Botan  2.4.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Certificate_Store_In_Memory Class Referencefinal

#include <certstor.h>

Inheritance diagram for Botan::Certificate_Store_In_Memory:
Botan::Certificate_Store

Public Member Functions

void add_certificate (const X509_Certificate &cert)
 
void add_certificate (std::shared_ptr< const X509_Certificate > cert)
 
void add_crl (const X509_CRL &crl)
 
void add_crl (std::shared_ptr< const X509_CRL > crl)
 
std::vector< X509_DNall_subjects () const override
 
bool certificate_known (const X509_Certificate &cert) const
 
 Certificate_Store_In_Memory (const std::string &dir)
 
 Certificate_Store_In_Memory (const X509_Certificate &cert)
 
 Certificate_Store_In_Memory ()=default
 
std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
 
std::shared_ptr< const X509_CRLfind_crl_for (const X509_Certificate &subject) const override
 

Detailed Description

In Memory Certificate Store

Definition at line 82 of file certstor.h.

Constructor & Destructor Documentation

◆ Certificate_Store_In_Memory() [1/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const std::string &  dir)
explicit

Attempt to parse all files in dir (including subdirectories) as certificates. Ignores errors.

◆ Certificate_Store_In_Memory() [2/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate cert)
explicit

Adds given certificate to the store.

Definition at line 172 of file certstor.cpp.

References Certificate_Store_In_Memory(), and Botan::get_files_recursive().

173  {
174  add_certificate(cert);
175  }
void add_certificate(const X509_Certificate &cert)
Definition: certstor.cpp:20

◆ Certificate_Store_In_Memory() [3/3]

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( )
default

Create an empty store.

Referenced by Certificate_Store_In_Memory().

Member Function Documentation

◆ add_certificate() [1/2]

void Botan::Certificate_Store_In_Memory::add_certificate ( const X509_Certificate cert)

Add a certificate to the store.

Parameters
certcertificate to be added

Definition at line 20 of file certstor.cpp.

Referenced by Botan::PKIX::build_all_certificate_paths(), and Botan::PKIX::build_certificate_path().

21  {
22  for(const auto& c : m_certs)
23  if(*c == cert)
24  return;
25 
26  m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
27  }

◆ add_certificate() [2/2]

void Botan::Certificate_Store_In_Memory::add_certificate ( std::shared_ptr< const X509_Certificate cert)

Add a certificate already in a shared_ptr to the store.

Parameters
certcertificate to be added

Definition at line 29 of file certstor.cpp.

30  {
31  for(const auto& c : m_certs)
32  if(*c == *cert)
33  return;
34 
35  m_certs.push_back(cert);
36  }

◆ add_crl() [1/2]

void Botan::Certificate_Store_In_Memory::add_crl ( const X509_CRL crl)

Add a certificate revocation list (CRL) to the store.

Parameters
crlCRL to be added

Definition at line 125 of file certstor.cpp.

Referenced by Botan::PKIX::check_crl().

126  {
127  std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
128  return add_crl(crl_s);
129  }
void add_crl(const X509_CRL &crl)
Definition: certstor.cpp:125

◆ add_crl() [2/2]

void Botan::Certificate_Store_In_Memory::add_crl ( std::shared_ptr< const X509_CRL crl)

Add a certificate revocation list (CRL) to the store as a shared_ptr

Parameters
crlCRL to be added

Definition at line 131 of file certstor.cpp.

132  {
133  X509_DN crl_issuer = crl->issuer_dn();
134 
135  for(auto& c : m_crls)
136  {
137  // Found an update of a previously existing one; replace it
138  if(c->issuer_dn() == crl_issuer)
139  {
140  if(c->this_update() <= crl->this_update())
141  c = crl;
142  return;
143  }
144  }
145 
146  // Totally new CRL, add to the list
147  m_crls.push_back(crl);
148  }

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_In_Memory::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 38 of file certstor.cpp.

39  {
40  std::vector<X509_DN> subjects;
41  for(const auto& cert : m_certs)
42  subjects.push_back(cert->subject_dn());
43  return subjects;
44  }

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 70 of file certstor.h.

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

71  {
72  return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
73  }
virtual std::shared_ptr< const X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const =0

◆ find_all_certs()

std::vector< std::shared_ptr< const X509_Certificate > > Botan::Certificate_Store_In_Memory::find_all_certs ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 68 of file certstor.cpp.

References Botan::PEM_Code::matches().

Referenced by Botan::PKIX::build_all_certificate_paths().

71  {
72  std::vector<std::shared_ptr<const X509_Certificate>> matches;
73 
74  for(const auto& cert : m_certs)
75  {
76  if(key_id.size())
77  {
78  std::vector<uint8_t> skid = cert->subject_key_id();
79 
80  if(skid.size() && skid != key_id) // no match
81  continue;
82  }
83 
84  if(cert->subject_dn() == subject_dn)
85  matches.push_back(cert);
86  }
87 
88  return matches;
89  }
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:142

◆ find_cert()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Parameters
subject_dnthe subject's distinguished name
key_idan optional key id
Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 47 of file certstor.cpp.

Referenced by Botan::PKIX::build_certificate_path().

49  {
50  for(const auto& cert : m_certs)
51  {
52  // Only compare key ids if set in both call and in the cert
53  if(key_id.size())
54  {
55  std::vector<uint8_t> skid = cert->subject_key_id();
56 
57  if(skid.size() && skid != key_id) // no match
58  continue;
59  }
60 
61  if(cert->subject_dn() == subject_dn)
62  return cert;
63  }
64 
65  return nullptr;
66  }

◆ find_cert_by_pubkey_sha1()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > &  key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key. Used for OCSP.

Parameters
key_hashSHA-1 hash of the subject's public key
Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 92 of file certstor.cpp.

References Botan::HashFunction::create(), and hash.

93  {
94  if(key_hash.size() != 20)
95  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
96 
97  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
98 
99  for(const auto& cert : m_certs){
100  hash->update(cert->subject_public_key_bitstring());
101  if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
102  return cert;
103  }
104 
105  return nullptr;
106  }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
MechanismType hash

◆ find_cert_by_raw_subject_dn_sha256()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > &  subject_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters
subject_hashSHA-256 hash of the subject's raw name
Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 109 of file certstor.cpp.

References Botan::HashFunction::create(), and hash.

110  {
111  if(subject_hash.size() != 32)
112  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
113 
114  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
115 
116  for(const auto& cert : m_certs){
117  hash->update(cert->raw_subject_dn());
118  if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
119  return cert;
120  }
121 
122  return nullptr;
123  }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
MechanismType hash

◆ find_crl_for()

std::shared_ptr< const X509_CRL > Botan::Certificate_Store_In_Memory::find_crl_for ( const X509_Certificate subject) const
overridevirtual

Finds a CRL for the given certificate

Reimplemented from Botan::Certificate_Store.

Definition at line 150 of file certstor.cpp.

References Botan::X509_Certificate::authority_key_id(), and Botan::X509_Certificate::issuer_dn().

151  {
152  const std::vector<uint8_t>& key_id = subject.authority_key_id();
153 
154  for(const auto& c : m_crls)
155  {
156  // Only compare key ids if set in both call and in the CRL
157  if(key_id.size())
158  {
159  std::vector<uint8_t> akid = c->authority_key_id();
160 
161  if(akid.size() && akid != key_id) // no match
162  continue;
163  }
164 
165  if(c->issuer_dn() == subject.issuer_dn())
166  return c;
167  }
168 
169  return {};
170  }

The documentation for this class was generated from the following files: