aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/x509/certstor.cpp62
-rw-r--r--src/lib/x509/certstor.h47
-rw-r--r--src/lib/x509/certstor_sql/certstor_sql.cpp7
-rw-r--r--src/lib/x509/certstor_sql/certstor_sql.h3
4 files changed, 64 insertions, 55 deletions
diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp
index 24cd84de7..51abf640a 100644
--- a/src/lib/x509/certstor.cpp
+++ b/src/lib/x509/certstor.cpp
@@ -7,6 +7,7 @@
#include <botan/certstor.h>
#include <botan/internal/filesystem.h>
+#include <botan/hash.h>
namespace Botan {
@@ -23,7 +24,18 @@ void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
return;
}
- m_certs.push_back(std::make_shared<X509_Certificate>(cert));
+ m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
+ }
+
+void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
+ {
+ for(size_t i = 0; i != m_certs.size(); ++i)
+ {
+ if(*m_certs[i] == *cert)
+ return;
+ }
+
+ m_certs.push_back(cert);
}
std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
@@ -34,38 +46,45 @@ std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
return subjects;
}
-namespace {
-
-template<typename T>
std::shared_ptr<const X509_Certificate>
-cert_search(const X509_DN& subject_dn, const std::vector<byte>& key_id,
- const std::vector<std::shared_ptr<T>>& certs)
+Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
+ const std::vector<byte>& key_id) const
{
- for(size_t i = 0; i != certs.size(); ++i)
+ for(size_t i = 0; i != m_certs.size(); ++i)
{
// Only compare key ids if set in both call and in the cert
if(key_id.size())
{
- std::vector<byte> skid = certs[i]->subject_key_id();
+ std::vector<byte> skid = m_certs[i]->subject_key_id();
if(skid.size() && skid != key_id) // no match
continue;
}
- if(certs[i]->subject_dn() == subject_dn)
- return certs[i];
+ if(m_certs[i]->subject_dn() == subject_dn)
+ return m_certs[i];
}
return std::shared_ptr<const X509_Certificate>();
}
-}
std::shared_ptr<const X509_Certificate>
-Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
- const std::vector<byte>& key_id) const
+Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const
{
- return cert_search(subject_dn, key_id, m_certs);
+ if(key_hash.size() != 20)
+ throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
+
+ for(size_t i = 0; i != m_certs.size(); ++i)
+ {
+ const std::vector<byte> hash_i = m_certs[i]->subject_public_key_bitstring_sha1();
+ if(key_hash == hash_i)
+ {
+ return m_certs[i];
+ }
+ }
+
+ return nullptr;
}
void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
@@ -134,19 +153,4 @@ Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir)
}
#endif
-std::shared_ptr<const X509_Certificate>
-Certificate_Store_Overlay::find_cert(const X509_DN& subject_dn,
- const std::vector<byte>& key_id) const
- {
- return cert_search(subject_dn, key_id, m_certs);
- }
-
-std::vector<X509_DN> Certificate_Store_Overlay::all_subjects() const
- {
- std::vector<X509_DN> subjects;
- for(size_t i = 0; i != m_certs.size(); ++i)
- subjects.push_back(m_certs[i]->subject_dn());
- return subjects;
- }
-
}
diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h
index 56176739b..07f02dfd2 100644
--- a/src/lib/x509/certstor.h
+++ b/src/lib/x509/certstor.h
@@ -31,6 +31,15 @@ class BOTAN_DLL Certificate_Store
find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const = 0;
/**
+ * Find a certificate by searching for one with a matching SHA-1 hash of
+ * public key. Used for OCSP.
+ * @param key_hash SHA-1 hash of the subject's public key
+ * @return a matching certificate or nullptr otherwise
+ */
+ virtual std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const = 0;
+
+ /**
* Finds a CRL for the given certificate
* @param subject the subject certificate
* @return the CRL for subject or nullptr otherwise
@@ -79,6 +88,12 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
void add_certificate(const X509_Certificate& cert);
/**
+ * Add a certificate already in a shared_ptr to the store.
+ * @param cert certificate to be added
+ */
+ void add_certificate(std::shared_ptr<const X509_Certificate> cert);
+
+ /**
* Add a certificate revocation list (CRL) to the store.
* @param crl CRL to be added
*/
@@ -96,39 +111,19 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store
const X509_DN& subject_dn,
const std::vector<byte>& key_id) const override;
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override;
+
/**
* Finds a CRL for the given certificate
*/
std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
private:
// TODO: Add indexing on the DN and key id to avoid linear search
- std::vector<std::shared_ptr<X509_Certificate>> m_certs;
- std::vector<std::shared_ptr<X509_CRL>> m_crls;
- };
-
-/**
-* FIXME add doc
-*/
-class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store
- {
- public:
- explicit Certificate_Store_Overlay(const std::vector<std::shared_ptr<const X509_Certificate>>& certs) :
- m_certs(certs) {}
-
- /**
- * @return DNs for all certificates managed by the store
- */
- std::vector<X509_DN> all_subjects() const override;
-
- /**
- * Find a certificate by Subject DN and (optionally) key identifier
- */
- std::shared_ptr<const X509_Certificate> find_cert(
- const X509_DN& subject_dn,
- const std::vector<byte>& key_id) const override;
- private:
- const std::vector<std::shared_ptr<const X509_Certificate>>& m_certs;
+ std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
+ std::vector<std::shared_ptr<const X509_CRL>> m_crls;
};
}
+
#endif
diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp
index dfb8c5d78..4dceae305 100644
--- a/src/lib/x509/certstor_sql/certstor_sql.cpp
+++ b/src/lib/x509/certstor_sql/certstor_sql.cpp
@@ -78,6 +78,13 @@ Certificate_Store_In_SQL::find_cert(const X509_DN& subject_dn, const std::vector
return cert;
}
+std::shared_ptr<const X509_Certificate>
+Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector<byte>& /*key_hash*/) const
+ {
+ // TODO!
+ return nullptr;
+ }
+
std::shared_ptr<const X509_CRL>
Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const
{
diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h
index 0025884f9..0f493c56b 100644
--- a/src/lib/x509/certstor_sql/certstor_sql.h
+++ b/src/lib/x509/certstor_sql/certstor_sql.h
@@ -41,6 +41,9 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store
virtual std::shared_ptr<const X509_Certificate>
find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const override;
+ std::shared_ptr<const X509_Certificate>
+ find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override;
+
/**
* Returns all subject DNs known to the store instance.
*/