert_tags.contains(cert.tag());
244}

References Botan::X509_Certificate::tag().

Referenced by ~Certificate_Store_In_Memory().

◆ find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_In_Memory::find_all_certs ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 131 of file certstor.cpp.

132 {
133 const auto& store = impl();
134 std::vector<X509_Certificate> matches;
135
136 const auto it = store.m_dn_to_indices.find(subject_dn);
137 if(it == store.m_dn_to_indices.end()) {
138 return matches;
139 }
140
141 for(const size_t idx : it->second) {
142 const auto& cert = store.m_certs[idx];
143 BOTAN_ASSERT_NOMSG(cert.subject_dn() == subject_dn);
144
145 if(!key_id.empty()) {
146 const std::vector<uint8_t>& skid = cert.subject_key_id();
147 if(!skid.empty() && skid != key_id) { // no match
148 continue;
149 }
150 }
151
152 matches.push_back(cert);
153 }
154
155 return matches;
156}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::PEM_Code::matches
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:143

References BOTAN_ASSERT_NOMSG.

Referenced by ~Certificate_Store_In_Memory().

◆ find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Parameters
subject_dnthe subject's distinguished name
key_idan optional key id
Returns
a matching certificate or nullopt otherwise If more than one certificate in the certificate store matches, then a single value is selected arbitrarily.

Reimplemented from Botan::Certificate_Store.

Definition at line 106 of file certstor.cpp.

107 {
108 const auto& store = impl();
109 const auto it = store.m_dn_to_indices.find(subject_dn);
110 if(it == store.m_dn_to_indices.end()) {
111 return std::nullopt;
112 }
113
114 for(const size_t idx : it->second) {
115 const auto& cert = store.m_certs[idx];
116 BOTAN_ASSERT_NOMSG(cert.subject_dn() == subject_dn);
117
118 if(!key_id.empty()) {
119 const std::vector<uint8_t>& skid = cert.subject_key_id();
120 if(!skid.empty() && skid != key_id) { // no match
121 continue;
122 }
123 }
124
125 return cert;
126 }
127
128 return std::nullopt;
129}

References BOTAN_ASSERT_NOMSG.

Referenced by ~Certificate_Store_In_Memory().

◆ find_cert_by_issuer_dn_and_serial_number()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_issuer_dn_and_serial_number ( const X509_DN & issuer_dn,
std::span< const uint8_t > serial_number ) const
overridevirtual

Find a certificate by searching for one with a matching issuer DN and serial number. Used for CMS or PKCS#7.

Parameters
issuer_dnthe distinguished name of the issuer
serial_numberthe certificate's serial number
Returns
a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 188 of file certstor.cpp.

189 {
190 for(const auto& cert : impl().m_certs) {
191 if(cert.issuer_dn() == issuer_dn && std::ranges::equal(cert.serial_number(), serial_number)) {
192 return cert;
193 }
194 }
195
196 return std::nullopt;
197}

Referenced by ~Certificate_Store_In_Memory().

◆ find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key. Used for OCSP.

Parameters
key_hashSHA-1 hash of the subject's public key
Returns
a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 158 of file certstor.cpp.

159 {
160 if(key_hash.size() != 20) {
161 throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
162 }
163
164 for(const auto& cert : impl().m_certs) {
165 if(key_hash == cert.subject_public_key_bitstring_sha1()) {
166 return cert;
167 }
168 }
169
170 return std::nullopt;
171}

Referenced by ~Certificate_Store_In_Memory().

◆ find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters
subject_hashSHA-256 hash of the subject's raw name
Returns
a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 173 of file certstor.cpp.

174 {
175 if(subject_hash.size() != 32) {
176 throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
177 }
178
179 for(const auto& cert : impl().m_certs) {
180 if(subject_hash == cert.raw_subject_dn_sha256()) {
181 return cert;
182 }
183 }
184
185 return std::nullopt;
186}

Referenced by ~Certificate_Store_In_Memory().

◆ find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_In_Memory::find_crl_for ( const X509_Certificate & subject) const
overridevirtual

Finds a CRL for the given certificate

Reimplemented from Botan::Certificate_Store.

Definition at line 219 of file certstor.cpp.

219 {
220 const auto& store = impl();
221 const std::vector<uint8_t>& key_id = subject.authority_key_id();
222
223 const auto it = store.m_issuer_dn_to_crl_idx.find(subject.issuer_dn());
224 if(it == store.m_issuer_dn_to_crl_idx.end()) {
225 return std::nullopt;
226 }
227
228 const auto& crl = store.m_crls.at(it->second);
229
230 // Only compare key ids if set in both call and in the CRL
231 if(!key_id.empty()) {
232 const std::vector<uint8_t>& akid = crl.authority_key_id();
233
234 if(!akid.empty() && akid != key_id) {
235 return std::nullopt;
236 }
237 }
238
239 return crl;
240}

References Botan::X509_Certificate::authority_key_id(), and Botan::X509_Certificate::issuer_dn().

Referenced by ~Certificate_Store_In_Memory().

◆ operator=() [1/2]

Certificate_Store_In_Memory & Botan::Certificate_Store_In_Memory::operator= ( Certificate_Store_In_Memory && other)
defaultnoexcept

References Certificate_Store_In_Memory().

◆ operator=() [2/2]

Certificate_Store_In_Memory & Botan::Certificate_Store_In_Memory::operator= ( const Certificate_Store_In_Memory & other)
delete

References Certificate_Store_In_Memory().

The documentation for this class was generated from the following files:
Generated by doxygen 1.16.1