1 files changed, 45 insertions, 33 deletions

diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp
index 10178a526..df4fc3365 100644
--- a/src/lib/x509/certstor.cpp
+++ b/src/lib/x509/certstor.cpp
@@ -13,27 +13,23 @@ namespace Botan {
 
 std::shared_ptr<const X509_CRL> Certificate_Store::find_crl_for(const X509_Certificate&) const
    {
-   return std::shared_ptr<const X509_CRL>();
+   return {};
    }
 
 void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
    {
-   for(size_t i = 0; i != m_certs.size(); ++i)
-      {
-      if(*m_certs[i] == cert)
+   for(const auto& c : m_certs)
+      if(*c == cert)
          return;
-      }
 
    m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
    }
 
 void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
    {
-   for(size_t i = 0; i != m_certs.size(); ++i)
-      {
-      if(*m_certs[i] == *cert)
+   for(const auto& c : m_certs)
+      if(*c == *cert)
          return;
-      }
 
    m_certs.push_back(cert);
    }
@@ -41,8 +37,8 @@ void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Cer
 std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
    {
    std::vector<X509_DN> subjects;
-   for(size_t i = 0; i != m_certs.size(); ++i)
-      subjects.push_back(m_certs[i]->subject_dn());
+   for(const auto& cert : m_certs)
+      subjects.push_back(cert->subject_dn());
    return subjects;
    }
 
@@ -50,22 +46,22 @@ std::shared_ptr<const X509_Certificate>
 Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
                                        const std::vector<uint8_t>& key_id) const
    {
-   for(size_t i = 0; i != m_certs.size(); ++i)
+   for(const auto& cert : m_certs)
       {
       // Only compare key ids if set in both call and in the cert
       if(key_id.size())
          {
-         std::vector<uint8_t> skid = m_certs[i]->subject_key_id();
+         std::vector<uint8_t> skid = cert->subject_key_id();
 
          if(skid.size() && skid != key_id) // no match
             continue;
          }
 
-      if(m_certs[i]->subject_dn() == subject_dn)
-         return m_certs[i];
+      if(cert->subject_dn() == subject_dn)
+         return cert;
       }
 
-   return std::shared_ptr<const X509_Certificate>();
+   return nullptr;
    }
 
 
@@ -75,14 +71,30 @@ Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>
    if(key_hash.size() != 20)
       throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
 
-   for(size_t i = 0; i != m_certs.size(); ++i)
-      {
-      const std::vector<uint8_t> hash_i = m_certs[i]->subject_public_key_bitstring_sha1();
-      if(key_hash == hash_i)
-         {
-         return m_certs[i];
-         }
-      }
+   std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
+
+   for(const auto& cert : m_certs){
+      hash->update(cert->subject_public_key_bitstring());
+      if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
+         return cert;
+   }
+
+   return nullptr;
+   }
+
+std::shared_ptr<const X509_Certificate>
+Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
+   {
+   if(subject_hash.size() != 32)
+      throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
+
+   std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
+
+   for(const auto& cert : m_certs){
+      hash->update(cert->raw_subject_dn());
+      if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
+         return cert;
+   }
 
    return nullptr;
    }
@@ -97,13 +109,13 @@ void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
    {
    X509_DN crl_issuer = crl->issuer_dn();
 
-   for(size_t i = 0; i != m_crls.size(); ++i)
+   for(auto& c : m_crls)
       {
       // Found an update of a previously existing one; replace it
-      if(m_crls[i]->issuer_dn() == crl_issuer)
+      if(c->issuer_dn() == crl_issuer)
          {
-         if(m_crls[i]->this_update() <= crl->this_update())
-            m_crls[i] = crl;
+         if(c->this_update() <= crl->this_update())
+            c = crl;
          return;
          }
       }
@@ -116,22 +128,22 @@ std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const
    {
    const std::vector<uint8_t>& key_id = subject.authority_key_id();
 
-   for(size_t i = 0; i != m_crls.size(); ++i)
+   for(const auto& c : m_crls)
       {
       // Only compare key ids if set in both call and in the CRL
       if(key_id.size())
          {
-         std::vector<uint8_t> akid = m_crls[i]->authority_key_id();
+         std::vector<uint8_t> akid = c->authority_key_id();
 
          if(akid.size() && akid != key_id) // no match
             continue;
          }
 
-      if(m_crls[i]->issuer_dn() == subject.issuer_dn())
-         return m_crls[i];
+      if(c->issuer_dn() == subject.issuer_dn())
+         return c;
       }
 
-   return std::shared_ptr<const X509_CRL>();
+   return {};
    }
 
 Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& cert)