Botan::Flatfile_Certificate_Store Class Reference

#include <certstor_flatfile.h>

Inheritance diagram for Botan::Flatfile_Certificate_Store:

Public Member Functions
std::vector< X509_DN >	all_subjects () const override
bool	certificate_known (const X509_Certificate &cert) const
std::vector< std::shared_ptr< const X509_Certificate > >	find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::shared_ptr< const X509_Certificate >	find_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
std::shared_ptr< const X509_Certificate >	find_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override
std::shared_ptr< const X509_Certificate >	find_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override
std::shared_ptr< const X509_CRL >	find_crl_for (const X509_Certificate &subject) const override
	Flatfile_Certificate_Store (const std::string &file, bool ignore_non_ca=false)
	Flatfile_Certificate_Store (const Flatfile_Certificate_Store &)=default
	Flatfile_Certificate_Store (Flatfile_Certificate_Store &&)=default
Flatfile_Certificate_Store &	operator= (const Flatfile_Certificate_Store &)=default
Flatfile_Certificate_Store &	operator= (Flatfile_Certificate_Store &&)=default

Detailed Description

Certificate Store that is backed by a file of PEMs of trusted CAs.

Definition at line 22 of file certstor_flatfile.h.

Constructor & Destructor Documentation

Flatfile_Certificate_Store() [1/3]

Botan::Flatfile_Certificate_Store::Flatfile_Certificate_Store	(	const std::string &	file,
		bool	ignore_non_ca = false
	)

Construct a new Certificate_Store given a file path to a file including PEMs of trusted self-signed CAs.

Parameters

file	the name of the file to read certificates from
ignore_non_ca	if true, certs that are not self-signed CA certs will be ignored. Otherwise (if false), an exception will be thrown instead.

Definition at line 41 of file certstor_flatfile.cpp.

   {
   if(file.empty())
      {
      throw Invalid_Argument("Flatfile_Certificate_Store::Flatfile_Certificate_Store invalid file path");
      }

   DataSource_Stream file_stream(file);

   for(const std::vector<uint8_t> der : decode_all_certificates(file_stream))
      {
      std::shared_ptr<const X509_Certificate> cert = std::make_shared<const X509_Certificate>(der.data(), der.size());

      /*
      * Various weird or misconfigured system roots include intermediate certificates,
      * or even stranger certificates which are not valid for cert issuance at all.
      * Previously this code would error on such cases as an obvious misconfiguration,
      * but we cannot fix the trust store. So instead just ignore any such certificate.
      */
      if(cert->is_self_signed() && cert->is_CA_cert())
         {
         m_all_subjects.push_back(cert->subject_dn());
         m_dn_to_cert[cert->subject_dn()].push_back(cert);
         m_pubkey_sha1_to_cert.emplace(cert->subject_public_key_bitstring_sha1(), cert);
         m_subject_dn_sha256_to_cert.emplace(cert->raw_subject_dn_sha256(), cert);
         }
      else if(!ignore_non_ca)
         {
         throw Invalid_Argument("Flatfile_Certificate_Store received non CA cert " + cert->subject_dn().to_string());
         }
      }

   if(m_all_subjects.empty())
      {
      throw Invalid_Argument("Flatfile_Certificate_Store::Flatfile_Certificate_Store cert file is empty");
      }
   }

Flatfile_Certificate_Store() [2/3]

Botan::Flatfile_Certificate_Store::Flatfile_Certificate_Store ( const Flatfile_Certificate_Store &  )

default

Flatfile_Certificate_Store() [3/3]

Botan::Flatfile_Certificate_Store::Flatfile_Certificate_Store ( Flatfile_Certificate_Store &&  )

default

Member Function Documentation

all_subjects()

std::vector< X509_DN > Botan::Flatfile_Certificate_Store::all_subjects ( ) const

overridevirtual

Returns

DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 79 of file certstor_flatfile.cpp.

