diff options
author | Nuno Goncalves <[email protected]> | 2017-02-27 16:13:21 +0100 |
---|---|---|
committer | Nuno Goncalves <[email protected]> | 2017-04-03 22:40:10 +0200 |
commit | 3936f07547039d0691b4070f7be20cb76bf8fad5 (patch) | |
tree | c0e8668c0fd3972afd1d748d87cd0e4ab6e50d07 /src | |
parent | f7cf31ef5f8d9bc9c846415966566e307ec9510b (diff) |
Add certificate store lookup by subject DN hash
Signed-off-by: Nuno Goncalves <[email protected]>
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/x509/certstor.cpp | 17 | ||||
-rw-r--r-- | src/lib/x509/certstor.h | 12 | ||||
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.cpp | 6 | ||||
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.h | 3 |
4 files changed, 38 insertions, 0 deletions
diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp index 63a5cd645..df4fc3365 100644 --- a/src/lib/x509/certstor.cpp +++ b/src/lib/x509/certstor.cpp @@ -82,6 +82,23 @@ Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t> return nullptr; } +std::shared_ptr<const X509_Certificate> +Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const + { + if(subject_hash.size() != 32) + throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash"); + + std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256")); + + for(const auto& cert : m_certs){ + hash->update(cert->raw_subject_dn()); + if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state + return cert; + } + + return nullptr; + } + void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl) { std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl); diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h index 3ac357767..d8630a192 100644 --- a/src/lib/x509/certstor.h +++ b/src/lib/x509/certstor.h @@ -40,6 +40,15 @@ class BOTAN_DLL Certificate_Store find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0; /** + * Find a certificate by searching for one with a matching SHA-256 hash of + * raw subject name. Used for OCSP. + * @param subject_hash SHA-256 hash of the subject's raw name + * @return a matching certificate or nullptr otherwise + */ + virtual std::shared_ptr<const X509_Certificate> + find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0; + + /** * Finds a CRL for the given certificate * @param subject the subject certificate * @return the CRL for subject or nullptr otherwise @@ -120,6 +129,9 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store std::shared_ptr<const X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; + std::shared_ptr<const X509_Certificate> + find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; + /** * Finds a CRL for the given certificate */ diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp index 7c8e2bb19..fc8a05eb2 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.cpp +++ b/src/lib/x509/certstor_sql/certstor_sql.cpp @@ -84,6 +84,12 @@ Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& / throw Not_Implemented("TODO!"); } +std::shared_ptr<const X509_Certificate> +Certificate_Store_In_SQL::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& /*subject_hash*/) const + { + throw Not_Implemented("TODO!"); + } + std::shared_ptr<const X509_CRL> Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const { diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h index 91d8d5c00..f95aea9b4 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.h +++ b/src/lib/x509/certstor_sql/certstor_sql.h @@ -44,6 +44,9 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store std::shared_ptr<const X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; + std::shared_ptr<const X509_Certificate> + find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; + /** * Returns all subject DNs known to the store instance. */ |