Botan  2.1.0
Crypto and TLS for C++11
certstor.h
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2010,2013 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_CERT_STORE_H__
9 #define BOTAN_CERT_STORE_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_crl.h>
13 
14 namespace Botan {
15 
16 /**
17 * Certificate Store Interface
18 */
19 class BOTAN_DLL Certificate_Store
20  {
21  public:
22  virtual ~Certificate_Store() = default;
23 
24  /**
25  * Find a certificate by Subject DN and (optionally) key identifier
26  * @param subject_dn the subject's distinguished name
27  * @param key_id an optional key id
28  * @return a matching certificate or nullptr otherwise
29  */
30  virtual std::shared_ptr<const X509_Certificate>
31  find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
32 
33  /**
34  * Find a certificate by searching for one with a matching SHA-1 hash of
35  * public key. Used for OCSP.
36  * @param key_hash SHA-1 hash of the subject's public key
37  * @return a matching certificate or nullptr otherwise
38  */
39  virtual std::shared_ptr<const X509_Certificate>
40  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
41 
42  /**
43  * Find a certificate by searching for one with a matching SHA-256 hash of
44  * raw subject name. Used for OCSP.
45  * @param subject_hash SHA-256 hash of the subject's raw name
46  * @return a matching certificate or nullptr otherwise
47  */
48  virtual std::shared_ptr<const X509_Certificate>
49  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
50 
51  /**
52  * Finds a CRL for the given certificate
53  * @param subject the subject certificate
54  * @return the CRL for subject or nullptr otherwise
55  */
56  virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const;
57 
58  /**
59  * @return whether the certificate is known
60  * @param cert certififcate to be searched
61  */
62  bool certificate_known(const X509_Certificate& cert) const
63  {
64  return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
65  }
66 
67  // remove this (used by TLS::Server)
68  virtual std::vector<X509_DN> all_subjects() const = 0;
69  };
70 
71 /**
72 * In Memory Certificate Store
73 */
75  {
76  public:
77  /**
78  * Attempt to parse all files in dir (including subdirectories)
79  * as certificates. Ignores errors.
80  */
81  explicit Certificate_Store_In_Memory(const std::string& dir);
82 
83  /**
84  * Adds given certificate to the store.
85  */
86  explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
87 
88  /**
89  * Create an empty store.
90  */
91  Certificate_Store_In_Memory() = default;
92 
93  /**
94  * Add a certificate to the store.
95  * @param cert certificate to be added
96  */
97  void add_certificate(const X509_Certificate& cert);
98 
99  /**
100  * Add a certificate already in a shared_ptr to the store.
101  * @param cert certificate to be added
102  */
103  void add_certificate(std::shared_ptr<const X509_Certificate> cert);
104 
105  /**
106  * Add a certificate revocation list (CRL) to the store.
107  * @param crl CRL to be added
108  */
109  void add_crl(const X509_CRL& crl);
110 
111  /**
112  * Add a certificate revocation list (CRL) to the store as a shared_ptr
113  * @param crl CRL to be added
114  */
115  void add_crl(std::shared_ptr<const X509_CRL> crl);
116 
117  /**
118  * @return DNs for all certificates managed by the store
119  */
120  std::vector<X509_DN> all_subjects() const override;
121 
122  /*
123  * Find a certificate by Subject DN and (optionally) key identifier
124  */
125  std::shared_ptr<const X509_Certificate> find_cert(
126  const X509_DN& subject_dn,
127  const std::vector<uint8_t>& key_id) const override;
128 
129  std::shared_ptr<const X509_Certificate>
130  find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
131 
132  std::shared_ptr<const X509_Certificate>
133  find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
134 
135  /**
136  * Finds a CRL for the given certificate
137  */
138  std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
139  private:
140  // TODO: Add indexing on the DN and key id to avoid linear search
141  std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
142  std::vector<std::shared_ptr<const X509_CRL>> m_crls;
143  };
144 
145 }
146 
147 #endif
Definition: alg_id.cpp:13
bool certificate_known(const X509_Certificate &cert) const
Definition: certstor.h:62
std::vector< uint8_t > subject_key_id() const
Definition: x509cert.cpp:419
X509_DN subject_dn() const
Definition: x509cert.cpp:449