aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-17 21:43:34 +0000
committerlloyd <[email protected]>2010-09-17 21:43:34 +0000
commitf9d51dc97769c8dcda90221543f743a72391b2c2 (patch)
treed5ff9b210db4d9b30389e5c1dba6bf09a55ce464 /src/cert
parent3d10622abb3d06fb02affe31a25f059a58d8c84e (diff)
Define a simpler Certificate_Store interface which should be much
easier to implement without requiring in-memory linear searching (eg a flatfile store or SQL database with indexes).
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/x509store/certstor.cpp45
-rw-r--r--src/cert/x509store/certstor.h38
-rw-r--r--src/cert/x509store/x509stor.cpp18
3 files changed, 56 insertions, 45 deletions
diff --git a/src/cert/x509store/certstor.cpp b/src/cert/x509store/certstor.cpp
index 96f2699df..1730dd18f 100644
--- a/src/cert/x509store/certstor.cpp
+++ b/src/cert/x509store/certstor.cpp
@@ -9,40 +9,35 @@
namespace Botan {
-/*
-* Search by name
-*/
-std::vector<X509_Certificate>
-Certificate_Store::by_name(const std::string&) const
+void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert)
{
- return std::vector<X509_Certificate>();
+ certs.push_back(cert);
}
-/*
-* Search by email
-*/
-std::vector<X509_Certificate>
-Certificate_Store::by_email(const std::string&) const
+Certificate_Store* Certificate_Store_Memory::clone() const
{
- return std::vector<X509_Certificate>();
+ return new Certificate_Store_Memory(*this);
}
-/*
-* Search by X.500 distinguished name
-*/
std::vector<X509_Certificate>
-Certificate_Store::by_dn(const X509_DN&) const
+Certificate_Store_Memory::find_by_subject_and_key_id(
+ const X509_DN& subject_dn,
+ const MemoryRegion<byte>& key_id)
{
- return std::vector<X509_Certificate>();
- }
+ std::vector<X509_Certificate> result;
-/*
-* Find any CRLs that might be useful
-*/
-std::vector<X509_CRL>
-Certificate_Store::get_crls_for(const X509_Certificate&) const
- {
- return std::vector<X509_CRL>();
+ for(size_t i = 0; i != certs.size(); ++i)
+ {
+ MemoryVector<byte> skid = certs[i].subject_key_id();
+
+ if(key_id.size() && skid.size() && skid != key_id)
+ continue;
+
+ if(certs[i].subject_dn() == subject_dn)
+ result.push_back(certs[i]);
+ }
+
+ return result;
}
}
diff --git a/src/cert/x509store/certstor.h b/src/cert/x509store/certstor.h
index 2e39a7178..922177930 100644
--- a/src/cert/x509store/certstor.h
+++ b/src/cert/x509store/certstor.h
@@ -19,21 +19,43 @@ namespace Botan {
class BOTAN_DLL Certificate_Store
{
public:
+ virtual ~Certificate_Store() {}
+
+ virtual Certificate_Store* clone() const = 0;
+
+ /**
+ * Add a certificate
+ */
+ virtual void add_certificate(const X509_Certificate& cert) = 0;
+
+ /**
+ * Subject DN and (optionally) key identifier
+ */
virtual std::vector<X509_Certificate>
- by_SKID(const MemoryRegion<byte>&) const = 0;
+ find_by_subject_and_key_id(
+ const X509_DN& subject_dn,
+ const MemoryRegion<byte>& key_id) = 0;
+ };
- virtual std::vector<X509_Certificate> by_name(const std::string&) const;
- virtual std::vector<X509_Certificate> by_email(const std::string&) const;
- virtual std::vector<X509_Certificate> by_dn(const X509_DN&) const;
+class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
+ {
+ public:
+ Certificate_Store* clone() const;
- virtual std::vector<X509_CRL>
- get_crls_for(const X509_Certificate&) const;
+ void add_certificate(const X509_Certificate& cert);
- virtual Certificate_Store* clone() const = 0;
+ std::vector<X509_Certificate> find_by_subject_and_key_id(
+ const X509_DN& subject_dn,
+ const MemoryRegion<byte>& key_id);
- virtual ~Certificate_Store() {}
+ Certificate_Store_Memory() {}
+ private:
+ // TODO: Add indexing on the DN and key id to avoid linear search?
+ std::vector<X509_Certificate> certs;
};
+// TODO: file-backed store
+
}
#endif
diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp
index a24d4a070..fe808b55a 100644
--- a/src/cert/x509store/x509stor.cpp
+++ b/src/cert/x509store/x509stor.cpp
@@ -274,22 +274,16 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert)
if(index != NO_CERT_FOUND)
return index;
- if(auth_key_id.size())
+ for(u32bit j = 0; j != stores.size(); ++j)
{
- for(u32bit j = 0; j != stores.size(); ++j)
- {
- std::vector<X509_Certificate> got = stores[j]->by_SKID(auth_key_id);
-
- if(got.empty())
- continue;
+ std::vector<X509_Certificate> got =
+ stores[j]->find_by_subject_and_key_id(issuer_dn, auth_key_id);
- for(u32bit k = 0; k != got.size(); ++k)
- add_cert(got[k]);
- return find_cert(issuer_dn, auth_key_id);
- }
+ for(u32bit k = 0; k != got.size(); ++k)
+ add_cert(got[k]);
}
- return NO_CERT_FOUND;
+ return find_cert(issuer_dn, auth_key_id);
}
/*