diff options
| -rw-r--r-- | include/x509find.h | 58 | ||||
| -rw-r--r-- | include/x509stor.h | 15 | ||||
| -rw-r--r-- | src/x509find.cpp | 127 |
3 files changed, 99 insertions, 101 deletions
diff --git a/include/x509find.h b/include/x509find.h new file mode 100644 index 000000000..7ad363672 --- /dev/null +++ b/include/x509find.h @@ -0,0 +1,58 @@ +/************************************************* +* X.509 Certificate Store Searching Header File * +* (C) 1999-2006 The Botan Project * +*************************************************/ + +#ifndef BOTAN_X509_CERT_STORE_SEARCH_H__ +#define BOTAN_X509_CERT_STORE_SEARCH_H__ + +#include <botan/x509stor.h> + +namespace Botan { + +/************************************************* +* Search based on the contents of a DN entry * +*************************************************/ +class DN_Check : public X509_Store::Search_Func + { + public: + typedef bool (*compare_fn)(const std::string&, const std::string&); + enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; + + bool match(const X509_Certificate& cert) const; + + DN_Check(const std::string&, const std::string&, compare_fn); + DN_Check(const std::string&, const std::string&, Search_Type); + private: + std::string dn_entry, looking_for; + compare_fn compare; + }; + +/************************************************* +* Search for a certificate by issuer/serial * +*************************************************/ +class IandS_Match : public X509_Store::Search_Func + { + public: + bool match(const X509_Certificate& cert) const; + IandS_Match(const X509_DN&, const MemoryRegion<byte>&); + private: + X509_DN issuer; + MemoryVector<byte> serial; + }; + +/************************************************* +* Search for a certificate by subject keyid * +*************************************************/ +class SKID_Match : public X509_Store::Search_Func + { + public: + bool match(const X509_Certificate& cert) const; + SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} + private: + MemoryVector<byte> skid; + }; + +} + +#endif diff --git a/include/x509stor.h b/include/x509stor.h index 9cb747a22..0ac5456ee 100644 --- a/include/x509stor.h +++ b/include/x509stor.h @@ -129,21 +129,6 @@ class X509_Store mutable bool revoked_info_valid; }; -namespace X509_Store_Search { - -/************************************************* -* Methods to search through a X509_Store * -*************************************************/ -std::vector<X509_Certificate> by_email(const X509_Store&, const std::string&); -std::vector<X509_Certificate> by_name(const X509_Store&, const std::string&); -std::vector<X509_Certificate> by_dns(const X509_Store&, const std::string&); -std::vector<X509_Certificate> by_iands(const X509_Store&, const X509_DN&, - const MemoryRegion<byte>&); -std::vector<X509_Certificate> by_SKID(const X509_Store&, - const MemoryRegion<byte>&); - -} - } #endif diff --git a/src/x509find.cpp b/src/x509find.cpp index 9a6f75fe4..10fe57afb 100644 --- a/src/x509find.cpp +++ b/src/x509find.cpp @@ -3,23 +3,15 @@ * (C) 1999-2006 The Botan Project * *************************************************/ -#include <botan/x509stor.h> +#include <botan/x509find.h> #include <botan/charset.h> #include <algorithm> -#include <memory> namespace Botan { -namespace X509_Store_Search { - namespace { /************************************************* -* Comparison Function Pointer * -*************************************************/ -typedef bool (*compare_fn)(const std::string&, const std::string&); - -/************************************************* * Compare based on case-insensive substrings * *************************************************/ bool substring_match(const std::string& searching_for, @@ -43,112 +35,75 @@ bool ignore_case(const std::string& searching_for, const std::string& found) searching_for.begin(), Charset::caseless_cmp); } +} + /************************************************* * Search based on the contents of a DN entry * *************************************************/ -class DN_Check : public X509_Store::Search_Func +bool DN_Check::match(const X509_Certificate& cert) const { - public: - bool match(const X509_Certificate& cert) const - { - std::vector<std::string> info = cert.subject_info(dn_entry); - - for(u32bit j = 0; j != info.size(); ++j) - if(compare(info[j], looking_for)) - return true; - return false; - } - - DN_Check(const std::string& entry, const std::string& target, - compare_fn func) : - compare(func), dn_entry(entry), looking_for(target) {} - private: - compare_fn compare; - const std::string dn_entry; - const std::string looking_for; - }; + std::vector<std::string> info = cert.subject_info(dn_entry); -} + for(u32bit j = 0; j != info.size(); ++j) + if(compare(info[j], looking_for)) + return true; + return false; + } /************************************************* -* Search for a certificate by email address * +* DN_Check Constructor * *************************************************/ -std::vector<X509_Certificate> by_email(const X509_Store& store, - const std::string& email) +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + compare_fn func) { - DN_Check search_params("RFC822", email, ignore_case); - return store.get_certs(search_params); + this->dn_entry = dn_entry; + this->looking_for = looking_for; + compare = func; } /************************************************* -* Search for a certificate by CommonName * +* DN_Check Constructor * *************************************************/ -std::vector<X509_Certificate> by_name(const X509_Store& store, - const std::string& name) +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + Search_Type method) { - DN_Check search_params("CommonName", name, substring_match); - return store.get_certs(search_params); + this->dn_entry = dn_entry; + this->looking_for = looking_for; + + if(method == SUBSTRING_MATCHING) + compare = &substring_match; + else if(method == IGNORE_CASE) + compare = &ignore_case; + else + throw Invalid_Argument("Unknown method argument to DN_Check()"); } /************************************************* -* Search for a certificate by DNS name * +* Match by issuer and serial number * *************************************************/ -std::vector<X509_Certificate> by_dns(const X509_Store& store, - const std::string& dns) +bool IandS_Match::match(const X509_Certificate& cert) const { - DN_Check search_params("DNS", dns, ignore_case); - return store.get_certs(search_params); + if(cert.serial_number() != serial) + return false; + return (cert.issuer_dn() == issuer); } /************************************************* -* Search for a certificate by issuer/serial * +* IandS_Match Constructor * *************************************************/ -std::vector<X509_Certificate> by_iands(const X509_Store& store, - const X509_DN& issuer, - const MemoryRegion<byte>& serial) +IandS_Match::IandS_Match(const X509_DN& issuer, + const MemoryRegion<byte>& serial) { - class IandS_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const - { - if(cert.serial_number() != serial) - return false; - return (cert.issuer_dn() == issuer); - } - IandS_Match(const X509_DN& i, const MemoryRegion<byte>& s) : - issuer(i), serial(s) {} - private: - X509_DN issuer; - MemoryVector<byte> serial; - }; - - IandS_Match search_params(issuer, serial); - return store.get_certs(search_params); + this->issuer = issuer; + this->serial = serial; } /************************************************* -* Search for a certificate by subject keyid * +* Match by subject key identifier * *************************************************/ -std::vector<X509_Certificate> by_SKID(const X509_Store& store, - const MemoryRegion<byte>& skid) +bool SKID_Match::match(const X509_Certificate& cert) const { - class SKID_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const - { - return (cert.subject_key_id() == skid); - } - SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} - private: - MemoryVector<byte> skid; - }; - - SKID_Match search_params(skid); - return store.get_certs(search_params); + return (cert.subject_key_id() == skid); } } - -} |