   {
   return m_all_subjects;
   }

certificate_known()

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate &  cert ) const

inlineinherited

Returns

whether the certificate is known

Parameters

cert	certififcate to be searched

Definition at line 70 of file certstor.h.

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

         {
         return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
         }

find_all_certs()

std::vector< std::shared_ptr< const X509_Certificate > > Botan::Flatfile_Certificate_Store::find_all_certs ( const X509_DN &  subject_dn, const std::vector< uint8_t > &  key_id  ) const

overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 93 of file certstor_flatfile.cpp.

Referenced by find_cert().

   {
   std::vector<std::shared_ptr<const X509_Certificate>> found_certs;
   try
      {
      const auto certs = m_dn_to_cert.at(subject_dn);

      for(auto cert : certs)
         {
         if(key_id.empty() || key_id == cert->subject_key_id())
            {
            found_certs.push_back(cert);
            }
         }
      }
   catch(const std::out_of_range&)
      {
      return {};
      }

   return found_certs;
   }

find_cert()

std::shared_ptr< const X509_Certificate > Botan::Flatfile_Certificate_Store::find_cert ( const X509_DN &  subject_dn, const std::vector< uint8_t > &  key_id  ) const

overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Returns

the first certificate that matches

Implements Botan::Certificate_Store.

Definition at line 85 of file certstor_flatfile.cpp.

References find_all_certs().

   {
   std::vector<std::shared_ptr<const X509_Certificate>> found_certs = find_all_certs(subject_dn, key_id);

   return !found_certs.empty() ? found_certs.front() : nullptr;
   }

find_cert_by_pubkey_sha1()

std::shared_ptr< const X509_Certificate > Botan::Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > &  key_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key.

Returns

a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 119 of file certstor_flatfile.cpp.

   {
   if(key_hash.size() != 20)
      {
      throw Invalid_Argument("Flatfile_Certificate_Store::find_cert_by_pubkey_sha1 invalid hash");
      }

   auto found_cert = m_pubkey_sha1_to_cert.find(key_hash);

   if(found_cert != m_pubkey_sha1_to_cert.end())
      {
      return found_cert->second;
      }

   return nullptr;
   }

find_cert_by_raw_subject_dn_sha256()

std::shared_ptr< const X509_Certificate > Botan::Flatfile_Certificate_Store::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > &  subject_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters

subject_hash

SHA-256 hash of the subject's raw name

Returns

a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 137 of file certstor_flatfile.cpp.

   {
   if(subject_hash.size() != 32)
      { throw Invalid_Argument("Flatfile_Certificate_Store::find_cert_by_raw_subject_dn_sha256 invalid hash"); }

   auto found_cert = m_subject_dn_sha256_to_cert.find(subject_hash);

   if(found_cert != m_subject_dn_sha256_to_cert.end())
      {
      return found_cert->second;
      }

   return nullptr;
   }

find_crl_for()

std::shared_ptr< const X509_CRL > Botan::Flatfile_Certificate_Store::find_crl_for ( const X509_Certificate &  subject ) const

overridevirtual

Fetching CRLs is not supported by this certificate store. This will always return an empty list.

Reimplemented from Botan::Certificate_Store.

Definition at line 152 of file certstor_flatfile.cpp.

References BOTAN_UNUSED.

   {
   BOTAN_UNUSED(subject);
   return {};
   }

operator=() [1/2]

Flatfile_Certificate_Store& Botan::Flatfile_Certificate_Store::operator= ( const Flatfile_Certificate_Store &  )

default

operator=() [2/2]

Flatfile_Certificate_Store& Botan::Flatfile_Certificate_Store::operator= ( Flatfile_Certificate_Store &&  )

default

---

The documentation for this class was generated from the following files:

• src/lib/x509/certstor_flatfile/certstor_flatfile.h
• src/lib/x509/certstor_flatfile/certstor_flatfile.cpp