From 341fd32b46363cad4c2caee3fca166695100ba07 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 3 Nov 2016 10:30:13 -0400 Subject: Move cert/x509 to top level and pem and pbes2 to pubkey. The `cert` dir was just an artifact of having previously supported CVC (smartcard cert format), removed a long time ago. The pem and pbes2 code is directly related to the pubkey code, in fact the only caller of pbes2 (likely anywhere, not just in the library) is in pkcs8.cpp --- src/lib/x509/certstor.h | 134 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 src/lib/x509/certstor.h (limited to 'src/lib/x509/certstor.h') diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h new file mode 100644 index 000000000..56176739b --- /dev/null +++ b/src/lib/x509/certstor.h @@ -0,0 +1,134 @@ +/* +* Certificate Store +* (C) 1999-2010,2013 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_CERT_STORE_H__ +#define BOTAN_CERT_STORE_H__ + +#include +#include + +namespace Botan { + +/** +* Certificate Store Interface +*/ +class BOTAN_DLL Certificate_Store + { + public: + virtual ~Certificate_Store() {} + + /** + * Find a certificate by Subject DN and (optionally) key identifier + * @param subject_dn the subject's distinguished name + * @param key_id an optional key id + * @return a matching certificate or nullptr otherwise + */ + virtual std::shared_ptr + find_cert(const X509_DN& subject_dn, const std::vector& key_id) const = 0; + + /** + * Finds a CRL for the given certificate + * @param subject the subject certificate + * @return the CRL for subject or nullptr otherwise + */ + virtual std::shared_ptr find_crl_for(const X509_Certificate& subject) const; + + /** + * @return whether the certificate is known + * @param cert certififcate to be searched + */ + bool certificate_known(const X509_Certificate& cert) const + { + return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr; + } + + // remove this (used by TLS::Server) + virtual std::vector all_subjects() const = 0; + }; + +/** +* In Memory Certificate Store +*/ +class BOTAN_DLL Certificate_Store_In_Memory : public Certificate_Store + { + public: + /** + * Attempt to parse all files in dir (including subdirectories) + * as certificates. Ignores errors. + */ + explicit Certificate_Store_In_Memory(const std::string& dir); + + /** + * Adds given certificate to the store. + */ + explicit Certificate_Store_In_Memory(const X509_Certificate& cert); + + /** + * Create an empty store. + */ + Certificate_Store_In_Memory() {} + + /** + * Add a certificate to the store. + * @param cert certificate to be added + */ + void add_certificate(const X509_Certificate& cert); + + /** + * Add a certificate revocation list (CRL) to the store. + * @param crl CRL to be added + */ + void add_crl(const X509_CRL& crl); + + /** + * @return DNs for all certificates managed by the store + */ + std::vector all_subjects() const override; + + /* + * Find a certificate by Subject DN and (optionally) key identifier + */ + std::shared_ptr find_cert( + const X509_DN& subject_dn, + const std::vector& key_id) const override; + + /** + * Finds a CRL for the given certificate + */ + std::shared_ptr find_crl_for(const X509_Certificate& subject) const override; + private: + // TODO: Add indexing on the DN and key id to avoid linear search + std::vector> m_certs; + std::vector> m_crls; + }; + +/** +* FIXME add doc +*/ +class BOTAN_DLL Certificate_Store_Overlay : public Certificate_Store + { + public: + explicit Certificate_Store_Overlay(const std::vector>& certs) : + m_certs(certs) {} + + /** + * @return DNs for all certificates managed by the store + */ + std::vector all_subjects() const override; + + /** + * Find a certificate by Subject DN and (optionally) key identifier + */ + std::shared_ptr find_cert( + const X509_DN& subject_dn, + const std::vector& key_id) const override; + private: + const std::vector>& m_certs; + }; + +} +#endif -- cgit v1.2.3