#include <certstor.h>

Inheritance diagram for Botan::Certificate_Store_In_Memory:

Public Member Functions
void	add_certificate (const X509_Certificate &cert)

void	add_certificate (std::shared_ptr< const X509_Certificate > cert)

void	add_crl (const X509_CRL &crl)

void	add_crl (std::shared_ptr< const X509_CRL > crl)

std::vector< X509_DN >	all_subjects () const override

bool	certificate_known (const X509_Certificate &cert) const

	Certificate_Store_In_Memory (const std::string &dir)

	Certificate_Store_In_Memory (const X509_Certificate &cert)

	Certificate_Store_In_Memory ()=default

std::vector< std::shared_ptr< const X509_Certificate > >	find_all_certs (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override

std::shared_ptr< const X509_Certificate >	find_cert (const X509_DN &subject_dn, const std::vector< uint8_t > &key_id) const override

std::shared_ptr< const X509_Certificate >	find_cert_by_pubkey_sha1 (const std::vector< uint8_t > &key_hash) const override

std::shared_ptr< const X509_Certificate >	find_cert_by_raw_subject_dn_sha256 (const std::vector< uint8_t > &subject_hash) const override

std::shared_ptr< const X509_CRL >	find_crl_for (const X509_Certificate &subject) const override

Detailed Description

In Memory Certificate Store

Definition at line 82 of file certstor.h.

Constructor & Destructor Documentation

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const std::string & dir )

explicit

Attempt to parse all files in dir (including subdirectories) as certificates. Ignores errors.

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( const X509_Certificate & cert )

explicit

Adds given certificate to the store.

Definition at line 173 of file certstor.cpp.

References add_certificate().

    {
    add_certificate(cert);
    }

Botan::Certificate_Store_In_Memory::Certificate_Store_In_Memory ( )

default

Create an empty store.

Member Function Documentation

void Botan::Certificate_Store_In_Memory::add_certificate ( const X509_Certificate & cert )

Add a certificate to the store.

Parameters

cert	certificate to be added

Definition at line 21 of file certstor.cpp.

Referenced by Botan::PKIX::build_all_certificate_paths(), Botan::PKIX::build_certificate_path(), and Certificate_Store_In_Memory().

    {
    for(const auto& c : m_certs)
       if(*c == cert)
          return;
 
    m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
    }

void Botan::Certificate_Store_In_Memory::add_certificate ( std::shared_ptr< const X509_Certificate > cert )

Add a certificate already in a shared_ptr to the store.

Parameters

cert	certificate to be added

Definition at line 30 of file certstor.cpp.

    {
    for(const auto& c : m_certs)
       if(*c == *cert)
          return;
 
    m_certs.push_back(cert);
    }

void Botan::Certificate_Store_In_Memory::add_crl ( const X509_CRL & crl )

Add a certificate revocation list (CRL) to the store.

Parameters

crl	CRL to be added

Definition at line 126 of file certstor.cpp.

    {
    std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
    return add_crl(crl_s);
    }

void Botan::Certificate_Store_In_Memory::add_crl ( std::shared_ptr< const X509_CRL > crl )

Add a certificate revocation list (CRL) to the store as a shared_ptr

Parameters

crl	CRL to be added

Definition at line 132 of file certstor.cpp.

    {
    X509_DN crl_issuer = crl->issuer_dn();
 
    for(auto& c : m_crls)
       {
       // Found an update of a previously existing one; replace it
       if(c->issuer_dn() == crl_issuer)
          {
          if(c->this_update() <= crl->this_update())
             c = crl;
          return;
          }
       }
 
    // Totally new CRL, add to the list
    m_crls.push_back(crl);
    }

std::vector< X509_DN > Botan::Certificate_Store_In_Memory::all_subjects ( ) const

overridevirtual

Returns: DNs for all certificates managed by the store

Implements Botan::Certificate_Store.

Definition at line 39 of file certstor.cpp.

    {
    std::vector<X509_DN> subjects;
    for(const auto& cert : m_certs)
       subjects.push_back(cert->subject_dn());
    return subjects;
    }

bool Botan::Certificate_Store::certificate_known ( const X509_Certificate & cert ) const

inlineinherited

Returns: whether the certificate is known

Parameters

cert	certififcate to be searched

Definition at line 70 of file certstor.h.

