aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorseu <[email protected]>2016-10-02 18:06:21 +0200
committerseu <[email protected]>2016-10-02 18:10:43 +0200
commitf4756d839aa1ba496701610b875224dfcf18fb24 (patch)
treeed63afb497f6239b6b1d41fa794d90eb6d9ca36d
parentf2bdfb1be2b4c7582bb8218aa634345b27a1b5ea (diff)
2nd review round
-rw-r--r--src/lib/cert/x509/certstor_sql/certstor_sql.cpp86
-rw-r--r--src/lib/pubkey/info.txt2
-rw-r--r--src/lib/pubkey/pk_keys.cpp26
-rw-r--r--src/lib/pubkey/pk_keys.h4
4 files changed, 68 insertions, 50 deletions
diff --git a/src/lib/cert/x509/certstor_sql/certstor_sql.cpp b/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
index 3a457a2a4..b80c063da 100644
--- a/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
+++ b/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
@@ -22,21 +22,22 @@ Certificate_Store_In_SQL::Certificate_Store_In_SQL(std::shared_ptr<SQL_Database>
const std::string& table_prefix)
: m_database(db), m_prefix(table_prefix), m_password(passwd)
{
- m_database->create_table("CREATE TABLE IF NOT EXISTS certificates ( \
+ m_database->create_table("CREATE TABLE IF NOT EXISTS " +
+ m_prefix + "certificates ( \
fingerprint BLOB PRIMARY KEY, \
subject_dn BLOB, \
key_id BLOB, \
priv_fingerprint BLOB, \
certificate BLOB UNIQUE NOT NULL\
)");
- m_database->create_table("CREATE TABLE IF NOT EXISTS keys ( \
- fingerprint BLOB PRIMARY KEY, \
- key BLOB UNIQUE NOT NULL\
+ m_database->create_table("CREATE TABLE IF NOT EXISTS " + m_prefix + "keys (\
+ fingerprint BLOB PRIMARY KEY, \
+ key BLOB UNIQUE NOT NULL \
)");
- m_database->create_table("CREATE TABLE IF NOT EXISTS revoked (\
- fingerprint BLOB PRIMARY KEY, \
- reason BLOB NOT NULL, \
- time BLOB NOT NULL \
+ m_database->create_table("CREATE TABLE IF NOT EXISTS " + m_prefix + "revoked (\
+ fingerprint BLOB PRIMARY KEY, \
+ reason BLOB NOT NULL, \
+ time BLOB NOT NULL \
)");
}
@@ -51,12 +52,12 @@ Certificate_Store_In_SQL::find_cert(const X509_DN& subject_dn, const std::vector
if(key_id.empty())
{
- stmt = m_database->new_statement("SELECT certificate FROM certificates WHERE subject_dn == ?1");
+ stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE subject_dn == ?1");
stmt->bind(1,enc.get_contents_unlocked());
}
else
{
- stmt = m_database->new_statement("SELECT certificate FROM certificates WHERE\
+ stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE\
subject_dn == ?1 AND (key_id == NULL OR key_id == ?2)");
stmt->bind(1,enc.get_contents_unlocked());
stmt->bind(2,key_id);
@@ -91,7 +92,7 @@ Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const
std::vector<X509_DN> Certificate_Store_In_SQL::all_subjects() const
{
std::vector<X509_DN> ret;
- auto stmt = m_database->new_statement("SELECT subject_dn FROM certificates");
+ auto stmt = m_database->new_statement("SELECT subject_dn FROM " + m_prefix + "certificates");
while(stmt->step())
{
@@ -113,12 +114,13 @@ bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert)
return false;
DER_Encoder enc;
- auto stmt = m_database->new_statement("INSERT OR REPLACE INTO certificates (\
- fingerprint, \
- subject_dn, \
- key_id, \
- priv_fingerprint, \
- certificate \
+ auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " +
+ m_prefix + "certificates (\
+ fingerprint, \
+ subject_dn, \
+ key_id, \
+ priv_fingerprint, \
+ certificate \
) VALUES ( ?1, ?2, ?3, ?4, ?5 )");
stmt->bind(1,cert.fingerprint("SHA-256"));
@@ -140,7 +142,7 @@ bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert)
if(!find_cert(cert.subject_dn(),cert.subject_key_id()))
return false;
- auto stmt = m_database->new_statement("DELETE FROM certificates WHERE fingerprint == ?1");
+ auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "certificates WHERE fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
stmt->spin();
@@ -151,7 +153,10 @@ bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert)
// Private key handling
std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509_Certificate& cert) const
{
- auto stmt = m_database->new_statement("SELECT key FROM keys JOIN certificates ON keys.fingerprint == certificates.priv_fingerprint WHERE certificates.fingerprint == ?1");
+ auto stmt = m_database->new_statement("SELECT key FROM " + m_prefix + "keys "
+ "JOIN " + m_prefix + "certificates ON " +
+ m_prefix + "keys.fingerprint == " + m_prefix + "certificates.priv_fingerprint "
+ "WHERE " + m_prefix + "certificates.fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
std::shared_ptr<const Private_Key> key;
@@ -170,8 +175,8 @@ std::vector<std::shared_ptr<const X509_Certificate>>
Certificate_Store_In_SQL::find_certs_for_key(const Private_Key& key) const
{
AutoSeeded_RNG rng;
- auto fpr = fingerprint_key(key);
- auto stmt = m_database->new_statement("SELECT certificate FROM certificates WHERE priv_fingerprint == ?1");
+ auto fpr = key.fingerprint("SHA-256");
+ auto stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE priv_fingerprint == ?1");
stmt->bind(1,fpr);
