Botan  2.11.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Certificate_Store_MacOS Class Referencefinal

#include <certstor_macos.h>

Inheritance diagram for Botan::Certificate_Store_MacOS:
Botan::Certificate_Store

Public Member Functions

std::vector< X509_DNall_subjects () const override
 
bool certificate_known (const X509_Certificate &cert) const
 
 Certificate_Store_MacOS ()
 
 Certificate_Store_MacOS (const Certificate_Store_MacOS &)=default
 
 Certificate_Store_MacOS (Certificate_Store_MacOS &&)=default
 
std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
 
std::shared_ptr< const X509_CRLfind_crl_for (const X509_Certificate &subject) const override
 
Certificate_Store_MacOSoperator= (const Certificate_Store_MacOS &)=default
 
Certificate_Store_MacOSoperator= (Certificate_Store_MacOS &&)=default
 

Detailed Description

Certificate Store that is backed by the system trust store on macOS. This opens a handle to the macOS keychain and serves certificate queries directly from there.

Definition at line 25 of file certstor_macos.h.

Constructor & Destructor Documentation

◆ Certificate_Store_MacOS() [1/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( )

Definition at line 335 of file certstor_macos.cpp.

335  :
336  m_impl(std::make_shared<Certificate_Store_MacOS_Impl>())
337  {
338  }

◆ Certificate_Store_MacOS() [2/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( const Certificate_Store_MacOS )
default

◆ Certificate_Store_MacOS() [3/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( Certificate_Store_MacOS &&  )
default

Member Function Documentation

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_MacOS::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 340 of file certstor_macos.cpp.

References BOTAN_ASSERT.

341  {
342  scoped_CFType<CFArrayRef> result(m_impl->search());
343 
344  if(!result)
345  {
346  return {}; // not a single certificate found in the keychain
347  }
348 
349  const auto count = CFArrayGetCount(result.get());
350  BOTAN_ASSERT(count > 0, "subject result list contains data");
351 
352  std::vector<X509_DN> output;
353  output.reserve(count);
354  for(unsigned int i = 0; i < count; ++i)
355  {
356  // Note: Apple's API provides SecCertificateCopyNormalizedSubjectSequence
357  // which would have saved us from reading a Botan::X509_Certificate,
358  // however, this function applies the same DN "normalization" as
359  // stated above.
360  auto cfCert = to_SecCertificateRef(CFArrayGetValueAtIndex(result.get(), i));
361  auto cert = readCertificate(cfCert);
362  output.emplace_back(cert->subject_dn());
363  }
364 
365  return output;
366  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 70 of file certstor.h.

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

71  {
72  return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
73  }
virtual std::shared_ptr< const X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const =0

◆ find_all_certs()

std::vector< std::shared_ptr< const X509_Certificate > > Botan::Certificate_Store_MacOS::find_all_certs ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 387 of file certstor_macos.cpp.

References BOTAN_ASSERT.

Referenced by find_cert().

390  {
391  std::vector<uint8_t> dn_data;
392  DER_Encoder encoder(dn_data);
393  normalize(subject_dn).encode_into(encoder);
394 
395  scoped_CFType<CFDataRef> dn_cfdata(createCFDataView(dn_data));
396  check_notnull(dn_cfdata, "create DN search object");
397 
398  Certificate_Store_MacOS_Impl::Query query_params(
399  {
400  {kSecAttrSubject, dn_cfdata.get()}
401  });
402 
403  scoped_CFType<CFDataRef> keyid_cfdata(createCFDataView(key_id));
404  check_notnull(keyid_cfdata, "create key ID search object");
405  if(!key_id.empty())
406  {
407  query_params.push_back({kSecAttrSubjectKeyID, keyid_cfdata.get()});
408  }
409 
410  scoped_CFType<CFArrayRef> result(m_impl->search(std::move(query_params)));
411 
412  if(!result)
413  {
414  return {}; // no certificates found
415  }
416 
417  const auto count = CFArrayGetCount(result.get());
418  BOTAN_ASSERT(count > 0, "certificate result list contains data");
419 
420  std::vector<std::shared_ptr<const X509_Certificate>> output;
421  output.reserve(count);
422  for(unsigned int i = 0; i < count; ++i)
423  {
424  auto cfCert = to_SecCertificateRef(CFArrayGetValueAtIndex(result.get(), i));
425  output.emplace_back(readCertificate(cfCert));
426  }
427 
428  return output;
429  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55

◆ find_cert()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns
the first certificate that matches

Implements Botan::Certificate_Store.

Definition at line 369 of file certstor_macos.cpp.

References find_all_certs().

371  {
372  const auto certs = find_all_certs(subject_dn, key_id);
373 
374  if(certs.empty())
375  {
376  return nullptr; // certificate not found
377  }
378 
379  if(certs.size() != 1)
380  {
381  throw Lookup_Error("ambiguous certificate result");
382  }
383 
384  return certs.front();
385  }
std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override

◆ find_cert_by_pubkey_sha1()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > &  key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 432 of file certstor_macos.cpp.

433  {
434  if(key_hash.size() != 20)
435  {
436  throw Invalid_Argument("Certificate_Store_MacOS::find_cert_by_pubkey_sha1 invalid hash");
437  }
438 
439  scoped_CFType<CFDataRef> key_hash_cfdata(createCFDataView(key_hash));
440  check_notnull(key_hash_cfdata, "create key hash search object");
441 
442  scoped_CFType<CFArrayRef> result(m_impl->search(
443  {
444  {kSecAttrPublicKeyHash, key_hash_cfdata.get()},
445  }));
446 
447  if(!result)
448  {
449  return nullptr; // no certificate found
450  }
451 
452  const auto count = CFArrayGetCount(result.get());
453  BOTAN_ASSERT(count > 0, "certificate result list contains an object");
454 
455  // `count` might be greater than 1, but we'll just select the first match
456  auto cfCert = to_SecCertificateRef(CFArrayGetValueAtIndex(result.get(), 0));
457  return readCertificate(cfCert);
458  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55

◆ find_cert_by_raw_subject_dn_sha256()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > &  subject_hash) const
overridevirtual
Exceptions
Botan::Not_Implemented

Implements Botan::Certificate_Store.

Definition at line 461 of file certstor_macos.cpp.

References BOTAN_UNUSED.

462  {
463  BOTAN_UNUSED(subject_hash);
464  throw Not_Implemented("Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256");
465  }
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ find_crl_for()

std::shared_ptr< const X509_CRL > Botan::Certificate_Store_MacOS::find_crl_for ( const X509_Certificate subject) const
overridevirtual

Fetching CRLs is not supported by the keychain on macOS. This will always return an empty list.

Reimplemented from Botan::Certificate_Store.

Definition at line 467 of file certstor_macos.cpp.

References BOTAN_UNUSED.

468  {
469  BOTAN_UNUSED(subject);
470  return {};
471  }
#define BOTAN_UNUSED(...)
Definition: assert.h:142

◆ operator=() [1/2]

Certificate_Store_MacOS& Botan::Certificate_Store_MacOS::operator= ( const Certificate_Store_MacOS )
default

◆ operator=() [2/2]

Certificate_Store_MacOS& Botan::Certificate_Store_MacOS::operator= ( Certificate_Store_MacOS &&  )
default

The documentation for this class was generated from the following files: