aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509/certstor.h
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-25 17:15:28 -0500
committerJack Lloyd <[email protected]>2016-11-25 17:15:28 -0500
commitce1c593c8f6258a5fa0df50f620e4bdde4e7d034 (patch)
treef27f17e6f24657d138dd1946314801d9415e4a6e /src/lib/x509/certstor.h
parent4a849b7ebb329630ef03d5b3961d57c5f76cfa0b (diff)
parentcdb20d3599f38807f4495c9c705b5864928b2824 (diff)
Merge GH #653 OCSP and X.509 path validation refactor
Splits up path validation into several sub-functions for easier testing and creating customized validation code. Much improved OCSP handling and OCSP tests.
Diffstat (limited to 'src/lib/x509/certstor.h')
-rw-r--r--src/lib/x509/certstor.h53
1 files changed, 27 insertions, 26 deletions
diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h
index 56176739b..ba71334c5 100644
--- a/src/lib/x509/certstor.h
+++ b/src/lib/x509/certstor.h
@@ -31,6 +31,15 @@ class BOTAN_DLL Certificate_Store
find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const = 0;
/**
+ * Find a certificate by searching for one with a matching SHA-1 hash of
+ * public key. Used for OCSP.
+ * @param key_hash SHA-1 hash of the subject's public key
+ * @return a matching certificate or nullptr otherwise
+ */
+ virtual std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const = 0;
+
+ /**
* Finds a CRL for the given certificate
* @param subject the subject certificate
* @return the CRL for subject or nullptr otherwise
@@ -79,12 +88,24 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
void add_certificate(const X509_Certificate& cert);
/**
+ * Add a certificate already in a shared_ptr to the store.
+ * @param cert certificate to be added
+ */
+ void add_certificate(std::shared_ptr<const X509_Certificate> cert);
+
+ /**
* Add a certificate revocation list (CRL) to the store.
* @param crl CRL to be added
*/
void add_crl(const X509_CRL& crl);
/**
+ * Add a certificate revocation list (CRL) to the store as a shared_ptr
+ * @param crl CRL to be added
+ */
+ void add_crl(std::shared_ptr<const X509_CRL> crl);
+
+ /**
* @return DNs for all certificates managed by the store
*/
std::vector<X509_DN> all_subjects() const override;
@@ -96,39 +117,19 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
const X509_DN& subject_dn,
const std::vector<byte>& key_id) const override;
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override;
+
/**
* Finds a CRL for the given certificate
*/
std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
private:
// TODO: Add indexing on the DN and key id to avoid linear search
- std::vector<std::shared_ptr<X509_Certificate>> m_certs;
- std::vector<std::shared_ptr<X509_CRL>> m_crls;
- };
-
-/**
-* FIXME add doc
-*/
-class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store
- {
- public:
- explicit Certificate_Store_Overlay(const std::vector<std::shared_ptr<const X509_Certificate>>& certs) :
- m_certs(certs) {}
-
- /**
- * @return DNs for all certificates managed by the store
- */
- std::vector<X509_DN> all_subjects() const override;
-
- /**
- * Find a certificate by Subject DN and (optionally) key identifier
- */
- std::shared_ptr<const X509_Certificate> find_cert(
- const X509_DN& subject_dn,
- const std::vector<byte>& key_id) const override;
- private:
- const std::vector<std::shared_ptr<const X509_Certificate>>& m_certs;
+ std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
+ std::vector<std::shared_ptr<const X509_CRL>> m_crls;
};
}
+
#endif