Botan  2.1.0
Crypto and TLS for C++11
certstor.cpp
Go to the documentation of this file.
1 /*
2 * Certificate Store
3 * (C) 1999-2010,2013 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/certstor.h>
9 #include <botan/internal/filesystem.h>
10 #include <botan/hash.h>
11 
12 namespace Botan {
13 
14 std::shared_ptr<const X509_CRL> Certificate_Store::find_crl_for(const X509_Certificate&) const
15  {
16  return {};
17  }
18 
20  {
21  for(const auto& c : m_certs)
22  if(*c == cert)
23  return;
24 
25  m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
26  }
27 
28 void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
29  {
30  for(const auto& c : m_certs)
31  if(*c == *cert)
32  return;
33 
34  m_certs.push_back(cert);
35  }
36 
37 std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
38  {
39  std::vector<X509_DN> subjects;
40  for(const auto& cert : m_certs)
41  subjects.push_back(cert->subject_dn());
42  return subjects;
43  }
44 
45 std::shared_ptr<const X509_Certificate>
47  const std::vector<uint8_t>& key_id) const
48  {
49  for(const auto& cert : m_certs)
50  {
51  // Only compare key ids if set in both call and in the cert
52  if(key_id.size())
53  {
54  std::vector<uint8_t> skid = cert->subject_key_id();
55 
56  if(skid.size() && skid != key_id) // no match
57  continue;
58  }
59 
60  if(cert->subject_dn() == subject_dn)
61  return cert;
62  }
63 
64  return nullptr;
65  }
66 
67 
68 std::shared_ptr<const X509_Certificate>
69 Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const
70  {
71  if(key_hash.size() != 20)
72  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
73 
74  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
75 
76  for(const auto& cert : m_certs){
77  hash->update(cert->subject_public_key_bitstring());
78  if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
79  return cert;
80  }
81 
82  return nullptr;
83  }
84 
85 std::shared_ptr<const X509_Certificate>
86 Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
87  {
88  if(subject_hash.size() != 32)
89  throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
90 
91  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
92 
93  for(const auto& cert : m_certs){
94  hash->update(cert->raw_subject_dn());
95  if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
96  return cert;
97  }
98 
99  return nullptr;
100  }
101 
103  {
104  std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
105  return add_crl(crl_s);
106  }
107 
108 void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
109  {
110  X509_DN crl_issuer = crl->issuer_dn();
111 
112  for(auto& c : m_crls)
113  {
114  // Found an update of a previously existing one; replace it
115  if(c->issuer_dn() == crl_issuer)
116  {
117  if(c->this_update() <= crl->this_update())
118  c = crl;
119  return;
120  }
121  }
122 
123  // Totally new CRL, add to the list
124  m_crls.push_back(crl);
125  }
126 
127 std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
128  {
129  const std::vector<uint8_t>& key_id = subject.authority_key_id();
130 
131  for(const auto& c : m_crls)
132  {
133  // Only compare key ids if set in both call and in the CRL
134  if(key_id.size())
135  {
136  std::vector<uint8_t> akid = c->authority_key_id();
137 
138  if(akid.size() && akid != key_id) // no match
139  continue;
140  }
141 
142  if(c->issuer_dn() == subject.issuer_dn())
143  return c;
144  }
145 
146  return {};
147  }
148 
150  {
151  add_certificate(cert);
152  }
153 
154 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
156  {
157  if(dir.empty())
158  return;
159 
160  std::vector<std::string> maybe_certs = get_files_recursive(dir);
161  for(auto&& cert_file : maybe_certs)
162  {
163  try
164  {
165  m_certs.push_back(std::make_shared<X509_Certificate>(cert_file));
166  }
167  catch(std::exception&)
168  {
169  }
170  }
171  }
172 #endif
173 
174 }
virtual std::shared_ptr< const X509_CRL > find_crl_for(const X509_Certificate &subject) const
Definition: certstor.cpp:14
std::shared_ptr< const X509_Certificate > find_cert_by_raw_subject_dn_sha256(const std::vector< uint8_t > &subject_hash) const override
Definition: certstor.cpp:86
std::shared_ptr< const X509_Certificate > find_cert(const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override
Definition: certstor.cpp:46
std::shared_ptr< const X509_CRL > find_crl_for(const X509_Certificate &subject) const override
Definition: certstor.cpp:127
std::vector< X509_DN > all_subjects() const override
Definition: certstor.cpp:37
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:93
Definition: alg_id.cpp:13
void add_certificate(const X509_Certificate &cert)
Definition: certstor.cpp:19
std::shared_ptr< const X509_Certificate > find_cert_by_pubkey_sha1(const std::vector< uint8_t > &key_hash) const override
Definition: certstor.cpp:69
std::vector< std::string > get_files_recursive(const std::string &dir)
Definition: filesystem.cpp:110
void add_crl(const X509_CRL &crl)
Definition: certstor.cpp:102
X509_DN issuer_dn() const
Definition: x509cert.cpp:432
MechanismType hash
std::vector< uint8_t > authority_key_id() const
Definition: x509cert.cpp:411