diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/cert/x509/x509find.cpp | 95 | ||||
-rw-r--r-- | src/cert/x509/x509find.h | 58 | ||||
-rw-r--r-- | src/cert/x509/x509stor.cpp | 4 | ||||
-rw-r--r-- | src/cert/x509/x509stor.h | 16 | ||||
-rw-r--r-- | src/cms/cms_dalg.cpp | 5 |
5 files changed, 84 insertions, 94 deletions
diff --git a/src/cert/x509/x509find.cpp b/src/cert/x509/x509find.cpp index 257367da9..41643a94a 100644 --- a/src/cert/x509/x509find.cpp +++ b/src/cert/x509/x509find.cpp @@ -11,6 +11,8 @@ namespace Botan { +namespace X509_Store_Search { + namespace { /* @@ -42,70 +44,65 @@ bool ignore_case(const std::string& searching_for, const std::string& found) /* * Search based on the contents of a DN entry */ -bool DN_Check::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + DN_Search_Type method) { - std::vector<std::string> info = cert.subject_info(dn_entry); - - for(u32bit j = 0; j != info.size(); ++j) - if(compare(info[j], looking_for)) - return true; - return false; - } + if(method == SUBSTRING_MATCHING) + return by_dn(dn_entry, to_find, substring_match); + else if(method == IGNORE_CASE) + return by_dn(dn_entry, to_find, ignore_case); -/* -* DN_Check Constructor -*/ -DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, - compare_fn func) - { - this->dn_entry = dn_entry; - this->looking_for = looking_for; - compare = func; + throw Invalid_Argument("Unknown method argument to by_dn"); } -/* -* DN_Check Constructor -*/ -DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, - Search_Type method) +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + std::function<bool (std::string, std::string)> compare) { - this->dn_entry = dn_entry; - this->looking_for = looking_for; + return [&](const X509_Certificate& cert) + { + std::vector<std::string> info = cert.subject_info(dn_entry); - if(method == SUBSTRING_MATCHING) - compare = &substring_match; - else if(method == IGNORE_CASE) - compare = &ignore_case; - else - throw Invalid_Argument("Unknown method argument to DN_Check()"); + for(u32bit i = 0; i != info.size(); ++i) + if(compare(info[i], to_find)) + return true; + return false; + }; } -/* -* Match by issuer and serial number -*/ -bool IandS_Match::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial) { - if(cert.serial_number() != serial) - return false; - return (cert.issuer_dn() == issuer); + /* Serial number compare is much faster than X.509 DN, and unlikely + to collide even across issuers, so do that first to fail fast + */ + + return [&](const X509_Certificate& cert) + { + if(cert.serial_number() != serial) + return false; + return (cert.issuer_dn() == issuer); + }; } -/* -* IandS_Match Constructor -*/ -IandS_Match::IandS_Match(const X509_DN& issuer, - const MemoryRegion<byte>& serial) +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial) { - this->issuer = issuer; - this->serial = serial; + return by_issuer_and_serial(issuer, BigInt::encode(serial)); } -/* -* Match by subject key identifier -*/ -bool SKID_Match::match(const X509_Certificate& cert) const +std::function<bool (const X509_Certificate&)> +by_skid(const MemoryRegion<byte>& subject_key_id) { - return (cert.subject_key_id() == skid); + return [&](const X509_Certificate& cert) + { + return (cert.subject_key_id() == subject_key_id); + }; } } + +} diff --git a/src/cert/x509/x509find.h b/src/cert/x509/x509find.h index a7a84c7a5..1bf29dfbc 100644 --- a/src/cert/x509/x509find.h +++ b/src/cert/x509/x509find.h @@ -9,51 +9,43 @@ #define BOTAN_X509_CERT_STORE_SEARCH_H__ #include <botan/x509stor.h> +#include <botan/bigint.h> namespace Botan { +namespace X509_Store_Search { + /* * Search based on the contents of a DN entry */ -class BOTAN_DLL DN_Check : public X509_Store::Search_Func - { - public: - typedef bool (*compare_fn)(const std::string&, const