#include <certstor_windows.h>

Inheritance diagram for Botan::Certificate_Store_Windows:

Public Member Functions
std::vector< X509_DN >	all_subjects () const override

bool	certificate_known (const X509_Certificate &cert) const

	Certificate_Store_Windows ()

	Certificate_Store_Windows (Certificate_Store_Windows &&)=default

	Certificate_Store_Windows (const Certificate_Store_Windows &)=default

std::vector< X509_Certificate >	find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override

std::optional< X509_Certificate >	find_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override

std::optional< X509_Certificate >	find_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override

std::optional< X509_Certificate >	find_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override

std::optional< X509_CRL >	find_crl_for (const X509_Certificate &subject) const override

Certificate_Store_Windows &	operator= (Certificate_Store_Windows &&)=default

Certificate_Store_Windows &	operator= (const Certificate_Store_Windows &)=default

Detailed Description

Certificate Store that is backed by the system trust store on Windows.

Definition at line 21 of file certstor_windows.h.

Constructor & Destructor Documentation

◆ Certificate_Store_Windows() [1/3]

Botan::Certificate_Store_Windows::Certificate_Store_Windows ( )

Definition at line 156 of file certstor_windows.cpp.

156{}

Referenced by Certificate_Store_Windows(), Certificate_Store_Windows(), operator=(), and operator=().

◆ Certificate_Store_Windows() [2/3]

Botan::Certificate_Store_Windows::Certificate_Store_Windows ( const Certificate_Store_Windows & )

default

References Certificate_Store_Windows().

◆ Certificate_Store_Windows() [3/3]

Botan::Certificate_Store_Windows::Certificate_Store_Windows ( Certificate_Store_Windows && )

default

References Certificate_Store_Windows().

Member Function Documentation

◆ all_subjects()

std::vector< X509_DN > Botan::Certificate_Store_Windows::all_subjects ( ) const

overridevirtual

Returns: DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 158 of file certstor_windows.cpp.

                                                                 {
   std::vector<X509_DN> subject_dns;
   for(const auto store_name : cert_store_names) {
      Handle_Guard<HCERTSTORE> windows_cert_store = open_cert_store(store_name);
      Handle_Guard<PCCERT_CONTEXT> cert_context = nullptr;
 
      // Handle_Guard::assign exchanges the underlying pointer. No RAII is needed here, because the Windows API takes care of
      // freeing the previous context.
      while(cert_context.assign(CertEnumCertificatesInStore(windows_cert_store.get(), cert_context.get()))) {
         BER_Decoder dec(cert_context->pCertInfo->Subject.pbData, cert_context->pCertInfo->Subject.cbData);
 
         X509_DN dn;
         dn.decode_from(dec);
         subject_dns.emplace_back(std::move(dn));
      }
   }
 
   return subject_dns;
}

References Botan::X509_DN::decode_from().

Referenced by operator=().

◆ certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert ) const

inlineinherited

Returns: whether the certificate is known

Parameters

cert	certififcate to be searched

Definition at line 70 of file certstor.h.

70 {

71 return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value();

72 }

Botan::Certificate_Store::find_cert

virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const

Definition certstor.cpp:20

References find_cert(), Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

◆ find_all_certs()

std::vector< X509_Certificate > Botan::Certificate_Store_Windows::find_all_certs	(	const X509_DN &	subject_dn,
		const std::vector< uint8_t > &	key_id ) const

overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 187 of file certstor_windows.cpp.

188 {

189 return find_cert_by_dn_and_key_id(subject_dn, key_id, false);

190}

Referenced by operator=().

◆ find_cert()

std::optional< X509_Certificate > Botan::Certificate_Store_Windows::find_cert	(	const X509_DN &	subject_dn,
		const std::vector< uint8_t > &	key_id ) const

overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns: the first certificate that matches

Reimplemented from Botan::Certificate_Store.

Definition at line 178 of file certstor_windows.cpp.

