diff options
Diffstat (limited to 'src/lib/x509/certstor.h')
| -rw-r--r-- | src/lib/x509/certstor.h | 47 |
1 files changed, 18 insertions, 29 deletions
diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h index 6901589d2..0752e908f 100644 --- a/src/lib/x509/certstor.h +++ b/src/lib/x509/certstor.h @@ -10,6 +10,7 @@ #include <botan/x509cert.h> #include <botan/x509_crl.h> +#include <optional> namespace Botan { @@ -25,18 +26,18 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store * Find a certificate by Subject DN and (optionally) key identifier * @param subject_dn the subject's distinguished name * @param key_id an optional key id - * @return a matching certificate or nullptr otherwise + * @return a matching certificate or nullopt otherwise * If more than one certificate in the certificate store matches, then * a single value is selected arbitrarily. */ - virtual std::shared_ptr<const X509_Certificate> + virtual std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const; /** * Find all certificates with a given Subject DN. * Subject DN and even the key identifier might not be unique. */ - virtual std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs( + virtual std::vector<X509_Certificate> find_all_certs( const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0; @@ -44,26 +45,26 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store * Find a certificate by searching for one with a matching SHA-1 hash of * public key. Used for OCSP. * @param key_hash SHA-1 hash of the subject's public key - * @return a matching certificate or nullptr otherwise + * @return a matching certificate or nullopt otherwise */ - virtual std::shared_ptr<const X509_Certificate> + virtual std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0; /** * Find a certificate by searching for one with a matching SHA-256 hash of * raw subject name. Used for OCSP. * @param subject_hash SHA-256 hash of the subject's raw name - * @return a matching certificate or nullptr otherwise + * @return a matching certificate or nullopt otherwise */ - virtual std::shared_ptr<const X509_Certificate> + virtual std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0; /** * Finds a CRL for the given certificate * @param subject the subject certificate - * @return the CRL for subject or nullptr otherwise + * @return the CRL for subject or nullopt otherwise */ - virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const; + virtual std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const; /** * @return whether the certificate is known @@ -71,7 +72,7 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store */ bool certificate_known(const X509_Certificate& cert) const { - return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr; + return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value(); } // remove this (used by TLS::Server) @@ -107,24 +108,12 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certifica void add_certificate(const X509_Certificate& cert); /** - * Add a certificate already in a shared_ptr to the store. - * @param cert certificate to be added - */ - void add_certificate(std::shared_ptr<const X509_Certificate> cert); - - /** * Add a certificate revocation list (CRL) to the store. * @param crl CRL to be added */ void add_crl(const X509_CRL& crl); /** - * Add a certificate revocation list (CRL) to the store as a shared_ptr - * @param crl CRL to be added - */ - void add_crl(std::shared_ptr<const X509_CRL> crl); - - /** * @return DNs for all certificates managed by the store */ std::vector<X509_DN> all_subjects() const override; @@ -133,7 +122,7 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certifica * Find a certificate by Subject DN and (optionally) key identifier * @return the first certificate that matches */ - std::shared_ptr<const X509_Certificate> find_cert( + std::optional<X509_Certificate> find_cert( const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; @@ -141,23 +130,23 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certifica * Find all certificates with a given Subject DN. * Subject DN and even the key identifier might not be unique. */ - std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs( + std::vector<X509_Certificate> find_all_certs( const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; - std::shared_ptr<const X509_Certificate> + std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; - std::shared_ptr<const X509_Certificate> + std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; /** * Finds a CRL for the given certificate */ - std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override; + std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override; private: // TODO: Add indexing on the DN and key id to avoid linear search - std::vector<std::shared_ptr<const X509_Certificate>> m_certs; - std::vector<std::shared_ptr<const X509_CRL>> m_crls; + std::vector<X509_Certificate> m_certs; + std::vector<X509_CRL> m_crls; }; } |