Botan  2.1.0
Crypto and TLS for C++11
certstor_sql.h
Go to the documentation of this file.
1 /*
2 * Certificate Store in SQL
3 * (C) 2016 Kai Michaelis, Rohde & Schwarz Cybersecurity
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CERT_STORE_SQL_H__
9 #define BOTAN_CERT_STORE_SQL_H__
10 
11 #include <botan/certstor.h>
12 #include <botan/x509cert.h>
13 #include <botan/x509_crl.h>
14 #include <botan/database.h>
15 
16 namespace Botan {
17 
18 class RandomNumberGenerator;
19 
20 /**
21  * Certificate and private key store backed by an SQL database.
22  */
24  {
25  public:
26  /**
27  * Create/open a certificate store.
28  * @param db underlying database storage
29  * @param passwd password to encrypt private keys in the database
30  * @param rng used for encrypting keys
31  * @param table_prefix optional prefix for db table names
32  */
33  explicit Certificate_Store_In_SQL(const std::shared_ptr<SQL_Database> db,
34  const std::string& passwd,
36  const std::string& table_prefix = "");
37 
38  /**
39  * Returns the first certificate with matching subject DN and optional key ID.
40  */
41  virtual std::shared_ptr<const X509_Certificate>
42  find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
43 
44  std::shared_ptr<const X509_Certificate>
45  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
46 
47  std::shared_ptr<const X509_Certificate>
48  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
49 
50  /**
51  * Returns all subject DNs known to the store instance.
52  */
53  virtual std::vector<X509_DN> all_subjects() const override;
54 
55  /**
56  * Inserts "cert" into the store, returns false if the certificate is
57  * already known and true if insertion was successful.
58  */
59  bool insert_cert(const X509_Certificate& cert);
60 
61  /**
62  * Removes "cert" from the store. Returns false if the certificate could not
63  * be found and true if removal was successful.
64  */
65  bool remove_cert(const X509_Certificate& cert);
66 
67  /// Returns the private key for "cert" or an empty shared_ptr if none was found.
68  std::shared_ptr<const Private_Key> find_key(const X509_Certificate&) const;
69 
70  /// Returns all certificates for private key "key".
71  std::vector<std::shared_ptr<const X509_Certificate>>
72  find_certs_for_key(const Private_Key& key) const;
73 
74  /**
75  * Inserts "key" for "cert" into the store, returns false if the key is
76  * already known and true if insertion was successful.
77  */
78  bool insert_key(const X509_Certificate& cert, const Private_Key& key);
79 
80  /// Removes "key" from the store.
81  void remove_key(const Private_Key& key);
82 
83  /// Marks "cert" as revoked starting from "time".
84  void revoke_cert(const X509_Certificate&, CRL_Code, const X509_Time& time = X509_Time());
85 
86  /// Reverses the revokation for "cert".
87  void affirm_cert(const X509_Certificate&);
88 
89  /**
90  * Generates Certificate Revocation Lists for all certificates marked as revoked.
91  * A CRL is returned for each unique issuer DN.
92  */
93  std::vector<X509_CRL> generate_crls() const;
94 
95  /**
96  * Generates a CRL for all certificates issued by the given issuer.
97  */
98  virtual std::shared_ptr<const X509_CRL>
99  find_crl_for(const X509_Certificate& issuer) const override;
100 
101  private:
103  std::shared_ptr<SQL_Database> m_database;
104  std::string m_prefix;
105  std::string m_password;
106  mutex_type m_mutex;
107  };
108 
109 }
110 #endif
Definition: alg_id.cpp:13
RandomNumberGenerator & m_rng
Definition: ecdh.cpp:52
secure_vector< uint8_t > m_prefix
Definition: eckcdsa.cpp:73
CRL_Code
Definition: crl_ent.h:20