Botan 3.9.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Certificate_Store_MacOS Class Referencefinal

#include <certstor_macos.h>

Inheritance diagram for Botan::Certificate_Store_MacOS:
Botan::Certificate_Store

Public Member Functions

std::vector< X509_DNall_subjects () const override
bool certificate_known (const X509_Certificate &cert) const
 Certificate_Store_MacOS ()
 Certificate_Store_MacOS (Certificate_Store_MacOS &&)=default
 Certificate_Store_MacOS (const Certificate_Store_MacOS &)=default
std::vector< X509_Certificatefind_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::optional< X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
std::optional< X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
std::optional< X509_CRLfind_crl_for (const X509_Certificate &subject) const override
Certificate_Store_MacOSoperator= (Certificate_Store_MacOS &&)=default
Certificate_Store_MacOSoperator= (const Certificate_Store_MacOS &)=default

Detailed Description

Certificate Store that is backed by the system trust store on macOS. This opens a handle to the macOS keychain and serves certificate queries directly from there.

Definition at line 25 of file certstor_macos.h.

Constructor & Destructor Documentation

◆ Certificate_Store_MacOS() [1/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( )

Definition at line 334 of file certstor_macos.cpp.

334: m_impl(std::make_shared<Certificate_Store_MacOS_Impl>()) {}

Referenced by Certificate_Store_MacOS(), Certificate_Store_MacOS(), operator=(), and operator=().

◆ Certificate_Store_MacOS() [2/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( const Certificate_Store_MacOS & )
default

References Certificate_Store_MacOS().

◆ Certificate_Store_MacOS() [3/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( Certificate_Store_MacOS && )
default

References Certificate_Store_MacOS().

Member Function Documentation

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_MacOS::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 336 of file certstor_macos.cpp.

336 {
337 // Note: This fetches and parses all certificates in the trust store.
338 // Apple's API provides SecCertificateCopyNormalizedSubjectSequence
339 // which facilitates reading the certificate DN without parsing the
340 // entire certificate via X509_Certificate. However, this
341 // function applies the same DN "normalization" as stated above.
342 const auto certificates = m_impl->findAll({});
343
344 std::vector<X509_DN> output;
345 std::transform(certificates.cbegin(),
346 certificates.cend(),
347 std::back_inserter(output),
348 [](const std::optional<X509_Certificate> cert) { return cert->subject_dn(); });
349
350 return output;
351}

Referenced by operator=().

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 70 of file certstor.h.

70 {
71 return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();
72 }
Botan::Certificate_Store::find_cert
virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition certstor.cpp:20

References find_cert(), Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

◆ find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_MacOS::find_all_certs ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 365 of file certstor_macos.cpp.

366 {
367 Certificate_Store_MacOS_Impl::Query query;
368 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
369
370 if(!key_id.empty()) {
371 query.addParameter(kSecAttrSubjectKeyID, key_id);
372 }
373
374 return m_impl->findAll(std::move(query));
375}

Referenced by operator=().

◆ find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns
the first certificate that matches

Reimplemented from Botan::Certificate_Store.

Definition at line 353 of file certstor_macos.cpp.

354 {
355 Certificate_Store_MacOS_Impl::Query query;
356 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
357
358 if(!key_id.empty()) {
359 query.addParameter(kSecAttrSubjectKeyID, key_id);
360 }
361
362 return m_impl->findOne(std::move(query));
363}

Referenced by operator=().

◆ find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 377 of file certstor_macos.cpp.

378 {
379 if(key_hash.size() != 20) {
380 throw Invalid_Argument("Certificate_Store_MacOS::find_cert_by_pubkey_sha1 invalid hash");
381 }
382
383 Certificate_Store_MacOS_Impl::Query query;
384 query.addParameter(kSecAttrPublicKeyHash, key_hash);
385
386 return m_impl->findOne(std::move(query));
387}

Referenced by operator=().

◆ find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash) const
overridevirtual
Exceptions
Not_Implemented

Implements Botan::Certificate_Store.

Definition at line 389 of file certstor_macos.cpp.

390 {
391 BOTAN_UNUSED(subject_hash);
392 throw Not_Implemented("Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256");
393}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144

References BOTAN_UNUSED.

Referenced by operator=().

◆ find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_MacOS::find_crl_for ( const X509_Certificate & subject) const
overridevirtual

Fetching CRLs is not supported by the keychain on macOS. This will always return an empty list.

Reimplemented from Botan::Certificate_Store.

Definition at line 395 of file certstor_macos.cpp.

395 {
396 BOTAN_UNUSED(subject);
397 return {};
398}

References BOTAN_UNUSED.

Referenced by operator=().

◆ operator=() [1/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( Certificate_Store_MacOS && )
default

References all_subjects(), Certificate_Store_MacOS(), find_all_certs(), find_cert(), find_cert_by_pubkey_sha1(), find_cert_by_raw_subject_dn_sha256(), and find_crl_for().

◆ operator=() [2/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( const Certificate_Store_MacOS & )
default

References Certificate_Store_MacOS().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0