                                                                                                             {
   const auto certs = find_cert_by_dn_and_key_id(subject_dn, key_id, true);
   if(certs.empty())
      return std::nullopt;
   else
      return certs.front();
}

Referenced by operator=().

◆ find_cert_by_pubkey_sha1()

std::optional< X509_Certificate > Botan::Certificate_Store_Windows::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns: a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 192 of file certstor_windows.cpp.

                                             {
   if(key_hash.size() != 20) {
      throw Invalid_Argument("Certificate_Store_Windows::find_cert_by_pubkey_sha1 invalid hash");
   }
 
   CRYPT_HASH_BLOB blob;
   blob.cbData = static_cast<DWORD>(key_hash.size());
   blob.pbData = const_cast<BYTE*>(key_hash.data());
 
   auto filter = [&](const std::vector<X509_Certificate>&, const X509_Certificate&) { return true; };
 
   // This assumes that the to-be-found certificate adheres to RFC 3280 (Section 4.2.1.2), because
   // the windows API does not allow to search for the SHA-1 of the certificate's public key directly.
   // Most certificates adhere to the above mentioned convention...
   const auto certs = search_cert_stores(blob, CERT_FIND_KEY_IDENTIFIER, filter, true);
   if(!certs.empty())
      return certs.front();
 
   // ... for certificates that don't adhere to RFC 3280 (Section 4.2.1.2), we will need to use a
   // fallback implementation that does an exhaustive search of all available certificates.
   return find_cert_by_pubkey_sha1_via_exhaustive_search(key_hash);
}

Referenced by operator=().

◆ find_cert_by_raw_subject_dn_sha256()

std::optional< X509_Certificate > Botan::Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash ) const

overridevirtual

Exceptions

Not_Implemented as this is not possible in the Windows system cert API

Implements Botan::Certificate_Store.

Definition at line 216 of file certstor_windows.cpp.

217 {

218 BOTAN_UNUSED(subject_hash);

219 throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");

220}

BOTAN_UNUSED

#define BOTAN_UNUSED

Definition assert.h:120

References BOTAN_UNUSED.

Referenced by operator=().

◆ find_crl_for()

std::optional< X509_CRL > Botan::Certificate_Store_Windows::find_crl_for ( const X509_Certificate & subject ) const

overridevirtual

Not Yet Implemented

Returns: nullptr;

Reimplemented from Botan::Certificate_Store.

Definition at line 222 of file certstor_windows.cpp.

                                                                                                   {
   // TODO: this could be implemented by using the CertFindCRLInStore function
   BOTAN_UNUSED(subject);
   return std::nullopt;
}

References BOTAN_UNUSED.

Referenced by operator=().

◆ operator=() [1/2]

Certificate_Store_Windows & Botan::Certificate_Store_Windows::operator= ( Certificate_Store_Windows && )

default

References all_subjects(), Certificate_Store_Windows(), find_all_certs(), find_cert(), find_cert_by_pubkey_sha1(), find_cert_by_raw_subject_dn_sha256(), and find_crl_for().

◆ operator=() [2/2]

Certificate_Store_Windows & Botan::Certificate_Store_Windows::operator= ( const Certificate_Store_Windows & )

default

References Certificate_Store_Windows().

The documentation for this class was generated from the following files:

src/lib/x509/certstor_system_windows/certstor_windows.h
src/lib/x509/certstor_system_windows/certstor_windows.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Certificate_Store_Windows() [1/3]

◆ Certificate_Store_Windows() [2/3]

◆ Certificate_Store_Windows() [3/3]

Member Function Documentation

◆ all_subjects()

◆ certificate_known()

◆ find_all_certs()

◆ find_cert()

◆ find_cert_by_pubkey_sha1()

◆ find_cert_by_raw_subject_dn_sha256()

◆ find_crl_for()

◆ operator=() [1/2]

◆ operator=() [2/2]