aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorNuno Goncalves <[email protected]>2017-02-27 16:13:21 +0100
committerNuno Goncalves <[email protected]>2017-04-03 22:40:10 +0200
commit3936f07547039d0691b4070f7be20cb76bf8fad5 (patch)
treec0e8668c0fd3972afd1d748d87cd0e4ab6e50d07 /src
parentf7cf31ef5f8d9bc9c846415966566e307ec9510b (diff)
Add certificate store lookup by subject DN hash
Signed-off-by: Nuno Goncalves <[email protected]>
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/certstor.cpp17
-rw-r--r--src/lib/x509/certstor.h12
-rw-r--r--src/lib/x509/certstor_sql/certstor_sql.cpp6
-rw-r--r--src/lib/x509/certstor_sql/certstor_sql.h3
4 files changed, 38 insertions, 0 deletions
diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp
index 63a5cd645..df4fc3365 100644
--- a/src/lib/x509/certstor.cpp
+++ b/src/lib/x509/certstor.cpp
@@ -82,6 +82,23 @@ Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>
return nullptr;
}
+std::shared_ptr<const X509_Certificate>
+Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
+ {
+ if(subject_hash.size() != 32)
+ throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
+
+ std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
+
+ for(const auto& cert : m_certs){
+ hash->update(cert->raw_subject_dn());
+ if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
+ return cert;
+ }
+
+ return nullptr;
+ }
+
void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
{
std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h
index 3ac357767..d8630a192 100644
--- a/src/lib/x509/certstor.h
+++ b/src/lib/x509/certstor.h
@@ -40,6 +40,15 @@ class BOTAN_DLL Certificate_Store
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
/**
+ * Find a certificate by searching for one with a matching SHA-256 hash of
+ * raw subject name. Used for OCSP.
+ * @param subject_hash SHA-256 hash of the subject's raw name
+ * @return a matching certificate or nullptr otherwise
+ */
+ virtual std::shared_ptr<const X509_Certificate>
+ find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
+
+ /**
* Finds a CRL for the given certificate
* @param subject the subject certificate
* @return the CRL for subject or nullptr otherwise
@@ -120,6 +129,9 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
std::shared_ptr<const X509_Certificate>
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
+
/**
* Finds a CRL for the given certificate
*/
diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp
index 7c8e2bb19..fc8a05eb2 100644
--- a/src/lib/x509/certstor_sql/certstor_sql.cpp
+++ b/src/lib/x509/certstor_sql/certstor_sql.cpp
@@ -84,6 +84,12 @@ Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& /
throw Not_Implemented("TODO!");
}
+std::shared_ptr<const X509_Certificate>
+Certificate_Store_In_SQL::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& /*subject_hash*/) const
+ {
+ throw Not_Implemented("TODO!");
+ }
+
std::shared_ptr<const X509_CRL>
Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const
{
diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h
index 91d8d5c00..f95aea9b4 100644
--- a/src/lib/x509/certstor_sql/certstor_sql.h
+++ b/src/lib/x509/certstor_sql/certstor_sql.h
@@ -44,6 +44,9 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store
std::shared_ptr<const X509_Certificate>
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
+
/**
* Returns all subject DNs known to the store instance.
*/