Botan 3.5.0
Crypto and TLS for C&
Botan::Certificate_Store_MacOS Class Referencefinal

#include <certstor_macos.h>

Inheritance diagram for Botan::Certificate_Store_MacOS:
Botan::Certificate_Store

Public Member Functions

std::vector< X509_DNall_subjects () const override
 
bool certificate_known (const X509_Certificate &cert) const
 
 Certificate_Store_MacOS ()
 
 Certificate_Store_MacOS (Certificate_Store_MacOS &&)=default
 
 Certificate_Store_MacOS (const Certificate_Store_MacOS &)=default
 
std::vector< X509_Certificatefind_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::optional< X509_Certificatefind_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
 
std::optional< X509_Certificatefind_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
 
std::optional< X509_Certificatefind_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
 
std::optional< X509_CRLfind_crl_for (const X509_Certificate &subject) const override
 
Certificate_Store_MacOSoperator= (Certificate_Store_MacOS &&)=default
 
Certificate_Store_MacOSoperator= (const Certificate_Store_MacOS &)=default
 

Detailed Description

Certificate Store that is backed by the system trust store on macOS. This opens a handle to the macOS keychain and serves certificate queries directly from there.

Definition at line 25 of file certstor_macos.h.

Constructor & Destructor Documentation

◆ Certificate_Store_MacOS() [1/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( )

Definition at line 337 of file certstor_macos.cpp.

337: m_impl(std::make_shared<Certificate_Store_MacOS_Impl>()) {}

◆ Certificate_Store_MacOS() [2/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( const Certificate_Store_MacOS & )
default

◆ Certificate_Store_MacOS() [3/3]

Botan::Certificate_Store_MacOS::Certificate_Store_MacOS ( Certificate_Store_MacOS && )
default

Member Function Documentation

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_MacOS::all_subjects ( ) const
overridevirtual
Returns
DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 339 of file certstor_macos.cpp.

339 {
340 // Note: This fetches and parses all certificates in the trust store.
341 // Apple's API provides SecCertificateCopyNormalizedSubjectSequence
342 // which facilitates reading the certificate DN without parsing the
343 // entire certificate via X509_Certificate. However, this
344 // function applies the same DN "normalization" as stated above.
345 const auto certificates = m_impl->findAll({});
346
347 std::vector<X509_DN> output;
348 std::transform(certificates.cbegin(),
349 certificates.cend(),
350 std::back_inserter(output),
351 [](const std::optional<X509_Certificate> cert) { return cert->subject_dn(); });
352
353 return output;
354}

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert) const
inlineinherited
Returns
whether the certificate is known
Parameters
certcertififcate to be searched

Definition at line 70 of file certstor.h.

70 {
71 return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();
72 }
virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition certstor.cpp:20

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

◆ find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_MacOS::find_all_certs ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 368 of file certstor_macos.cpp.

369 {
370 Certificate_Store_MacOS_Impl::Query query;
371 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
372
373 if(!key_id.empty()) {
374 query.addParameter(kSecAttrSubjectKeyID, key_id);
375 }
376
377 return m_impl->findAll(std::move(query));
378}

◆ find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert ( const X509_DN & subject_dn,
const std::vector< uint8_t > & key_id ) const
overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns
the first certificate that matches

Reimplemented from Botan::Certificate_Store.

Definition at line 356 of file certstor_macos.cpp.

357 {
358 Certificate_Store_MacOS_Impl::Query query;
359 query.addParameter(kSecAttrSubject, normalizeAndSerialize(subject_dn));
360
361 if(!key_id.empty()) {
362 query.addParameter(kSecAttrSubjectKeyID, key_id);
363 }
364
365 return m_impl->findOne(std::move(query));
366}

◆ find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash) const
overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns
a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 380 of file certstor_macos.cpp.

381 {
382 if(key_hash.size() != 20) {
383 throw Invalid_Argument("Certificate_Store_MacOS::find_cert_by_pubkey_sha1 invalid hash");
384 }
385
386 Certificate_Store_MacOS_Impl::Query query;
387 query.addParameter(kSecAttrPublicKeyHash, key_hash);
388
389 return m_impl->findOne(std::move(query));
390}

◆ find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash) const
overridevirtual
Exceptions
Not_Implemented

Implements Botan::Certificate_Store.

Definition at line 392 of file certstor_macos.cpp.

393 {
394 BOTAN_UNUSED(subject_hash);
395 throw Not_Implemented("Certificate_Store_MacOS::find_cert_by_raw_subject_dn_sha256");
396}
#define BOTAN_UNUSED
Definition assert.h:118

References BOTAN_UNUSED.

◆ find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_MacOS::find_crl_for ( const X509_Certificate & subject) const
overridevirtual

Fetching CRLs is not supported by the keychain on macOS. This will always return an empty list.

Reimplemented from Botan::Certificate_Store.

Definition at line 398 of file certstor_macos.cpp.

398 {
399 BOTAN_UNUSED(subject);
400 return {};
401}

References BOTAN_UNUSED.

◆ operator=() [1/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( Certificate_Store_MacOS && )
default

◆ operator=() [2/2]

Certificate_Store_MacOS & Botan::Certificate_Store_MacOS::operator= ( const Certificate_Store_MacOS & )
default

The documentation for this class was generated from the following files: