Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Certificate_Store_MacOS Class Referencefinal

#include <certstor_macos.h>

Inheritance diagram for Botan::Certificate_Store_MacOS:
Botan::Certificate_Store

Public Member Functions

std::vector< X509_DNall_subjects () const override
 
bool certificate_known (const X509_Certificate &cert) const
 
 Certificate_Store_MacOS ()
 
 Certificate_Store_MacOS (Certificate_Store_MacOS &&)=default
 
 Certificate_Store_MacOS (const Certificate_Store_MacOS &)=default
 
std::vector< std::shared_ptr< const X509_Certificate > > find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
 
std::shared_ptr< const X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
 
std::shared_ptr< const X509_CRLfind_crl_for (const X509_Certificate &subject) const override
 
Certificate_Store_MacOSoperator= (Certificate_Store_MacOS &&)=default
 
Certificate_Store_MacOSoperator= (const Certificate_Store_MacOS &)=default
 

Detailed Description

Certificate Store that is backed by the system trust store on macOS. This opens a handle to the macOS keychain and serves certificate queries directly from there.

Definition at line 25 of file certstor_macos.h.

Constructor & Destructor Documentation

◆ Certificate_Store_MacOS() [1/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( )

Definition at line 388 of file certstor_macos.cpp.

388 :
389 m_impl(std::make_shared<Certificate_Store_MacOS_Impl>())
390 {
391 }

◆ Certificate_Store_MacOS() [2/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( const Certificate_Store_MacOS )
default

◆ Certificate_Store_MacOS() [3/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( Certificate_Store_MacOS &&  )
default

Member Function Documentation

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_MacOS::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 393 of file certstor_macos.cpp.

394 {
395 // Note: This fetches and parses all certificates in the trust store.
396 // Apple's API provides SecCertificateCopyNormalizedSubjectSequence
397 // which facilitates reading the certificate DN without parsing the
398 // entire certificate via Botan::X509_Certificate. However, this
399 // function applies the same DN "normalization" as stated above.
400 const auto certificates = m_impl->findAll({});
401
402 std::vector<X509_DN> output;
403 std::transform(certificates.cbegin(), certificates.cend(),
404 std::back_inserter(output),
405 [](const std::shared_ptr<const X509_Certificate> cert)
406 {
407 return cert->subject_dn();
408 });
409
410 return output;
411 }
#define transform(B0, B1, B2, B3)

References transform.

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 72 of file certstor.h.

73 {
74 return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
75 }
virtual std::shared_ptr< const X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition: certstor.cpp:20

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

◆ find_all_certs()

std::vector< std::shared_ptr< const X509_Certificate > > Botan::Certificate_Store_MacOS::find_all_certs ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 428 of file certstor_macos.cpp.

431 {
432 Certificate_Store_MacOS_Impl::Query query;
433 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
434
435 if(!key_id.empty())
436 {
437 query.addParameter(kSecAttrSubjectKeyID, key_id);
438 }
439
440 return m_impl->findAll(std::move(query));
441 }

◆ find_cert()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert ( const X509_DN subject_dn,
const std::vector< uint8_t > &  key_id 
) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns
the first certificate that matches

Reimplemented from Botan::Certificate_Store.

Definition at line 414 of file certstor_macos.cpp.

416 {
417 Certificate_Store_MacOS_Impl::Query query;
418 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
419
420 if(!key_id.empty())
421 {
422 query.addParameter(kSecAttrSubjectKeyID, key_id);
423 }
424
425 return m_impl->findOne(std::move(query));
426 }

◆ find_cert_by_pubkey_sha1()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > &  key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 444 of file certstor_macos.cpp.

445 {
446 if(key_hash.size() != 20)
447 {
448 throw Invalid_Argument("Certificate_Store_MacOS::find_cert_by_pubkey_sha1 invalid hash");
449 }
450
451 Certificate_Store_MacOS_Impl::Query query;
452 query.addParameter(kSecAttrPublicKeyHash, key_hash);
453
454 return m_impl->findOne(std::move(query));
455 }

◆ find_cert_by_raw_subject_dn_sha256()

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > &  subject_hash) const
overridevirtual
Exceptions
Botan::Not_Implemented

Implements Botan::Certificate_Store.

Definition at line 458 of file certstor_macos.cpp.

459 {
460 BOTAN_UNUSED(subject_hash);
461 throw Not_Implemented("Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256");
462 }
#define BOTAN_UNUSED(...)
Definition: assert.h:142

References BOTAN_UNUSED.

◆ find_crl_for()

std::shared_ptr< const X509_CRL > Botan::Certificate_Store_MacOS::find_crl_for ( const X509_Certificate subject) const
overridevirtual

Fetching CRLs is not supported by the keychain on macOS. This will always return an empty list.

Reimplemented from Botan::Certificate_Store.

Definition at line 464 of file certstor_macos.cpp.

465 {
466 BOTAN_UNUSED(subject);
467 return {};
468 }

References BOTAN_UNUSED.

◆ operator=() [1/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( Certificate_Store_MacOS &&  )
default

◆ operator=() [2/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( const Certificate_Store_MacOS )
default

The documentation for this class was generated from the following files: