diff options
author | lloyd <[email protected]> | 2010-09-17 21:43:34 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-17 21:43:34 +0000 |
commit | f9d51dc97769c8dcda90221543f743a72391b2c2 (patch) | |
tree | d5ff9b210db4d9b30389e5c1dba6bf09a55ce464 /src/cert | |
parent | 3d10622abb3d06fb02affe31a25f059a58d8c84e (diff) |
Define a simpler Certificate_Store interface which should be much
easier to implement without requiring in-memory linear searching (eg a
flatfile store or SQL database with indexes).
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/x509store/certstor.cpp | 45 | ||||
-rw-r--r-- | src/cert/x509store/certstor.h | 38 | ||||
-rw-r--r-- | src/cert/x509store/x509stor.cpp | 18 |
3 files changed, 56 insertions, 45 deletions
diff --git a/src/cert/x509store/certstor.cpp b/src/cert/x509store/certstor.cpp index 96f2699df..1730dd18f 100644 --- a/src/cert/x509store/certstor.cpp +++ b/src/cert/x509store/certstor.cpp @@ -9,40 +9,35 @@ namespace Botan { -/* -* Search by name -*/ -std::vector<X509_Certificate> -Certificate_Store::by_name(const std::string&) const +void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) { - return std::vector<X509_Certificate>(); + certs.push_back(cert); } -/* -* Search by email -*/ -std::vector<X509_Certificate> -Certificate_Store::by_email(const std::string&) const +Certificate_Store* Certificate_Store_Memory::clone() const { - return std::vector<X509_Certificate>(); + return new Certificate_Store_Memory(*this); } -/* -* Search by X.500 distinguished name -*/ std::vector<X509_Certificate> -Certificate_Store::by_dn(const X509_DN&) const +Certificate_Store_Memory::find_by_subject_and_key_id( + const X509_DN& subject_dn, + const MemoryRegion<byte>& key_id) { - return std::vector<X509_Certificate>(); - } + std::vector<X509_Certificate> result; -/* -* Find any CRLs that might be useful -*/ -std::vector<X509_CRL> -Certificate_Store::get_crls_for(const X509_Certificate&) const - { - return std::vector<X509_CRL>(); + for(size_t i = 0; i != certs.size(); ++i) + { + MemoryVector<byte> skid = certs[i].subject_key_id(); + + if(key_id.size() && skid.size() && skid != key_id) + continue; + + if(certs[i].subject_dn() == subject_dn) + result.push_back(certs[i]); + } + + return result; } } diff --git a/src/cert/x509store/certstor.h b/src/cert/x509store/certstor.h index 2e39a7178..922177930 100644 --- a/src/cert/x509store/certstor.h +++ b/src/cert/x509store/certstor.h @@ -19,21 +19,43 @@ namespace Botan { class BOTAN_DLL Certificate_Store { public: + virtual ~Certificate_Store() {} + + virtual Certificate_Store* clone() const = 0; + + /** + * Add a certificate + */ + virtual void add_certificate(const X509_Certificate& cert) = 0; + + /** + * Subject DN and (optionally) key identifier + */ virtual std::vector<X509_Certificate> - by_SKID(const MemoryRegion<byte>&) const = 0; + find_by_subject_and_key_id( + const X509_DN& subject_dn, + const MemoryRegion<byte>& key_id) = 0; + }; - virtual std::vector<X509_Certificate> by_name(const std::string&) const; - virtual std::vector<X509_Certificate> by_email(const std::string&) const; - virtual std::vector<X509_Certificate> by_dn(const X509_DN&) const; +class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store + { + public: + Certificate_Store* clone() const; - virtual std::vector<X509_CRL> - get_crls_for(const X509_Certificate&) const; + void add_certificate(const X509_Certificate& cert); - virtual Certificate_Store* clone() const = 0; + std::vector<X509_Certificate> find_by_subject_and_key_id( + const X509_DN& subject_dn, + const MemoryRegion<byte>& key_id); - virtual ~Certificate_Store() {} + Certificate_Store_Memory() {} + private: + // TODO: Add indexing on the DN and key id to avoid linear search? + std::vector<X509_Certificate> certs; }; +// TODO: file-backed store + } #endif diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index a24d4a070..fe808b55a 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -274,22 +274,16 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert) if(index != NO_CERT_FOUND) return index; - if(auth_key_id.size()) + for(u32bit j = 0; j != stores.size(); ++j) { - for(u32bit j = 0; j != stores.size(); ++j) - { - std::vector<X509_Certificate> got = stores[j]->by_SKID(auth_key_id); - - if(got.empty()) - continue; + std::vector<X509_Certificate> got = + stores[j]->find_by_subject_and_key_id(issuer_dn, auth_key_id); - for(u32bit k = 0; k != got.size(); ++k) - add_cert(got[k]); - return find_cert(issuer_dn, auth_key_id); - } + for(u32bit k = 0; k != got.size(); ++k) + add_cert(got[k]); } - return NO_CERT_FOUND; + return find_cert(issuer_dn, auth_key_id); } /* |