/src/botan/src/lib/x509/certstor.cpp

Source (jump to first uncovered line)
/*
* Certificate Store
* (C) 1999-2010,2013 Jack Lloyd
* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/certstor.h>
#include <botan/internal/filesystem.h>
#include <botan/hash.h>
#include <botan/data_src.h>

namespace Botan {

std::shared_ptr<const X509_CRL> Certificate_Store::find_crl_for(const X509_Certificate&) const
   {
   return {};
   }

void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
   {
   for(const auto& c : m_certs)
      if(*c == cert)
         return;

   m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
   }

void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
   {
   for(const auto& c : m_certs)
      if(*c == *cert)
         return;

   m_certs.push_back(cert);
   }

std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
   {
   std::vector<X509_DN> subjects;
   for(const auto& cert : m_certs)
      subjects.push_back(cert->subject_dn());
   return subjects;
   }

std::shared_ptr<const X509_Certificate>
Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
                                       const std::vector<uint8_t>& key_id) const
   {
   for(const auto& cert : m_certs)
      {
      // Only compare key ids if set in both call and in the cert
      if(key_id.size())
         {
         std::vector<uint8_t> skid = cert->subject_key_id();

         if(skid.size() && skid != key_id) // no match
            continue;
         }

      if(cert->subject_dn() == subject_dn)
         return cert;
      }

   return nullptr;
   }

std::vector<std::shared_ptr<const X509_Certificate>> Certificate_Store_In_Memory::find_all_certs(
      const X509_DN& subject_dn,
      const std::vector<uint8_t>& key_id) const
   {
   std::vector<std::shared_ptr<const X509_Certificate>> matches;

   for(const auto& cert : m_certs)
      {
      if(key_id.size())
         {
         std::vector<uint8_t> skid = cert->subject_key_id();

         if(skid.size() && skid != key_id) // no match
            continue;
         }

      if(cert->subject_dn() == subject_dn)
         matches.push_back(cert);
      }

   return matches;
   }

std::shared_ptr<const X509_Certificate>
Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const
   {
   if(key_hash.size() != 20)
      throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");

   std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));

   for(const auto& cert : m_certs){
      hash->update(cert->subject_public_key_bitstring());
      if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
         return cert;
   }

   return nullptr;
   }

std::shared_ptr<const X509_Certificate>
Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
   {
   if(subject_hash.size() != 32)
      throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");

   std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));

   for(const auto& cert : m_certs){
      hash->update(cert->raw_subject_dn());
      if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
         return cert;
   }

   return nullptr;
   }

void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
   {
   std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
   return add_crl(crl_s);
   }

void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
   {
   X509_DN crl_issuer = crl->issuer_dn();

   for(auto& c : m_crls)
      {
      // Found an update of a previously existing one; replace it
      if(c->issuer_dn() == crl_issuer)
         {
         if(c->this_update() <= crl->this_update())
            c = crl;
         return;
         }
      }

   // Totally new CRL, add to the list
   m_crls.push_back(crl);
   }

std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
   {
   const std::vector<uint8_t>& key_id = subject.authority_key_id();

   for(const auto& c : m_crls)
      {
      // Only compare key ids if set in both call and in the CRL
      if(key_id.size())
         {
         std::vector<uint8_t> akid = c->authority_key_id();

         if(akid.size() && akid != key_id) // no match
            continue;
         }

      if(c->issuer_dn() == subject.issuer_dn())
         return c;
      }

   return {};
   }

Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& cert)
   {
   add_certificate(cert);
   }

#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir)
   {
   if(dir.empty())
      return;

   std::vector<std::string> maybe_certs = get_files_recursive(dir);

   if(maybe_certs.empty())
      {
      maybe_certs.push_back(dir);
      }

   for(auto&& cert_file : maybe_certs)
      {
      try
         {
         DataSource_Stream src(cert_file, true);
         while(!src.end_of_data())
            {
            try
               {
               m_certs.push_back(std::make_shared<X509_Certificate>(src));
               }
            catch(std::exception&)
               {
               // stop searching for other certificate at first exception
               break;
               }
            }
         }
      catch(std::exception&)
         {
         }
      }
   }
#endif

