diff options
author | Fabian Weissberg <[email protected]> | 2017-11-29 12:29:56 +0100 |
---|---|---|
committer | Fabian Weissberg <[email protected]> | 2017-12-20 13:32:51 +0100 |
commit | 02e756dba4c1001b790c3496049f40ebfe89539b (patch) | |
tree | 30f36cd1faa600dd61f7ffbf6d699d4fefafe127 /src/lib/x509/certstor_sql | |
parent | 2918801d97ccdad5327320ee29bdc2cf666fb08a (diff) |
Fix various x509 path validation bugs + path building with ambiguous DNs
Signed-off-by: Fabian Weissberg <[email protected]>
Diffstat (limited to 'src/lib/x509/certstor_sql')
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.cpp | 37 | ||||
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.h | 7 |
2 files changed, 41 insertions, 3 deletions
diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp index 6acfed060..d2991a019 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.cpp +++ b/src/lib/x509/certstor_sql/certstor_sql.cpp @@ -76,6 +76,40 @@ Certificate_Store_In_SQL::find_cert(const X509_DN& subject_dn, const std::vector return cert; } +std::vector<std::shared_ptr<const X509_Certificate>> +Certificate_Store_In_SQL::find_all_certs(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const + { + std::vector<std::shared_ptr<const X509_Certificate>> certs; + + DER_Encoder enc; + std::shared_ptr<SQL_Database::Statement> stmt; + + subject_dn.encode_into(enc); + + if(key_id.empty()) + { + stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE subject_dn == ?1"); + stmt->bind(1,enc.get_contents_unlocked()); + } + else + { + stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE\ + subject_dn == ?1 AND (key_id == NULL OR key_id == ?2)"); + stmt->bind(1,enc.get_contents_unlocked()); + stmt->bind(2,key_id); + } + + std::shared_ptr<const X509_Certificate> cert; + while(stmt->step()) + { + auto blob = stmt->get_blob(0); + certs.push_back(std::make_shared<X509_Certificate>( + std::vector<uint8_t>(blob.first,blob.first + blob.second))); + } + + return certs; + } + std::shared_ptr<const X509_Certificate> Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& /*key_hash*/) const { @@ -123,9 +157,6 @@ std::vector<X509_DN> Certificate_Store_In_SQL::all_subjects() const bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert) { - if(find_cert(cert.subject_dn(),cert.subject_key_id())) - return false; - DER_Encoder enc; auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " + m_prefix + "certificates (\ diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h index 88e3968bf..fd80eb191 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.h +++ b/src/lib/x509/certstor_sql/certstor_sql.h @@ -43,6 +43,13 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_SQL : public Certificate_Store std::shared_ptr<const X509_Certificate> find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; + /* + * Find all certificates with a given Subject DN. + * Subject DN and even the key identifier might not be unique. + */ + std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs( + const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; + std::shared_ptr<const X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; |