std::string&); - enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; +enum DN_Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; - bool match(const X509_Certificate& cert) const; +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + DN_Search_Type method); - DN_Check(const std::string&, const std::string&, compare_fn); - DN_Check(const std::string&, const std::string&, Search_Type); - private: - std::string dn_entry, looking_for; - compare_fn compare; - }; +std::function<bool (const X509_Certificate&)> +by_dn(const std::string& dn_entry, + const std::string& to_find, + std::function<bool (std::string, std::string)> method); -/* -* Search for a certificate by issuer/serial +/** +* Search for certs by issuer + serial number */ -class BOTAN_DLL IandS_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - IandS_Match(const X509_DN&, const MemoryRegion<byte>&); - private: - X509_DN issuer; - MemoryVector<byte> serial; - }; +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const MemoryRegion<byte>& serial); -/* -* Search for a certificate by subject keyid +std::function<bool (const X509_Certificate&)> +by_issuer_and_serial(const X509_DN& issuer, const BigInt& serial); + +/** +* Search for certs by subject key identifier */ -class BOTAN_DLL SKID_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} - private: - MemoryVector<byte> skid; - }; +std::function<bool (const X509_Certificate&)> +by_skid(const MemoryRegion<byte>& subject_key_id); + +} } diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp index 515215a21..364bbac7b 100644 --- a/src/cert/x509/x509stor.cpp +++ b/src/cert/x509/x509stor.cpp @@ -464,12 +464,12 @@ bool X509_Store::is_revoked(const X509_Certificate& cert) const * Retrieve all the certificates in the store */ std::vector<X509_Certificate> -X509_Store::get_certs(const Search_Func& search) const +X509_Store::get_certs(std::function<bool (const X509_Certificate&)> pred) const { std::vector<X509_Certificate> found_certs; for(u32bit j = 0; j != certs.size(); ++j) { - if(search.match(certs[j].cert)) + if(pred(certs[j].cert)) found_certs.push_back(certs[j].cert); } return found_certs; diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h index 4e6037883..ab31663ed 100644 --- a/src/cert/x509/x509stor.h +++ b/src/cert/x509/x509stor.h @@ -11,6 +11,7 @@ #include <botan/x509cert.h> #include <botan/x509_crl.h> #include <botan/certstor.h> +#include <functional> namespace Botan { @@ -48,13 +49,6 @@ enum X509_Code { class BOTAN_DLL X509_Store { public: - class BOTAN_DLL Search_Func - { - public: - virtual bool match(const X509_Certificate&) const = 0; - virtual ~Search_Func() {} - }; - enum Cert_Usage { ANY = 0x00, TLS_SERVER = 0x01, @@ -67,7 +61,13 @@ class BOTAN_DLL X509_Store X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY); - std::vector<X509_Certificate> get_certs(const Search_Func&) const; + /** + * @param match the matching function + * @return list of certs for which match returns true + */ + std::vector<X509_Certificate> + get_certs(std::function<bool (const X509_Certificate&)> match) const; + std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&); std::string PEM_encode() const; diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 7ed793f4f..3e8bdb4fa 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -52,10 +52,11 @@ std::vector<X509_Certificate> get_cert(BER_Decoder& signer_info, iands.decode(issuer); iands.decode(serial); - found = store.get_certs(IandS_Match(issuer, BigInt::encode(serial))); + found = store.get_certs( + X509_Store_Search::by_issuer_and_serial(issuer, serial)); } else if(id.type_tag == 0 && id.class_tag == CONSTRUCTED) - found = store.get_certs(SKID_Match(id.value)); + found = store.get_certs(X509_Store_Search::by_skid(id.value)); else throw Decoding_Error("CMS: Unknown tag for cert identifier"); |