diff options
author | lloyd <[email protected]> | 2010-09-20 22:06:10 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-20 22:06:10 +0000 |
commit | c659284af15199a6d50dedb089a19dd927a17825 (patch) | |
tree | 93f575b875ed96272145aa4e50439c808ca4a618 | |
parent | 9bca1a4624ae5a6316f17c9c72896489b992383d (diff) |
Add CRL storage possibilities
-rw-r--r-- | src/cert/x509store/certstor.cpp | 76 | ||||
-rw-r--r-- | src/cert/x509store/certstor.h | 32 | ||||
-rw-r--r-- | src/cert/x509store/x509stor.cpp | 2 |
3 files changed, 93 insertions, 17 deletions
diff --git a/src/cert/x509store/certstor.cpp b/src/cert/x509store/certstor.cpp index 1730dd18f..3cba2f39e 100644 --- a/src/cert/x509store/certstor.cpp +++ b/src/cert/x509store/certstor.cpp @@ -1,6 +1,6 @@ /* * Certificate Store -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -9,29 +9,39 @@ namespace Botan { -void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) +Certificate_Store* Certificate_Store_Memory::clone() const { - certs.push_back(cert); + return new Certificate_Store_Memory(*this); } -Certificate_Store* Certificate_Store_Memory::clone() const +void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) { - return new Certificate_Store_Memory(*this); + for(size_t i = 0; i != certs.size(); ++i) + { + if(certs[i] == cert) + return; + } + + certs.push_back(cert); } std::vector<X509_Certificate> -Certificate_Store_Memory::find_by_subject_and_key_id( +Certificate_Store_Memory::find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id) + const MemoryRegion<byte>& key_id) const { std::vector<X509_Certificate> result; for(size_t i = 0; i != certs.size(); ++i) { - MemoryVector<byte> skid = certs[i].subject_key_id(); + // Only compare key ids if set in both call and in the cert + if(key_id.size()) + { + MemoryVector<byte> skid = certs[i].subject_key_id(); - if(key_id.size() && skid.size() && skid != key_id) - continue; + if(skid.size() && skid != key_id) // no match + continue; + } if(certs[i].subject_dn() == subject_dn) result.push_back(certs[i]); @@ -40,4 +50,50 @@ Certificate_Store_Memory::find_by_subject_and_key_id( return result; } +void Certificate_Store_Memory::add_crl(const X509_CRL& crl) + { + X509_DN crl_issuer = crl.issuer_dn(); + + for(size_t i = 0; i != crls.size(); ++i) + { + // Found an update of a previously existing one; replace it + if(crls[i].issuer_dn() == crl_issuer) + { + if(crls[i].this_update() < crl.this_update()) + { + crls[i] = crl; + return; + } + } + } + + // Totally new CRL, add to the list + crls.push_back(crl); + } + +std::vector<X509_CRL> +Certificate_Store_Memory::find_crl_by_subject_and_key_id( + const X509_DN& issuer_dn, + const MemoryRegion<byte>& key_id) const + { + std::vector<X509_CRL> result; + + for(size_t i = 0; i != crls.size(); ++i) + { + // Only compare key ids if set in both call and in the CRL + if(key_id.size()) + { + MemoryVector<byte> akid = crls[i].authority_key_id(); + + if(akid.size() && akid != key_id) // no match + continue; + } + + if(crls[i].issuer_dn() == issuer_dn) + result.push_back(crls[i]); + } + + return result; + } + } diff --git a/src/cert/x509store/certstor.h b/src/cert/x509store/certstor.h index 922177930..aaa46bd4e 100644 --- a/src/cert/x509store/certstor.h +++ b/src/cert/x509store/certstor.h @@ -1,6 +1,6 @@ /* * Certificate Store -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -24,17 +24,30 @@ class BOTAN_DLL Certificate_Store virtual Certificate_Store* clone() const = 0; /** - * Add a certificate + * Add a certificate; this may fail if the store is write-only */ virtual void add_certificate(const X509_Certificate& cert) = 0; /** + * Add a CRL; this may fail if the store is write-only + */ + virtual void add_crl(const X509_CRL& crl) = 0; + + /** * Subject DN and (optionally) key identifier */ virtual std::vector<X509_Certificate> - find_by_subject_and_key_id( + find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id) = 0; + const MemoryRegion<byte>& key_id) const = 0; + + /** + * Find CRLs by the DN and key id of the issuer + */ + virtual std::vector<X509_CRL> + find_crl_by_subject_and_key_id( + const X509_DN& issuer_dn, + const MemoryRegion<byte>& key_id) const = 0; }; class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store @@ -44,14 +57,21 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store void add_certificate(const X509_Certificate& cert); - std::vector<X509_Certificate> find_by_subject_and_key_id( + void add_crl(const X509_CRL& crl); + + std::vector<X509_Certificate> find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion<byte>& key_id); + const MemoryRegion<byte>& key_id) const; + + std::vector<X509_CRL> find_crl_by_subject_and_key_id( + const X509_DN& issuer_dn, + const MemoryRegion<byte>& key_id) const; Certificate_Store_Memory() {} private: // TODO: Add indexing on the DN and key id to avoid linear search? std::vector<X509_Certificate> certs; + std::vector<X509_CRL> crls; }; // TODO: file-backed store diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index fe808b55a..6ae473aaa 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -277,7 +277,7 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert) for(u32bit j = 0; j != stores.size(); ++j) { std::vector<X509_Certificate> got = - stores[j]->find_by_subject_and_key_id(issuer_dn, auth_key_id); + stores[j]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id); for(u32bit k = 0; k != got.size(); ++k) add_cert(got[k]); |