}

Coverage Report

Created: 2019-12-03 15:21

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Certificate Store
3		* (C) 1999-2010,2013 Jack Lloyd
4		* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#include <botan/certstor.h>
10		#include <botan/internal/filesystem.h>
11		#include <botan/hash.h>
12		#include <botan/data_src.h>
13
14		namespace Botan {
15
16		std::shared_ptr<const X509_CRL> Certificate_Store::find_crl_for(const X509_Certificate&) const
17	0	{
18	0	return {};
19	0	}
20
21		void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
22	0	{
23	0	for(const auto& c : m_certs)
24	0	if(*c == cert)
25	0	return;
26	0
27	0	m_certs.push_back(std::make_shared<const X509_Certificate>(cert));
28	0	}
29
30		void Certificate_Store_In_Memory::add_certificate(std::shared_ptr<const X509_Certificate> cert)
31	876	{
32	876	for(const auto& c : m_certs)
33	1.22k	if(c == cert)
34	11	return;
35	876
36	876	m_certs.push_back(cert);
37	865	}
38
39		std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
40	0	{
41	0	std::vector<X509_DN> subjects;
42	0	for(const auto& cert : m_certs)
43	0	subjects.push_back(cert->subject_dn());
44	0	return subjects;
45	0	}
46
47		std::shared_ptr<const X509_Certificate>
48		Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
49		const std::vector<uint8_t>& key_id) const
50	0	{
51	0	for(const auto& cert : m_certs)
52	0	{
53	0	// Only compare key ids if set in both call and in the cert
54	0	if(key_id.size())
55	0	{
56	0	std::vector<uint8_t> skid = cert->subject_key_id();
57	0
58	0	if(skid.size() && skid != key_id) // no match
59	0	continue;
60	0	}
61	0
62	0	if(cert->subject_dn() == subject_dn)
63	0	return cert;
64	0	}
65	0
66	0	return nullptr;
67	0	}
68
69		std::vector<std::shared_ptr<const X509_Certificate>> Certificate_Store_In_Memory::find_all_certs(
70		const X509_DN& subject_dn,
71		const std::vector<uint8_t>& key_id) const
72	3.96k	{
73	3.96k	std::vector<std::shared_ptr<const X509_Certificate>> matches;
74	3.96k
75	3.96k	for(const auto& cert : m_certs)
76	13.3k	{
77	13.3k	if(key_id.size())
78	6.48k	{
79	6.48k	std::vector<uint8_t> skid = cert->subject_key_id();
80	6.48k
81	6.48k	if(skid.size() && skid != key_id) // no match
82	2.16k	continue;
83	11.1k	}
84	11.1k
85	11.1k	if(cert->subject_dn() == subject_dn)
86	8.53k	matches.push_back(cert);
87	11.1k	}
88	3.96k
89	3.96k	return matches;
90	3.96k	}
91
92		std::shared_ptr<const X509_Certificate>
93		Certificate_Store_In_Memory::find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const
94	0	{
95	0	if(key_hash.size() != 20)
96	0	throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_pubkey_sha1 invalid hash");
97	0
98	0	std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
99	0
100	0	for(const auto& cert : m_certs){
101	0	hash->update(cert->subject_public_key_bitstring());
102	0	if(key_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
103	0	return cert;
104	0	}
105	0
106	0	return nullptr;
107	0	}
108
109		std::shared_ptr<const X509_Certificate>
110		Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const
111	0	{
112	0	if(subject_hash.size() != 32)
113	0	throw Invalid_Argument("Certificate_Store_In_Memory::find_cert_by_raw_subject_dn_sha256 invalid hash");
114	0
115	0	std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
116	0
117	0	for(const auto& cert : m_certs){
118	0	hash->update(cert->raw_subject_dn());
119	0	if(subject_hash == hash->final_stdvec()) //final_stdvec also clears the hash to initial state
120	0	return cert;
121	0	}
122	0
123	0	return nullptr;
124	0	}
125
126		void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
127	0	{
128	0	std::shared_ptr<const X509_CRL> crl_s = std::make_shared<const X509_CRL>(crl);
129	0	return add_crl(crl_s);
130	0	}
131
132		void Certificate_Store_In_Memory::add_crl(std::shared_ptr<const X509_CRL> crl)
133	0	{
134	0	X509_DN crl_issuer = crl->issuer_dn();
135	0
136	0	for(auto& c : m_crls)
137	0	{
138	0	// Found an update of a previously existing one; replace it
139	0	if(c->issuer_dn() == crl_issuer)
140	0	{
141	0	if(c->this_update() <= crl->this_update())
142	0	c = crl;
143	0	return;
144	0	}
145	0	}
146	0
147	0	// Totally new CRL, add to the list
148	0	m_crls.push_back(crl);
149	0	}
150
151		std::shared_ptr<const X509_CRL> Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
152	0	{
153	0	const std::vector<uint8_t>& key_id = subject.authority_key_id();
154	0
155	0	for(const auto& c : m_crls)
156	0	{
157	0	// Only compare key ids if set in both call and in the CRL
158	0	if(key_id.size())
159	0	{
160	0	std::vector<uint8_t> akid = c->authority_key_id();
161	0
162	0	if(akid.size() && akid != key_id) // no match
163	0	continue;
164	0	}
165	0
166	0	if(c->issuer_dn() == subject.issuer_dn())
167	0	return c;
168	0	}
169	0
170	0	return {};
171	0	}
172
173		Certificate_Store_In_Memory::Certificate_Store_In_Memory(const X509_Certificate& cert)
174	0	{
175	0	add_certificate(cert);
176	0	}
177
178		#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
179		Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir)
180	0	{
181	0	if(dir.empty())
182	0	return;
183	0
184	0	std::vector<std::string> maybe_certs = get_files_recursive(dir);
185	0
186	0	if(maybe_certs.empty())
187	0	{
188	0	maybe_certs.push_back(dir);
189	0	}
190	0
191	0	for(auto&& cert_file : maybe_certs)
192	0	{
193	0	try
194	0	{
195	0	DataSource_Stream src(cert_file, true);
196	0	while(!src.end_of_data())
197	0	{
198	0	try
199	0	{
200	0	m_certs.push_back(std::make_shared<X509_Certificate>(src));
201	0	}
202	0	catch(std::exception&)
203	0	{
204	0	// stop searching for other certificate at first exception
205	0	break;
206	0	}
207	0	}
208	0	}
209	0	catch(std::exception&)
210	0	{
211	0	}
212	0	}
213	0	}
214		#endif
215
216		}