Add CRL storage possibilities

3 files changed, 93 insertions, 17 deletions

diff --git a/src/cert/x509store/certstor.cpp b/src/cert/x509store/certstor.cpp
index 1730dd18f..3cba2f39e 100644
--- a/src/cert/x509store/certstor.cpp
+++ b/src/cert/x509store/certstor.cpp
@@ -1,6 +1,6 @@
 /*
 * Certificate Store
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
@@ -9,29 +9,39 @@
 
 namespace Botan {
 
-void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert)
+Certificate_Store* Certificate_Store_Memory::clone() const
    {
-   certs.push_back(cert);
+   return new Certificate_Store_Memory(*this);
    }
 
-Certificate_Store* Certificate_Store_Memory::clone() const
+void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert)
    {
-   return new Certificate_Store_Memory(*this);
+   for(size_t i = 0; i != certs.size(); ++i)
+      {
+      if(certs[i] == cert)
+         return;
+      }
+
+   certs.push_back(cert);
    }
 
 std::vector<X509_Certificate>
-Certificate_Store_Memory::find_by_subject_and_key_id(
+Certificate_Store_Memory::find_cert_by_subject_and_key_id(
    const X509_DN& subject_dn,
-   const MemoryRegion<byte>& key_id)
+   const MemoryRegion<byte>& key_id) const
    {
    std::vector<X509_Certificate> result;
 
    for(size_t i = 0; i != certs.size(); ++i)
       {
-      MemoryVector<byte> skid = certs[i].subject_key_id();
+      // Only compare key ids if set in both call and in the cert
+      if(key_id.size())
+         {
+         MemoryVector<byte> skid = certs[i].subject_key_id();
 
-      if(key_id.size() && skid.size() && skid != key_id)
-         continue;
+         if(skid.size() && skid != key_id) // no match
+            continue;
+         }
 
       if(certs[i].subject_dn() == subject_dn)
          result.push_back(certs[i]);
@@ -40,4 +50,50 @@ Certificate_Store_Memory::find_by_subject_and_key_id(
    return result;
    }
 
+void Certificate_Store_Memory::add_crl(const X509_CRL& crl)
+   {
+   X509_DN crl_issuer = crl.issuer_dn();
+
+   for(size_t i = 0; i != crls.size(); ++i)
+      {
+      // Found an update of a previously existing one; replace it
+      if(crls[i].issuer_dn() == crl_issuer)
+         {
+         if(crls[i].this_update() < crl.this_update())
+            {
+            crls[i] = crl;
+            return;
+            }
+         }
+      }
+
+   // Totally new CRL, add to the list
+   crls.push_back(crl);
+   }
+
+std::vector<X509_CRL>
+Certificate_Store_Memory::find_crl_by_subject_and_key_id(
+   const X509_DN& issuer_dn,
+   const MemoryRegion<byte>& key_id) const
+   {
+   std::vector<X509_CRL> result;
+
+   for(size_t i = 0; i != crls.size(); ++i)
+      {
+      // Only compare key ids if set in both call and in the CRL
+      if(key_id.size())
+         {
+         MemoryVector<byte> akid = crls[i].authority_key_id();
+
+         if(akid.size() && akid != key_id) // no match
+            continue;
+         }
+
+      if(crls[i].issuer_dn() == issuer_dn)
+         result.push_back(crls[i]);
+      }
+
+   return result;
+   }
+
 }
diff --git a/src/cert/x509store/certstor.h b/src/cert/x509store/certstor.h
index 922177930..aaa46bd4e 100644
--- a/src/cert/x509store/certstor.h
+++ b/src/cert/x509store/certstor.h
@@ -1,6 +1,6 @@
 /*
 * Certificate Store
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
@@ -24,17 +24,30 @@ class BOTAN_DLL Certificate_Store
       virtual Certificate_Store* clone() const = 0;
 
       /**
-      * Add a certificate
+      * Add a certificate; this may fail if the store is write-only
       */
       virtual void add_certificate(const X509_Certificate& cert) = 0;
 
       /**
+      * Add a CRL; this may fail if the store is write-only
+      */
+      virtual void add_crl(const X509_CRL& crl) = 0;
+
+      /**
       * Subject DN and (optionally) key identifier
       */
       virtual std::vector<X509_Certificate>
-         find_by_subject_and_key_id(
+         find_cert_by_subject_and_key_id(
             const X509_DN& subject_dn,
-            const MemoryRegion<byte>& key_id) = 0;
+            const MemoryRegion<byte>& key_id) const = 0;
+
+      /**
+      * Find CRLs by the DN and key id of the issuer
+      */
+      virtual std::vector<X509_CRL>
+         find_crl_by_subject_and_key_id(
+            const X509_DN& issuer_dn,
+            const MemoryRegion<byte>& key_id) const = 0;
    };
 
 class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
@@ -44,14 +57,21 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store
 
       void add_certificate(const X509_Certificate& cert);
 
-      std::vector<X509_Certificate> find_by_subject_and_key_id(
+      void add_crl(const X509_CRL& crl);
+
+      std::vector<X509_Certificate> find_cert_by_subject_and_key_id(
          const X509_DN& subject_dn,
-         const MemoryRegion<byte>& key_id);
+         const MemoryRegion<byte>& key_id) const;
+
+      std::vector<X509_CRL> find_crl_by_subject_and_key_id(
+         const X509_DN& issuer_dn,
+         const MemoryRegion<byte>& key_id) const;
 
       Certificate_Store_Memory() {}
    private:
       // TODO: Add indexing on the DN and key id to avoid linear search?
       std::vector<X509_Certificate> certs;
+      std::vector<X509_CRL> crls;
    };
 
 // TODO: file-backed store
diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp
index fe808b55a..6ae473aaa 100644
--- a/src/cert/x509store/x509stor.cpp
+++ b/src/cert/x509store/x509stor.cpp
@@ -277,7 +277,7 @@ u32bit X509_Store::find_parent_of(const X509_Certificate& cert)
    for(u32bit j = 0; j != stores.size(); ++j)
       {
       std::vector<X509_Certificate> got =
-         stores[j]->find_by_subject_and_key_id(issuer_dn, auth_key_id);
+         stores[j]->find_cert_by_subject_and_key_id(issuer_dn, auth_key_id);
 
       for(u32bit k = 0; k != got.size(); ++k)
          add_cert(got[k]);