From 04ca56c95e152edf1f2a49bc1a4be5b64a5774a7 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sun, 10 Sep 2006 03:37:57 +0000 Subject: Completely rewrite how the default X509_Store searches are performed, exposing the actual search objects to the user rather than wrapping them in functions. Primarily this is to avoid the Visual Studio bug alluded to in the last commit. --- src/x509find.cpp | 127 ++++++++++++++++++------------------------------------- 1 file changed, 41 insertions(+), 86 deletions(-) (limited to 'src/x509find.cpp') diff --git a/src/x509find.cpp b/src/x509find.cpp index 9a6f75fe4..10fe57afb 100644 --- a/src/x509find.cpp +++ b/src/x509find.cpp @@ -3,22 +3,14 @@ * (C) 1999-2006 The Botan Project * *************************************************/ -#include +#include #include #include -#include namespace Botan { -namespace X509_Store_Search { - namespace { -/************************************************* -* Comparison Function Pointer * -*************************************************/ -typedef bool (*compare_fn)(const std::string&, const std::string&); - /************************************************* * Compare based on case-insensive substrings * *************************************************/ @@ -43,112 +35,75 @@ bool ignore_case(const std::string& searching_for, const std::string& found) searching_for.begin(), Charset::caseless_cmp); } +} + /************************************************* * Search based on the contents of a DN entry * *************************************************/ -class DN_Check : public X509_Store::Search_Func +bool DN_Check::match(const X509_Certificate& cert) const { - public: - bool match(const X509_Certificate& cert) const - { - std::vector info = cert.subject_info(dn_entry); - - for(u32bit j = 0; j != info.size(); ++j) - if(compare(info[j], looking_for)) - return true; - return false; - } - - DN_Check(const std::string& entry, const std::string& target, - compare_fn func) : - compare(func), dn_entry(entry), looking_for(target) {} - private: - compare_fn compare; - const std::string dn_entry; - const std::string looking_for; - }; + std::vector info = cert.subject_info(dn_entry); -} + for(u32bit j = 0; j != info.size(); ++j) + if(compare(info[j], looking_for)) + return true; + return false; + } /************************************************* -* Search for a certificate by email address * +* DN_Check Constructor * *************************************************/ -std::vector by_email(const X509_Store& store, - const std::string& email) +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + compare_fn func) { - DN_Check search_params("RFC822", email, ignore_case); - return store.get_certs(search_params); + this->dn_entry = dn_entry; + this->looking_for = looking_for; + compare = func; } /************************************************* -* Search for a certificate by CommonName * +* DN_Check Constructor * *************************************************/ -std::vector by_name(const X509_Store& store, - const std::string& name) +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + Search_Type method) { - DN_Check search_params("CommonName", name, substring_match); - return store.get_certs(search_params); + this->dn_entry = dn_entry; + this->looking_for = looking_for; + + if(method == SUBSTRING_MATCHING) + compare = &substring_match; + else if(method == IGNORE_CASE) + compare = &ignore_case; + else + throw Invalid_Argument("Unknown method argument to DN_Check()"); } /************************************************* -* Search for a certificate by DNS name * +* Match by issuer and serial number * *************************************************/ -std::vector by_dns(const X509_Store& store, - const std::string& dns) +bool IandS_Match::match(const X509_Certificate& cert) const { - DN_Check search_params("DNS", dns, ignore_case); - return store.get_certs(search_params); + if(cert.serial_number() != serial) + return false; + return (cert.issuer_dn() == issuer); } /************************************************* -* Search for a certificate by issuer/serial * +* IandS_Match Constructor * *************************************************/ -std::vector by_iands(const X509_Store& store, - const X509_DN& issuer, - const MemoryRegion& serial) +IandS_Match::IandS_Match(const X509_DN& issuer, + const MemoryRegion& serial) { - class IandS_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const - { - if(cert.serial_number() != serial) - return false; - return (cert.issuer_dn() == issuer); - } - IandS_Match(const X509_DN& i, const MemoryRegion& s) : - issuer(i), serial(s) {} - private: - X509_DN issuer; - MemoryVector serial; - }; - - IandS_Match search_params(issuer, serial); - return store.get_certs(search_params); + this->issuer = issuer; + this->serial = serial; } /************************************************* -* Search for a certificate by subject keyid * +* Match by subject key identifier * *************************************************/ -std::vector by_SKID(const X509_Store& store, - const MemoryRegion& skid) +bool SKID_Match::match(const X509_Certificate& cert) const { - class SKID_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const - { - return (cert.subject_key_id() == skid); - } - SKID_Match(const MemoryRegion& s) : skid(s) {} - private: - MemoryVector skid; - }; - - SKID_Match search_params(skid); - return store.get_certs(search_params); + return (cert.subject_key_id() == skid); } } - -} -- cgit v1.2.3