diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/x509/certstor.cpp | 62 | ||||
-rw-r--r-- | src/lib/x509/certstor.h | 47 | ||||
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.cpp | 7 | ||||
-rw-r--r-- | src/lib/x509/certstor_sql/certstor_sql.h | 3 |
4 files changed, 64 insertions, 55 deletions
diff --git a/src/lib/x509/certstor.cpp b/src/lib/x509/certstor.cpp index 24cd84de7..51abf640a 100644 --- a/src/lib/x509/certstor.cpp +++ b/src/lib/x509/certstor.cpp @@ -7,6 +7,7 @@ #include <botan/certstor.h> #include <botan/internal/filesystem.h> +#include <botan/hash.h> namespace Botan { @@ -23,7 +24,18 @@ void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert) return; } - m_certs.push_back(std::make_shared<X509_Certificate>(cert)); + m_certs.push_back(std::make_shared<const X509_Certificate>(cert)); + } + +void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert) + { + for(size_t i = 0; i != m_certs.size(); ++i) + { + if(*m_certs[i] == *cert) + return; + } + + m_certs.push_back(cert); } std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const @@ -34,38 +46,45 @@ std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const return subjects; } -namespace { - -template<typename T> std::shared_ptr<const X509_Certificate> -cert_search(const X509_DN& subject_dn, const std::vector<byte>& key_id, - const std::vector<std::shared_ptr<T>>& certs) +Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn, + const std::vector<byte>& key_id) const { - for(size_t i = 0; i != certs.size(); ++i) + for(size_t i = 0; i != m_certs.size(); ++i) { // Only compare key ids if set in both call and in the cert if(key_id.size()) { - std::vector<byte> skid = certs[i]->subject_key_id(); + std::vector<byte> skid = m_certs[i]->subject_key_id(); if(skid.size() && skid != key_id) // no match continue; } - if(certs[i]->subject_dn() == subject_dn) - return certs[i]; + if(m_certs[i]->subject_dn() == subject_dn) + return m_certs[i]; } return std::shared_ptr<const X509_Certificate>(); } -} std::shared_ptr<const X509_Certificate> -Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn, - const std::vector<byte>& key_id) const +Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const { - return cert_search(subject_dn, key_id, m_certs); + if(key_hash.size() != 20) + throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash"); + + for(size_t i = 0; i != m_certs.size(); ++i) + { + const std::vector<byte> hash_i = m_certs[i]->subject_public_key_bitstring_sha1(); + if(key_hash == hash_i) + { + return m_certs[i]; + } + } + + return nullptr; } void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl) @@ -134,19 +153,4 @@ Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir) } #endif -std::shared_ptr<const X509_Certificate> -Certificate_Store_Overlay::find_cert(const X509_DN& subject_dn, - const std::vector<byte>& key_id) const - { - return cert_search(subject_dn, key_id, m_certs); - } - -std::vector<X509_DN> Certificate_Store_Overlay::all_subjects() const - { - std::vector<X509_DN> subjects; - for(size_t i = 0; i != m_certs.size(); ++i) - subjects.push_back(m_certs[i]->subject_dn()); - return subjects; - } - } diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h index 56176739b..07f02dfd2 100644 --- a/src/lib/x509/certstor.h +++ b/src/lib/x509/certstor.h @@ -31,6 +31,15 @@ class BOTAN_DLL Certificate_Store find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const = 0; /** + * Find a certificate by searching for one with a matching SHA-1 hash of + * public key. Used for OCSP. + * @param key_hash SHA-1 hash of the subject's public key + * @return a matching certificate or nullptr otherwise + */ + virtual std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const = 0; + + /** * Finds a CRL for the given certificate * @param subject the subject certificate * @return the CRL for subject or nullptr otherwise @@ -79,6 +88,12 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store void add_certificate(const X509_Certificate& cert); /** + * Add a certificate already in a shared_ptr to the store. + * @param cert certificate to be added + */ + void add_certificate(std::shared_ptr<const X509_Certificate> cert); + + /** * Add a certificate revocation list (CRL) to the store. * @param crl CRL to be added */ @@ -96,39 +111,19 @@ class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store const X509_DN& subject_dn, const std::vector<byte>& key_id) const override; + std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override; + /** * Finds a CRL for the given certificate */ std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override; private: // TODO: Add indexing on the DN and key id to avoid linear search - std::vector<std::shared_ptr<X509_Certificate>> m_certs; - std::vector<std::shared_ptr<X509_CRL>> m_crls; - }; - -/** -* FIXME add doc -*/ -class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store - { - public: - explicit Certificate_Store_Overlay(const std::vector<std::shared_ptr<const X509_Certificate>>& certs) : - m_certs(certs) {} - - /** - * @return DNs for all certificates managed by the store - */ - std::vector<X509_DN> all_subjects() const override; - - /** - * Find a certificate by Subject DN and (optionally) key identifier - */ - std::shared_ptr<const X509_Certificate> find_cert( - const X509_DN& subject_dn, - const std::vector<byte>& key_id) const override; - private: - const std::vector<std::shared_ptr<const X509_Certificate>>& m_certs; + std::vector<std::shared_ptr<const X509_Certificate>> m_certs; + std::vector<std::shared_ptr<const X509_CRL>> m_crls; }; } + #endif diff --git a/src/lib/x509/certstor_sql/certstor_sql.cpp b/src/lib/x509/certstor_sql/certstor_sql.cpp index dfb8c5d78..4dceae305 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.cpp +++ b/src/lib/x509/certstor_sql/certstor_sql.cpp @@ -78,6 +78,13 @@ Certificate_Store_In_SQL::find_cert(const X509_DN& subject_dn, const std::vector return cert; } +std::shared_ptr<const X509_Certificate> +Certificate_Store_In_SQL::find_cert_by_pubkey_sha1(const std::vector<byte>& /*key_hash*/) const + { + // TODO! + return nullptr; + } + std::shared_ptr<const X509_CRL> Certificate_Store_In_SQL::find_crl_for(const X509_Certificate& subject) const { diff --git a/src/lib/x509/certstor_sql/certstor_sql.h b/src/lib/x509/certstor_sql/certstor_sql.h index 0025884f9..0f493c56b 100644 --- a/src/lib/x509/certstor_sql/certstor_sql.h +++ b/src/lib/x509/certstor_sql/certstor_sql.h @@ -41,6 +41,9 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store virtual std::shared_ptr<const X509_Certificate> find_cert(const X509_DN& subject_dn, const std::vector<byte>& key_id) const override; + std::shared_ptr<const X509_Certificate> + find_cert_by_pubkey_sha1(const std::vector<byte>& key_hash) const override; + /** * Returns all subject DNs known to the store instance. */ |