aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-20 22:06:10 +0000
committerlloyd <[email protected]>2010-09-20 22:06:10 +0000
commitc659284af15199a6d50dedb089a19dd927a17825 (patch)
tree93f575b875ed96272145aa4e50439c808ca4a618
parent9bca1a4624ae5a6316f17c9c72896489b992383d (diff)
Add CRL storage possibilities
-rw-r--r--src/cert/x509store/certstor.cpp76
-rw-r--r--src/cert/x509store/certstor.h32
-rw-r--r--src/cert/x509store/x509stor.cpp2
3 files changed, 93 insertions, 17 deletions
diff --git a/src/cert/x509store/certstor.cpp b/src/cert/x509store/certstor.cpp
index 1730dd18f..3cba2f39e 100644
--- a/src/cert/x509store/certstor.cpp
+++ b/src/cert/x509store/certstor.cpp
@@ -1,6 +1,6 @@
/*
* Certificate Store
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -9,29 +9,39 @@
namespace Botan {
-void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert)
+Certificate_Store* Certificate_Store_Memory::clone() const
{
- certs.push_back(cert);
+ return new Certificate_Store_Memory(*this);
}
-Certificate_Store* Certificate_Store_Memory::clone() const
+void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert)
{
- return new Certificate_Store_Memory(*this);
+ for(size_t i = 0; i != certs.size(); ++i)
+ {
+ if(certs[i] == cert)
+ return;
+ }
+
+ certs.push_back(cert);
}
std::vector<X509_Certificate>
-Certificate_Store_Memory::find_by_subject_and_key_id(
+Certificate_Store_Memory::find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id)
+ const MemoryRegion<byte>& key_id) const
{
std::vector<X509_Certificate> result;
for(size_t i = 0; i != certs.size(); ++i)
{
- MemoryVector<byte> skid = certs[i].subject_key_id();
+ // Only compare key ids if set in both call and in the cert
+ if(key_id.size())
+ {
+ MemoryVector<byte> skid = certs[i].subject_key_id();
- if(key_id.size() && skid.size() && skid != key_id)
- continue;
+ if(skid.size() && skid != key_id) // no match
+ continue;
+ }
if(certs[i].subject_dn() == subject_dn)
result.push_back(certs[i]);
@@ -40,4 +50,50 @@ Certificate_Store_Memory::find_by_subject_and_key_id(
return result;
}
+void Certificate_Store_Memory::add_crl(const X509_CRL& crl)
+ {
+ X509_DN crl_issuer = crl.issuer_dn();
+
+ for(size_t i = 0; i != crls.size(); ++i)
+ {
+ // Found an update of a previously existing one; replace it
+ if(crls[i].issuer_dn() == crl_issuer)
+ {
+ if(crls[i].this_update() < crl.this_update())
+ {
+ crls[i] = crl;
+ return;
+ }
+ }
+ }
+
+ // Totally new CRL, add to the list
+ crls.push_back(crl);
+ }
+
+std::vector<X509_CRL>
+Certificate_Store_Memory::find_crl_by_subject_and_key_id(
+ const X509_DN& issuer_dn,
+ const MemoryRegion<byte>& key_id) const
+ {
+ std::vector<X509_CRL> result;
+
+ for(size_t i = 0; i != crls.size(); ++i)
+ {
+ // Only compare key ids if set in both call and in the CRL
+ if(key_id.size())
+ {
+ MemoryVector<byte> akid = crls[i].authority_key_id();
+
+ if(akid.size() && akid != key_id) // no match
+ continue;
+ }
+
+ if(crls[i].issuer_dn() == issuer_dn)
+ result.push_back(crls[i]);
+ }
+
+ return result;
+ }
+
}
diff --git a/src/cert/x509store/certstor.h b/src/cert/x509store/certstor.h
index 922177930..aaa46bd4e 100644
--- a/src/cert/x509store/certstor.h
+++ b/src/cert/x509store/certstor.h
@@ -1,6 +1,6 @@
/*
* Certificate Store
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -24,17 +24,30 @@ class BOTAN_DLL Certificate_Store
virtual Certificate_Store* clone() const = 0;
/**
- * Add a certificate
+ * Add a certificate; this may fail if the store is write-only
*/
virtual void add_certificate(const X509_Certificate& cert) = 0;
/**
+ * Add a CRL; this may fail if the store is write-only
+ */
+ virtual void add_crl(const X509_CRL& crl) = 0;
+
+ /**
* Subject DN and (optionally) key identifier
*/
virtual std::vector<X509_Certificate>
- find_by_subject_and_key_id(
+ find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id) = 0;
+ const MemoryRegion<byte>& key_id) const = 0;
+
+ /**
+ * Find CRLs by the DN and key id of the issuer
+ */
+ virtual std::vector<X509_CRL>
+ find_crl_by_subject_and_key_id(
+ const X509_DN& issuer_dn,
+ const MemoryRegion<byte>& key_id) const = 0;
};
class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
@@ -44,14 +57,21 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
void add_certificate(const X509_Certificate& cert);
- std::vector<X509_Certificate> find_by_subject_and_key_id(
+ void add_crl(const X509_CRL& crl);
+
+ std::vector<X509_Certificate> find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const MemoryRegion<byte>& key_id);
+ const MemoryRegion<byte>& key_id) const;
+
+ std::vector<X509_CRL> find_crl_by_subject_and_key_id(
+ const X509_DN& issuer_dn,
+ const MemoryRegion<byte>& key_id) const;
Certificate_Store_Memory() {}
private:
// TODO: Add indexing on the DN and key id to avoid linear search?
std::vector<X509_Certificate> certs;
+ std::vector<X509_CRL> crls;
};
// TODO: file-backed store
diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp
index fe808b55a..6ae473aaa 100644
--- a/src/cert/x509store/x509stor.cpp
+++ b/src/cert/x509store/x509stor.cpp
@@ -277,7 +277,7 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert)
for(u32bit j = 0; j != stores.size(); ++j)
{
std::vector<X509_Certificate> got =
- stores[j]->find_by_subject_and_key_id(issuer_dn, auth_key_id);
+ stores[j]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id);
for(u32bit k = 0; k != got.size(); ++k)
add_cert(got[k]);