#include <certstor_windows.h>
Inheritance diagram for Botan::Certificate_Store_Windows:
Public Member Functions | |
| std::vector< X509_DN > | all_subjects () const override |
| bool | certificate_known (const X509_Certificate &cert) const |
| Certificate_Store_Windows () | |
| Certificate_Store_Windows (Certificate_Store_Windows &&)=default | |
| Certificate_Store_Windows (const Certificate_Store_Windows &)=default | |
| std::vector< X509_Certificate > | find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override |
| std::optional< X509_Certificate > | find_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override |
| std::optional< X509_Certificate > | find_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override |
| std::optional< X509_Certificate > | find_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override |
| std::optional< X509_CRL > | find_crl_for (const X509_Certificate &subject) const override |
| Certificate_Store_Windows & | operator= (Certificate_Store_Windows &&)=default |
| Certificate_Store_Windows & | operator= (const Certificate_Store_Windows &)=default |
Detailed Description
Certificate Store that is backed by the system trust store on Windows.
Definition at line 21 of file certstor_windows.h.
Constructor & Destructor Documentation
◆ Certificate_Store_Windows() [1/3]
| Botan::Certificate_Store_Windows::Certificate_Store_Windows | ( | ) |
Definition at line 154 of file certstor_windows.cpp.
154{}
◆ Certificate_Store_Windows() [2/3]
|
default |
◆ Certificate_Store_Windows() [3/3]
|
default |
Member Function Documentation
◆ all_subjects()
|
overridevirtual |
- Returns
- DNs for all certificates managed by the store
Implements Botan::Certificate_Store.
Definition at line 156 of file certstor_windows.cpp.
156 {
157 std::vector<X509_DN> subject_dns;
158 for(const auto store_name : cert_store_names) {
159 Handle_Guard<HCERTSTORE> windows_cert_store = open_cert_store(store_name);
160 Handle_Guard<PCCERT_CONTEXT> cert_context = nullptr;
161
162 // Handle_Guard::assign exchanges the underlying pointer. No RAII is needed here, because the Windows API takes care of
163 // freeing the previous context.
164 while(cert_context.assign(CertEnumCertificatesInStore(windows_cert_store.get(), cert_context.get()))) {
165 BER_Decoder dec(cert_context->pCertInfo->Subject.pbData, cert_context->pCertInfo->Subject.cbData);
166
167 X509_DN dn;
168 dn.decode_from(dec);
169 subject_dns.emplace_back(std::move(dn));
170 }
171 }
172
173 return subject_dns;
174}
References Botan::X509_DN::decode_from().
◆ certificate_known()
|
inlineinherited |
- Returns
- whether the certificate is known
- Parameters
-
cert certififcate to be searched
Definition at line 70 of file certstor.h.
70 {
72 }
virtual std::optional< X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const
Definition certstor.cpp:20
References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().
◆ find_all_certs()
|
overridevirtual |
Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.
Implements Botan::Certificate_Store.
Definition at line 185 of file certstor_windows.cpp.
186 {
187 return find_cert_by_dn_and_key_id(subject_dn, key_id, false);
188}
◆ find_cert()
|
overridevirtual |
Find a certificate by Subject DN and (optionally) key identifier
- Returns
- the first certificate that matches
Reimplemented from Botan::Certificate_Store.
Definition at line 176 of file certstor_windows.cpp.
177 {
178 const auto certs = find_cert_by_dn_and_key_id(subject_dn, key_id, true);
179 if(certs.empty())
180 return std::nullopt;
181 else
182 return certs.front();
183}
◆ find_cert_by_pubkey_sha1()
|
overridevirtual |
Find a certificate by searching for one with a matching SHA-1 hash of public key.
- Returns
- a matching certificate or nullptr otherwise
Implements Botan::Certificate_Store.
Definition at line 190 of file certstor_windows.cpp.
191 {
192 if(key_hash.size() != 20) {
193 throw Invalid_Argument("Certificate_Store_Windows::find_cert_by_pubkey_sha1 invalid hash");
194 }
195
196 CRYPT_HASH_BLOB blob;
197 blob.cbData = static_cast<DWORD>(key_hash.size());
198 blob.pbData = const_cast<BYTE*>(key_hash.data());
199
200 auto filter = [&](const std::vector<X509_Certificate>&, const X509_Certificate&) { return true; };
201
202 // This assumes that the to-be-found certificate adheres to RFC 3280 (Section 4.2.1.2), because
203 // the windows API does not allow to search for the SHA-1 of the certificate's public key directly.
204 // Most certificates adhere to the above mentioned convention...
205 const auto certs = search_cert_stores(blob, CERT_FIND_KEY_IDENTIFIER, filter, true);
206 if(!certs.empty())
207 return certs.front();
208
209 // ... for certificates that don't adhere to RFC 3280 (Section 4.2.1.2), we will need to use a
210 // fallback implementation that does an exhaustive search of all available certificates.
211 return find_cert_by_pubkey_sha1_via_exhaustive_search(key_hash);
212}
◆ find_cert_by_raw_subject_dn_sha256()
|
overridevirtual |
- Exceptions
-
Not_Implemented
Implements Botan::Certificate_Store.
Definition at line 214 of file certstor_windows.cpp.
215 {
216 BOTAN_UNUSED(subject_hash);
217 throw Not_Implemented("Certificate_Store_Windows::find_cert_by_raw_subject_dn_sha256");
218}
References BOTAN_UNUSED.
◆ find_crl_for()
|
overridevirtual |
Not Yet Implemented
- Returns
- nullptr;
Reimplemented from Botan::Certificate_Store.
Definition at line 220 of file certstor_windows.cpp.
220 {
221 // TODO: this could be implemented by using the CertFindCRLInStore function
222 BOTAN_UNUSED(subject);
223 return std::nullopt;
224}
References BOTAN_UNUSED.
◆ operator=() [1/2]
|
default |
◆ operator=() [2/2]
|
default |
The documentation for this class was generated from the following files:
- src/lib/x509/certstor_system_windows/certstor_windows.h
- src/lib/x509/certstor_system_windows/certstor_windows.cpp
