diff options
author | Jack Lloyd <[email protected]> | 2016-11-25 17:15:28 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-25 17:15:28 -0500 |
commit | ce1c593c8f6258a5fa0df50f620e4bdde4e7d034 (patch) | |
tree | f27f17e6f24657d138dd1946314801d9415e4a6e /src/lib/x509/certstor.h | |
parent | 4a849b7ebb329630ef03d5b3961d57c5f76cfa0b (diff) | |
parent | cdb20d3599f38807f4495c9c705b5864928b2824 (diff) |
Merge GH #653 OCSP and X.509 path validation refactor
Splits up path validation into several sub-functions for easier testing
and creating customized validation code. Much improved OCSP handling
and OCSP tests.
Diffstat (limited to 'src/lib/x509/certstor.h')
-rw-r--r-- | src/lib/x509/certstor.h | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h index 56176739b..ba71334c5 100644 --- a/src/lib/x509/certstor.h +++ b/src/lib/x509/certstor.h @@ -31,6 +31,15 @@ class BOTAN_DLL Certificate_Store find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const = 0; /** + * Find a certificate by searching for one with a matching SHA-1 hash of + * public key. Used for OCSP. + * @param key_hash SHA-1 hash of the subject's public key + * @return a matching certificate or nullptr otherwise + */ + virtual std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const = 0; + + /** * Finds a CRL for the given certificate * @param subject the subject certificate * @return the CRL for subject or nullptr otherwise @@ -79,12 +88,24 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store void add_certificate(const X509_Certificate& cert); /** + * Add a certificate already in a shared_ptr to the store. + * @param cert certificate to be added + */ + void add_certificate(std::shared_ptr<const X509_Certificate> cert); + + /** * Add a certificate revocation list (CRL) to the store. * @param crl CRL to be added */ void add_crl(const X509_CRL& crl); /** + * Add a certificate revocation list (CRL) to the store as a shared_ptr + * @param crl CRL to be added + */ + void add_crl(std::shared_ptr<const X509_CRL> crl); + + /** * @return DNs for all certificates managed by the store */ std::vector<X509_DN> all_subjects() const override; @@ -96,39 +117,19 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store const X509_DN& subject_dn, const std::vector<byte>& key_id) const override; + std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override; + /** * Finds a CRL for the given certificate */ std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override; private: // TODO: Add indexing on the DN and key id to avoid linear search - std::vector<std::shared_ptr<X509_Certificate>> m_certs; - std::vector<std::shared_ptr<X509_CRL>> m_crls; - }; - -/** -* FIXME add doc -*/ -class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store - { - public: - explicit Certificate_Store_Overlay(const std::vector<std::shared_ptr<const X509_Certificate>>& certs) : - m_certs(certs) {} - - /** - * @return DNs for all certificates managed by the store - */ - std::vector<X509_DN> all_subjects() const override; - - /** - * Find a certificate by Subject DN and (optionally) key identifier - */ - std::shared_ptr<const X509_Certificate> find_cert( - const X509_DN& subject_dn, - const std::vector<byte>& key_id) const override; - private: - const std::vector<std::shared_ptr<const X509_Certificate>>& m_certs; + std::vector<std::shared_ptr<const X509_Certificate>> m_certs; + std::vector<std::shared_ptr<const X509_CRL>> m_crls; }; } + #endif |