References Botan::X509_Certificate::subject_dn(), and Botan::X509_Certificate::subject_key_id().

          {
          return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
          }

std::vector< std::shared_ptr< const X509_Certificate > > Botan::Certificate_Store_In_Memory::find_all_certs	(	const X509_DN &	subject_dn,
		const std::vector< uint8_t > &	key_id
	)		const

overridevirtual

Find all certificates with a given Subject DN. Subject DN and even the key identifier might not be unique.

Implements Botan::Certificate_Store.

Definition at line 69 of file certstor.cpp.

References Botan::PEM_Code::matches().

Referenced by Botan::PKIX::build_all_certificate_paths().

    {
    std::vector<std::shared_ptr<const X509_Certificate>> matches;
 
    for(const auto& cert : m_certs)
       {
       if(key_id.size())
          {
          std::vector<uint8_t> skid = cert->subject_key_id();
 
          if(skid.size() && skid != key_id) // no match
             continue;
          }
 
       if(cert->subject_dn() == subject_dn)
          matches.push_back(cert);
       }
 
    return matches;
    }

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert	(	const X509_DN &	subject_dn,
		const std::vector< uint8_t > &	key_id
	)		const

overridevirtual

Find a certificate by Subject DN and (optionally) key identifier

Parameters

subject_dn	the subject's distinguished name
key_id	an optional key id

Returns: a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 48 of file certstor.cpp.

Referenced by Botan::PKIX::build_certificate_path().

    {
    for(const auto& cert : m_certs)
       {
       // Only compare key ids if set in both call and in the cert
       if(key_id.size())
          {
          std::vector<uint8_t> skid = cert->subject_key_id();
 
          if(skid.size() && skid != key_id) // no match
             continue;
          }
 
       if(cert->subject_dn() == subject_dn)
          return cert;
       }
 
    return nullptr;
    }

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 ( const std::vector< uint8_t > & key_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-1 hash of public key. Used for OCSP.

Parameters

key_hash SHA-1 hash of the subject's public key

Returns: a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 93 of file certstor.cpp.

References Botan::HashFunction::create(), and hash.

    {
    if(key_hash.size() != 20)
       throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
 
    std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
 
    for(const auto& cert : m_certs){
       hash->update(cert->subject_public_key_bitstring());
       if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
          return cert;
    }
 
    return nullptr;
    }

std::shared_ptr< const X509_Certificate > Botan::Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 ( const std::vector< uint8_t > & subject_hash ) const

overridevirtual

Find a certificate by searching for one with a matching SHA-256 hash of raw subject name. Used for OCSP.

Parameters

subject_hash SHA-256 hash of the subject's raw name

Returns: a matching certificate or nullptr otherwise

Implements Botan::Certificate_Store.

Definition at line 110 of file certstor.cpp.

References Botan::HashFunction::create(), and hash.

    {
    if(subject_hash.size() != 32)
       throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
 
    std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
 
    for(const auto& cert : m_certs){
       hash->update(cert->raw_subject_dn());
       if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
          return cert;
    }
 
    return nullptr;
    }

std::shared_ptr< const X509_CRL > Botan::Certificate_Store_In_Memory::find_crl_for ( const X509_Certificate & subject ) const

overridevirtual

Finds a CRL for the given certificate

Reimplemented from Botan::Certificate_Store.

Definition at line 151 of file certstor.cpp.

References Botan::X509_Certificate::authority_key_id(), and Botan::X509_Certificate::issuer_dn().

    {
    const std::vector<uint8_t>& key_id = subject.authority_key_id();
 
    for(const auto& c : m_crls)
       {
       // Only compare key ids if set in both call and in the CRL
       if(key_id.size())
          {
          std::vector<uint8_t> akid = c->authority_key_id();
 
          if(akid.size() && akid != key_id) // no match
             continue;
          }
 
       if(c->issuer_dn() == subject.issuer_dn())
          return c;
       }
 
    return {};
    }

The documentation for this class was generated from the following files:

src/lib/x509/certstor.h
src/lib/x509/certstor.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation