aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/build-data/os/linux.txt2
-rw-r--r--src/lib/x509/certstor_flatfile/certstor_flatfile.cpp30
-rw-r--r--src/lib/x509/certstor_flatfile/certstor_flatfile.h11
-rw-r--r--src/lib/x509/certstor_system_linux/certstor_linux.cpp18
-rw-r--r--src/lib/x509/certstor_system_linux/certstor_linux.h27
-rw-r--r--src/lib/x509/certstor_system_linux/info.txt16
-rw-r--r--src/tests/test_certstor_linux.cpp20
7 files changed, 36 insertions, 88 deletions
diff --git a/src/build-data/os/linux.txt b/src/build-data/os/linux.txt
index dfda7ce9f..208e13b9b 100644
--- a/src/build-data/os/linux.txt
+++ b/src/build-data/os/linux.txt
@@ -10,8 +10,6 @@ proc_fs
clock_gettime
getauxval
-linux_certstore
-
# not enabled by default as only available in newer kernel/glibc
#getrandom
diff --git a/src/lib/x509/certstor_flatfile/certstor_flatfile.cpp b/src/lib/x509/certstor_flatfile/certstor_flatfile.cpp
index 261204925..cf0ca2d90 100644
--- a/src/lib/x509/certstor_flatfile/certstor_flatfile.cpp
+++ b/src/lib/x509/certstor_flatfile/certstor_flatfile.cpp
@@ -14,16 +14,22 @@
namespace Botan {
namespace {
-std::vector<secure_vector<uint8_t>> decode_all(DataSource& source)
+std::vector<std::vector<uint8_t>> decode_all_certificates(DataSource& source)
{
- std::vector<secure_vector<uint8_t>> pems;
+ std::vector<std::vector<uint8_t>> pems;
while(!source.end_of_data())
{
std::string label;
+ std::vector<uint8_t> cert;
try
{
- pems.push_back(PEM_Code::decode(source, label));
+ cert = unlock(PEM_Code::decode(source, label));
+
+ if(label == "CERTIFICATE" || label == "X509 CERTIFICATE" || label == "TRUSTED CERTIFICATE")
+ {
+ pems.push_back(cert);
+ }
}
catch(const Decoding_Error&) {}
}
@@ -32,28 +38,34 @@ std::vector<secure_vector<uint8_t>> decode_all(DataSource& source)
}
}
-Flatfile_Certificate_Store::Flatfile_Certificate_Store()
- {
- }
-
Flatfile_Certificate_Store::Flatfile_Certificate_Store(const std::string& file)
{
if(file.empty())
{
- return;
+ throw Invalid_Argument("Flatfile_Certificate_Store::Flatfile_Certificate_Store invalid file path");
}
DataSource_Stream file_stream(file);
- for(const secure_vector<uint8_t> der : decode_all(file_stream))
+ for(const std::vector<uint8_t> der : decode_all_certificates(file_stream))
{
std::shared_ptr<const X509_Certificate> cert = std::make_shared<const X509_Certificate>(der.data(), der.size());
+ if(!cert->is_self_signed() || !cert->is_CA_cert())
+ {
+ throw Invalid_Argument("Flatfile_Certificate_Store::Flatfile_Certificate_Store certificate is not self-signed CA");
+ }
+
m_all_subjects.push_back(cert->subject_dn());
m_dn_to_cert.emplace(cert->subject_dn(), cert);
m_pubkey_sha1_to_cert.emplace(cert->subject_public_key_bitstring_sha1(), cert);
m_subject_dn_sha256_to_cert.emplace(cert->raw_subject_dn_sha256(), cert);
}
+
+ if(m_all_subjects.empty())
+ {
+ throw Invalid_Argument("Flatfile_Certificate_Store::Flatfile_Certificate_Store cert file is empty");
+ }
}
std::vector<X509_DN> Flatfile_Certificate_Store::all_subjects() const
diff --git a/src/lib/x509/certstor_flatfile/certstor_flatfile.h b/src/lib/x509/certstor_flatfile/certstor_flatfile.h
index 8ecca9401..611bd3895 100644
--- a/src/lib/x509/certstor_flatfile/certstor_flatfile.h
+++ b/src/lib/x509/certstor_flatfile/certstor_flatfile.h
@@ -19,11 +19,13 @@ namespace Botan {
/**
* Certificate Store that is backed by a file of PEMs of trusted CAs.
*/
-class BOTAN_PUBLIC_API(2, 11) Flatfile_Certificate_Store : public Certificate_Store
+class BOTAN_PUBLIC_API(2, 11) Flatfile_Certificate_Store final : public Certificate_Store
{
public:
- Flatfile_Certificate_Store();
-
+ /**
+ * Construct a new Certificate_Store given a file path to a file including
+ * PEMs of trusted self-signed CAs.
+ */
Flatfile_Certificate_Store(const std::string& file);
Flatfile_Certificate_Store(const Flatfile_Certificate_Store&) = default;
@@ -59,9 +61,6 @@ class BOTAN_PUBLIC_API(2, 11) Flatfile_Certificate_Store : public Certificate_St
std::shared_ptr<const X509_Certificate>
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
- /**
- * @throws Botan::Not_Implemented
- */
std::shared_ptr<const X509_Certificate>
find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
diff --git a/src/lib/x509/certstor_system_linux/certstor_linux.cpp b/src/lib/x509/certstor_system_linux/certstor_linux.cpp
deleted file mode 100644
index dcd325933..000000000
--- a/src/lib/x509/certstor_system_linux/certstor_linux.cpp
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-* Certificate Store
-* (C) 1999-2019 Jack Lloyd
-* (C) 2019 Patrick Schmidt
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/build.h>
-
-#include <botan/certstor_linux.h>
-
-namespace Botan {
-Certificate_Store_Linux::Certificate_Store_Linux() :
- Flatfile_Certificate_Store(BOTAN_LINUX_CERTSTORE_DEFAULT_FILE)
- {
- }
-}
diff --git a/src/lib/x509/certstor_system_linux/certstor_linux.h b/src/lib/x509/certstor_system_linux/certstor_linux.h
deleted file mode 100644
index d92364da9..000000000
--- a/src/lib/x509/certstor_system_linux/certstor_linux.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-* Certificate Store
-* (C) 1999-2019 Jack Lloyd
-* (C) 2019 Patrick Schmidt
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_CERT_STORE_SYSTEM_LINUX_H_
-#define BOTAN_CERT_STORE_SYSTEM_LINUX_H_
-
-#include <botan/certstor_flatfile.h>
-
-namespace Botan {
-
-/**
-* Certificate Store that is backed by a file of PEMs of trusted CAs located at
-* BOTAN_LINUX_CERTSTORE_DEFAULT_FILE.
-*/
-class BOTAN_PUBLIC_API(2, 11) Certificate_Store_Linux final : public Flatfile_Certificate_Store
- {
- public:
- Certificate_Store_Linux();
- };
-}
-
-#endif
diff --git a/src/lib/x509/certstor_system_linux/info.txt b/src/lib/x509/certstor_system_linux/info.txt
deleted file mode 100644
index 53a82dbb6..000000000
--- a/src/lib/x509/certstor_system_linux/info.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-<defines>
-CERTSTOR_LINUX -> 20190402
-</defines>
-
-<os_features>
-linux_certstore
-</os_features>
-
-<requires>
-certstor_flatfile
-</requires>
-
-<header:public>
-certstor_linux.h
-</header:public>
-
diff --git a/src/tests/test_certstor_linux.cpp b/src/tests/test_certstor_linux.cpp
index 5cd991a44..05114231b 100644
--- a/src/tests/test_certstor_linux.cpp
+++ b/src/tests/test_certstor_linux.cpp
@@ -7,10 +7,10 @@
#include "tests.h"
-#if defined(BOTAN_HAS_CERTSTOR_LINUX)
+#if defined(BOTAN_HAS_CERTSTOR_FLATFILE) && defined(BOTAN_SYSTEM_CERT_BUNDLE)
#include "test_certstor_utils.h"
-#include <botan/certstor_linux.h>
+#include <botan/certstor_flatfile.h>
#include <botan/ber_dec.h>
#include <botan/der_enc.h>
#include <botan/hex.h>
@@ -26,7 +26,7 @@ Test::Result open_certificate_store()
try
{
result.start_timer();
- Botan::Certificate_Store_Linux unused;
+ Botan::Flatfile_Certificate_Store unused(BOTAN_SYSTEM_CERT_BUNDLE);
result.end_timer();
result.test_gt("found some certificates", unused.all_subjects().size(), 0);
}
@@ -47,7 +47,7 @@ Test::Result find_certificate_by_pubkey_sha1()
try
{
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto cert = certstore.find_cert_by_pubkey_sha1(get_key_id());
result.end_timer();
@@ -65,7 +65,7 @@ Test::Result find_certificate_by_pubkey_sha1()
result.test_throws("on invalid SHA1 hash data", [&]
{
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
certstore.find_cert_by_pubkey_sha1({});
});
@@ -81,7 +81,7 @@ Test::Result find_cert_by_subject_dn()
auto dn = get_dn();
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto cert = certstore.find_cert(dn, std::vector<uint8_t>());
result.end_timer();
@@ -109,7 +109,7 @@ Test::Result find_cert_by_subject_dn_and_key_id()
auto dn = get_dn();
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto cert = certstore.find_cert(dn, get_key_id());
result.end_timer();
@@ -137,7 +137,7 @@ Test::Result find_certs_by_subject_dn_and_key_id()
auto dn = get_dn();
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto certs = certstore.find_all_certs(dn, get_key_id());
result.end_timer();
@@ -164,7 +164,7 @@ Test::Result find_all_subjects()
try
{
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto subjects = certstore.all_subjects();
result.end_timer();
@@ -202,7 +202,7 @@ Test::Result no_certificate_matches()
auto kid = get_unknown_key_id();
result.start_timer();
- Botan::Certificate_Store_Linux certstore;
+ Botan::Flatfile_Certificate_Store certstore(BOTAN_SYSTEM_CERT_BUNDLE);
auto certs = certstore.find_all_certs(dn, kid);
auto cert = certstore.find_cert(dn, kid);
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 04:47:53 +0000