Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Certificate_Store_In_Memory Class Referencefinal

#include <certstor.h>

Inheritance diagram for Botan::Certificate_Store_In_Memory:
Botan::Certificate_Store

Public Member Functions

void add_certificate (const X509_Certificate &cert)
 
void add_crl (const X509_CRL &crl)
 
std::vector< X509_DNall_subjects () const override
 
bool certificate_known (const X509_Certificate &cert) const
 
 Certificate_Store_In_Memory ()=default
 
 Certificate_Store_In_Memory (const std::string &dir)
 
 Certificate_Store_In_Memory (const X509_Certificate &cert)
 
std::vector< X509_Certificatefind_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::optional< X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::optional< X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
 
std::optional< X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
 
std::optional< X509_CRLfind_crl_for (const X509_Certificate &subject) const override
 

Detailed Description

In Memory Certificate Store

Definition at line 85 of file certstor.h.

Constructor & Destructor Documentation

◆ Certificate_Store_In_Memory() [1/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const std::string &  dir)
explicit

Attempt to parse all files in dir (including subdirectories) as certificates. Ignores errors.

◆ Certificate_Store_In_Memory() [2/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate cert)
explicit

Adds given certificate to the store.

Definition at line 175 of file certstor.cpp.

176 {
177 add_certificate(cert);
178 }
void add_certificate(const X509_Certificate &cert)
Definition: certstor.cpp:38

References add_certificate().

◆ Certificate_Store_In_Memory() [3/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( )
default

Create an empty store.

Member Function Documentation

◆ add_certificate()

void Botan::Certificate_Store_In_Memory::add_certificate ( const X509_Certificate cert)

Add a certificate to the store.

Parameters
certcertificate to be added

Definition at line 38 of file certstor.cpp.

39 {
40 for(const auto& c : m_certs)
41 if(c == cert)
42 return;
43
44 m_certs.push_back(cert);
45 }

Referenced by Botan::PKIX::build_all_certificate_paths(), Botan::PKIX::build_certificate_path(), and Certificate_Store_In_Memory().

◆ add_crl()

void Botan::Certificate_Store_In_Memory::add_crl ( const X509_CRL crl)

Add a certificate revocation list (CRL) to the store.

Parameters
crlCRL to be added

Definition at line 134 of file certstor.cpp.

135 {
136 const X509_DN& crl_issuer = crl.issuer_dn();
137
138 for(auto& c : m_crls)
139 {
140 // Found an update of a previously existing one; replace it
141 if(c.issuer_dn() == crl_issuer)
142 {
143 if(c.this_update() <= crl.this_update())
144 c = crl;
145 return;
146 }
147 }
148
149 // Totally new CRL, add to the list
150 m_crls.push_back(crl);
151 }

References Botan::X509_CRL::issuer_dn(), and Botan::X509_CRL::this_update().

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_In_Memory::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 47 of file certstor.cpp.

48 {
49 std::vector<X509_DN> subjects;
50 for(const auto& cert : m_certs)
51 subjects.push_back(cert.subject_dn());
52 return subjects;
53 }

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 73 of file certstor.h.

74 {
75 return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();
76 }
virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition: certstor.cpp:20

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

◆ find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_In_Memory::find_all_certs ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 77 of file certstor.cpp.

80 {
81 std::vector<X509_Certificate> matches;
82
83 for(const auto& cert : m_certs)
84 {
85 if(!key_id.empty())
86 {
87 std::vector<uint8_t> skid = cert.subject_key_id();
88
89 if(!skid.empty() && skid != key_id) // no match
90 continue;
91 }
92
93 if(cert.subject_dn() == subject_dn)
94 matches.push_back(cert);
95 }
96
97 return matches;
98 }
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:140

References Botan::PEM_Code::matches().

Referenced by Botan::PKIX::build_all_certificate_paths().

◆ find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Parameters
subject_dnthe subject's distinguished name
key_idan optional key id
Returns
a matching certificate or nullopt otherwise If more than one certificate in the certificate store matches, then a single value is selected arbitrarily.

Reimplemented from Botan::Certificate_Store.

Definition at line 56 of file certstor.cpp.

58 {
59 for(const auto& cert : m_certs)
60 {
61 // Only compare key ids if set in both call and in the cert
62 if(!key_id.empty())
63 {
64 std::vector<uint8_t> skid = cert.subject_key_id();
65
66 if(!skid.empty() && skid != key_id) // no match
67 continue;
68 }
69
70 if(cert.subject_dn() == subject_dn)
71 return cert;
72 }
73
74 return std::nullopt;
75 }

Referenced by Botan::PKIX::build_certificate_path().

◆ find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > &  key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key. Used for OCSP.

Parameters
key_hashSHA-1 hash of the subject's public key
Returns
a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 101 of file certstor.cpp.

102 {
103 if(key_hash.size() != 20)
104 throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
105
106 std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
107
108 for(const auto& cert : m_certs){
109 hash->update(cert.subject_public_key_bitstring());
110 if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
111 return cert;
112 }
113
114 return std::nullopt;
115 }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:98
MechanismType hash

References Botan::HashFunction::create(), and hash.

◆ find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > &  subject_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters
subject_hashSHA-256 hash of the subject's raw name
Returns
a matching certificate or nullopt otherwise

Implements Botan::Certificate_Store.

Definition at line 118 of file certstor.cpp.

119 {
120 if(subject_hash.size() != 32)
121 throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
122
123 std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
124
125 for(const auto& cert : m_certs){
126 hash->update(cert.raw_subject_dn());
127 if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
128 return cert;
129 }
130
131 return std::nullopt;
132 }

References Botan::HashFunction::create(), and hash.

◆ find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_In_Memory::find_crl_for ( const X509_Certificate subject) const
overridevirtual

Finds a CRL for the given certificate

Reimplemented from Botan::Certificate_Store.

Definition at line 153 of file certstor.cpp.

154 {
155 const std::vector<uint8_t>& key_id = subject.authority_key_id();
156
157 for(const auto& c : m_crls)
158 {
159 // Only compare key ids if set in both call and in the CRL
160 if(!key_id.empty())
161 {
162 std::vector<uint8_t> akid = c.authority_key_id();
163
164 if(!akid.empty() && akid != key_id) // no match
165 continue;
166 }
167
168 if(c.issuer_dn() == subject.issuer_dn())
169 return c;
170 }
171
172 return {};
173 }

References Botan::X509_Certificate::authority_key_id(), and Botan::X509_Certificate::issuer_dn().


The documentation for this class was generated from the following files: