diff options
author | lloyd <[email protected]> | 2012-11-13 19:25:35 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-11-13 19:25:35 +0000 |
commit | cf8f87c832273ea2d70ed00be7130e36884e370c (patch) | |
tree | 7d8a9f493c74882a83c35b1993e8992ca221412a /src/cert | |
parent | 58461a900aea49e5230b7b748fc481114d31904a (diff) |
Change Credentials_Manager::trusted_certificate_authorities to return
a list of Certificate_Stores instead of a list of actual certs,
allowing for instance the ability to reference a DB cert store without
actually pulling all the certs into memory.
Add Certificate_Store::all_subjects which returns the DNs of all
contained certificates.
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/x509/certstor.cpp | 40 | ||||
-rw-r--r-- | src/cert/x509/certstor.h | 24 |
2 files changed, 39 insertions, 25 deletions
diff --git a/src/cert/x509/certstor.cpp b/src/cert/x509/certstor.cpp index f68177230..afb0ddd0c 100644 --- a/src/cert/x509/certstor.cpp +++ b/src/cert/x509/certstor.cpp @@ -20,13 +20,21 @@ bool Certificate_Store::certificate_known(const X509_Certificate& cert) const void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert) { - for(size_t i = 0; i != certs.size(); ++i) + for(size_t i = 0; i != m_certs.size(); ++i) { - if(certs[i] == cert) + if(m_certs[i] == cert) return; } - certs.push_back(cert); + m_certs.push_back(cert); + } + +std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const + { + std::vector<X509_DN> subjects; + for(size_t i = 0; i != m_certs.size(); ++i) + subjects.push_back(m_certs[i].subject_dn()); + return subjects; } std::vector<X509_Certificate> @@ -36,19 +44,19 @@ Certificate_Store_In_Memory::find_cert_by_subject_and_key_id( { std::vector<X509_Certificate> result; - for(size_t i = 0; i != certs.size(); ++i) + for(size_t i = 0; i != m_certs.size(); ++i) { // Only compare key ids if set in both call and in the cert if(key_id.size()) { - std::vector<byte> skid = certs[i].subject_key_id(); + std::vector<byte> skid = m_certs[i].subject_key_id(); if(skid.size() && skid != key_id) // no match continue; } - if(certs[i].subject_dn() == subject_dn) - result.push_back(certs[i]); + if(m_certs[i].subject_dn() == subject_dn) + result.push_back(m_certs[i]); } return result; @@ -58,19 +66,19 @@ void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl) { X509_DN crl_issuer = crl.issuer_dn(); - for(size_t i = 0; i != crls.size(); ++i) + for(size_t i = 0; i != m_crls.size(); ++i) { // Found an update of a previously existing one; replace it - if(crls[i].issuer_dn() == crl_issuer) + if(m_crls[i].issuer_dn() == crl_issuer) { - if(crls[i].this_update() <= crl.this_update()) - crls[i] = crl; + if(m_crls[i].this_update() <= crl.this_update()) + m_crls[i] = crl; return; } } // Totally new CRL, add to the list - crls.push_back(crl); + m_crls.push_back(crl); } std::vector<X509_CRL> @@ -80,19 +88,19 @@ Certificate_Store_In_Memory::find_crl_by_issuer_and_key_id( { std::vector<X509_CRL> result; - for(size_t i = 0; i != crls.size(); ++i) + for(size_t i = 0; i != m_crls.size(); ++i) { // Only compare key ids if set in both call and in the CRL if(key_id.size()) { - std::vector<byte> akid = crls[i].authority_key_id(); + std::vector<byte> akid = m_crls[i].authority_key_id(); if(akid.size() && akid != key_id) // no match continue; } - if(crls[i].issuer_dn() == issuer_dn) - result.push_back(crls[i]); + if(m_crls[i].issuer_dn() == issuer_dn) + result.push_back(m_crls[i]); } return result; diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h index 584259f8c..6faa0bfae 100644 --- a/src/cert/x509/certstor.h +++ b/src/cert/x509/certstor.h @@ -33,6 +33,8 @@ class BOTAN_DLL Certificate_Store bool certificate_known(const X509_Certificate& cert) const; + virtual std::vector<X509_DN> all_subjects() const = 0; + /** * Subject DN and (optionally) key identifier */ @@ -56,26 +58,30 @@ class BOTAN_DLL Certificate_Store class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store { public: - void add_certificate(const X509_Certificate& cert); + Certificate_Store_In_Memory() {} + + void add_certificate(const X509_Certificate& cert) override; - void add_crl(const X509_CRL& crl); + void add_crl(const X509_CRL& crl) override; + + std::vector<X509_DN> all_subjects() const override; std::vector<X509_Certificate> find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const std::vector<byte>& key_id) const; + const std::vector<byte>& key_id) const override; std::vector<X509_CRL> find_crl_by_issuer_and_key_id( const X509_DN& issuer_dn, - const std::vector<byte>& key_id) const; - - Certificate_Store_In_Memory() {} + const std::vector<byte>& key_id) const override; private: // TODO: Add indexing on the DN and key id to avoid linear search - std::vector<X509_Certificate> certs; - std::vector<X509_CRL> crls; + std::vector<X509_Certificate> m_certs; + std::vector<X509_CRL> m_crls; }; -// TODO: file-backed store +// TODO: file backed store +// TODO: directory backed store (eg /usr/share/ca-certificates) +// TODO: sqlite3 backed store } |