@@ -194,17 +199,17 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr
AutoSeeded_RNG rng;
auto pkcs8 = PKCS8::BER_encode(key,rng,m_password);
- auto fpr = fingerprint_key(key);
+ auto fpr = key.fingerprint("SHA-256");
auto stmt1 = m_database->new_statement(
- "INSERT OR REPLACE INTO keys ( fingerprint, key ) VALUES ( ?1, ?2 )");
+ "INSERT OR REPLACE INTO " + m_prefix + "keys ( fingerprint, key ) VALUES ( ?1, ?2 )");
stmt1->bind(1,fpr);
stmt1->bind(2,pkcs8.data(),pkcs8.size());
stmt1->spin();
auto stmt2 = m_database->new_statement(
- "UPDATE certificates SET priv_fingerprint = ?1 WHERE fingerprint == ?2");
+ "UPDATE " + m_prefix + "certificates SET priv_fingerprint = ?1 WHERE fingerprint == ?2");
stmt2->bind(1,fpr);
stmt2->bind(2,cert.fingerprint("SHA-256"));
@@ -213,32 +218,11 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr
return true;
}
-std::string Certificate_Store_In_SQL::fingerprint_key(const Botan::Private_Key& key) const
- {
- secure_vector<byte> buf = key.pkcs8_private_key();
- std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
- hash->update(buf);
- const auto hex_print = hex_encode(hash->final());
-
- std::string formatted_print;
-
- for(size_t i = 0; i != hex_print.size(); i += 2)
- {
- formatted_print.push_back(hex_print[i]);
- formatted_print.push_back(hex_print[i+1]);
-
- if(i != hex_print.size() - 2)
- formatted_print.push_back(':');
- }
-
- return formatted_print;
- }
-
void Certificate_Store_In_SQL::remove_key(const Private_Key& key)
{
AutoSeeded_RNG rng;
- auto fpr = fingerprint_key(key);
- auto stmt = m_database->new_statement("DELETE FROM keys WHERE fingerprint == ?1");
+ auto fpr = key.fingerprint("SHA-256");
+ auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "keys WHERE fingerprint == ?1");
stmt->bind(1,fpr);
stmt->spin();
@@ -250,7 +234,7 @@ void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Cod
insert_cert(cert);
auto stmt1 = m_database->new_statement(
- "INSERT OR REPLACE INTO revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )");
+ "INSERT OR REPLACE INTO " + m_prefix + "revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )");
stmt1->bind(1,cert.fingerprint("SHA-256"));
stmt1->bind(2,code);
@@ -271,7 +255,7 @@ void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Cod
void Certificate_Store_In_SQL::affirm_cert(const X509_Certificate& cert)
{
- auto stmt = m_database->new_statement("DELETE FROM revoked WHERE fingerprint == ?1");
+ auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "revoked WHERE fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
stmt->spin();
@@ -280,7 +264,9 @@ void Certificate_Store_In_SQL::affirm_cert(const X509_Certificate& cert)
std::vector<X509_CRL> Certificate_Store_In_SQL::generate_crls() const
{
auto stmt = m_database->new_statement(
- "SELECT certificate,reason,time FROM revoked JOIN certificates ON certificates.fingerprint == revoked.fingerprint");
+ "SELECT certificate,reason,time FROM " + m_prefix + "revoked "
+ "JOIN " + m_prefix + "certificates ON " +
+ m_prefix + "certificates.fingerprint == " + m_prefix + "revoked.fingerprint");
std::map<X509_DN,std::vector<CRL_Entry>> crls;
while(stmt->step())
diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt
index 77ae820c7..10eb12567 100644
--- a/src/lib/pubkey/info.txt
+++ b/src/lib/pubkey/info.txt
@@ -37,4 +37,6 @@ pem
pk_pad
numbertheory
rng
+hash
+hex
</requires>
diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp
index ebaa0eb69..9597ed08d 100644
--- a/src/lib/pubkey/pk_keys.cpp
+++ b/src/lib/pubkey/pk_keys.cpp
@@ -8,6 +8,8 @@
#include <botan/pk_keys.h>
#include <botan/der_enc.h>
#include <botan/oids.h>
+#include <botan/hash.h>
+#include <botan/hex.h>
namespace Botan {
@@ -52,4 +54,28 @@ void Private_Key::gen_check(RandomNumberGenerator& rng) const
throw Self_Test_Failure("Private key generation failed");
}
+/*
+* Hash of the PKCS #8 encoding for this key object
+*/
+std::string Private_Key::fingerprint(const std::string& alg) const
+ {
+ secure_vector<byte> buf = pkcs8_private_key();
+ std::unique_ptr<HashFunction> hash(HashFunction::create(alg));
+ hash->update(buf);
+ const auto hex_print = hex_encode(hash->final());
+
+ std::string formatted_print;
+
+ for(size_t i = 0; i != hex_print.size(); i += 2)
+ {
+ formatted_print.push_back(hex_print[i]);
+ formatted_print.push_back(hex_print[i+1]);
+
+ if(i != hex_print.size() - 2)
+ formatted_print.push_back(':');
+ }
+
+ return formatted_print;
+ }
+
}
diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h
index 40b7569af..1a3047a57 100644
--- a/src/lib/pubkey/pk_keys.h
+++ b/src/lib/pubkey/pk_keys.h
@@ -109,6 +109,10 @@ class BOTAN_DLL Private_Key : public virtual Public_Key
virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const
{ return algorithm_identifier(); }
+ /**
+ * @return Hash of the PKCS #8 encoding for this key object
+ */
+ std::string fingerprint(const std::string& alg = "SHA") const;
protected:
/**
* Self-test after loading a key