aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-11-13 19:25:35 +0000
committerlloyd <[email protected]>2012-11-13 19:25:35 +0000
commitcf8f87c832273ea2d70ed00be7130e36884e370c (patch)
tree7d8a9f493c74882a83c35b1993e8992ca221412a /src/cert
parent58461a900aea49e5230b7b748fc481114d31904a (diff)
Change Credentials_Manager::trusted_certificate_authorities to return
a list of Certificate_Stores instead of a list of actual certs, allowing for instance the ability to reference a DB cert store without actually pulling all the certs into memory. Add Certificate_Store::all_subjects which returns the DNs of all contained certificates.
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/x509/certstor.cpp40
-rw-r--r--src/cert/x509/certstor.h24
2 files changed, 39 insertions, 25 deletions
diff --git a/src/cert/x509/certstor.cpp b/src/cert/x509/certstor.cpp
index f68177230..afb0ddd0c 100644
--- a/src/cert/x509/certstor.cpp
+++ b/src/cert/x509/certstor.cpp
@@ -20,13 +20,21 @@ bool Certificate_Store::certificate_known(const X509_Certificate& cert) const
void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
{
- for(size_t i = 0; i != certs.size(); ++i)
+ for(size_t i = 0; i != m_certs.size(); ++i)
{
- if(certs[i] == cert)
+ if(m_certs[i] == cert)
return;
}
- certs.push_back(cert);
+ m_certs.push_back(cert);
+ }
+
+std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
+ {
+ std::vector<X509_DN> subjects;
+ for(size_t i = 0; i != m_certs.size(); ++i)
+ subjects.push_back(m_certs[i].subject_dn());
+ return subjects;
}
std::vector<X509_Certificate>
@@ -36,19 +44,19 @@ Certificate_Store_In_Memory::find_cert_by_subject_and_key_id(
{
std::vector<X509_Certificate> result;
- for(size_t i = 0; i != certs.size(); ++i)
+ for(size_t i = 0; i != m_certs.size(); ++i)
{
// Only compare key ids if set in both call and in the cert
if(key_id.size())
{
- std::vector<byte> skid = certs[i].subject_key_id();
+ std::vector<byte> skid = m_certs[i].subject_key_id();
if(skid.size() && skid != key_id) // no match
continue;
}
- if(certs[i].subject_dn() == subject_dn)
- result.push_back(certs[i]);
+ if(m_certs[i].subject_dn() == subject_dn)
+ result.push_back(m_certs[i]);
}
return result;
@@ -58,19 +66,19 @@ void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
{
X509_DN crl_issuer = crl.issuer_dn();
- for(size_t i = 0; i != crls.size(); ++i)
+ for(size_t i = 0; i != m_crls.size(); ++i)
{
// Found an update of a previously existing one; replace it
- if(crls[i].issuer_dn() == crl_issuer)
+ if(m_crls[i].issuer_dn() == crl_issuer)
{
- if(crls[i].this_update() <= crl.this_update())
- crls[i] = crl;
+ if(m_crls[i].this_update() <= crl.this_update())
+ m_crls[i] = crl;
return;
}
}
// Totally new CRL, add to the list
- crls.push_back(crl);
+ m_crls.push_back(crl);
}
std::vector<X509_CRL>
@@ -80,19 +88,19 @@ Certificate_Store_In_Memory::find_crl_by_issuer_and_key_id(
{
std::vector<X509_CRL> result;
- for(size_t i = 0; i != crls.size(); ++i)
+ for(size_t i = 0; i != m_crls.size(); ++i)
{
// Only compare key ids if set in both call and in the CRL
if(key_id.size())
{
- std::vector<byte> akid = crls[i].authority_key_id();
+ std::vector<byte> akid = m_crls[i].authority_key_id();
if(akid.size() && akid != key_id) // no match
continue;
}
- if(crls[i].issuer_dn() == issuer_dn)
- result.push_back(crls[i]);
+ if(m_crls[i].issuer_dn() == issuer_dn)
+ result.push_back(m_crls[i]);
}
return result;
diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h
index 584259f8c..6faa0bfae 100644
--- a/src/cert/x509/certstor.h
+++ b/src/cert/x509/certstor.h
@@ -33,6 +33,8 @@ class BOTAN_DLL Certificate_Store
bool certificate_known(const X509_Certificate& cert) const;
+ virtual std::vector<X509_DN> all_subjects() const = 0;
+
/**
* Subject DN and (optionally) key identifier
*/
@@ -56,26 +58,30 @@ class BOTAN_DLL Certificate_Store
class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
{
public:
- void add_certificate(const X509_Certificate& cert);
+ Certificate_Store_In_Memory() {}
+
+ void add_certificate(const X509_Certificate& cert) override;
- void add_crl(const X509_CRL& crl);
+ void add_crl(const X509_CRL& crl) override;
+
+ std::vector<X509_DN> all_subjects() const override;
std::vector<X509_Certificate> find_cert_by_subject_and_key_id(
const X509_DN& subject_dn,
- const std::vector<byte>& key_id) const;
+ const std::vector<byte>& key_id) const override;
std::vector<X509_CRL> find_crl_by_issuer_and_key_id(
const X509_DN& issuer_dn,
- const std::vector<byte>& key_id) const;
-
- Certificate_Store_In_Memory() {}
+ const std::vector<byte>& key_id) const override;
private:
// TODO: Add indexing on the DN and key id to avoid linear search
- std::vector<X509_Certificate> certs;
- std::vector<X509_CRL> crls;
+ std::vector<X509_Certificate> m_certs;
+ std::vector<X509_CRL> m_crls;
};
-// TODO: file-backed store
+// TODO: file backed store
+// TODO: directory backed store (eg /usr/share/ca-certificates)
+// TODO: sqlite3 backed store
}