Coverage Report

Created: 2020-05-23 13:54

/src/botan/build/include/botan/certstor.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Store
3
* (C) 1999-2010,2013 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#ifndef BOTAN_CERT_STORE_H_
9
#define BOTAN_CERT_STORE_H_
10
11
#include <botan/x509cert.h>
12
#include <botan/x509_crl.h>
13
14
namespace Botan {
15
16
/**
17
* Certificate Store Interface
18
*/
19
class BOTAN_PUBLIC_API(2,0) Certificate_Store
20
   {
21
   public:
22
626
      virtual ~Certificate_Store() = default;
23
24
      /**
25
      * Find a certificate by Subject DN and (optionally) key identifier
26
      * @param subject_dn the subject's distinguished name
27
      * @param key_id an optional key id
28
      * @return a matching certificate or nullptr otherwise
29
      */
30
      virtual std::shared_ptr<const X509_Certificate>
31
         find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
32
33
      /**
34
      * Find all certificates with a given Subject DN.
35
      * Subject DN and even the key identifier might not be unique.
36
      */
37
      virtual std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
38
         const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
39
40
41
      /**
42
      * Find a certificate by searching for one with a matching SHA-1 hash of
43
      * public key. Used for OCSP.
44
      * @param key_hash SHA-1 hash of the subject's public key
45
      * @return a matching certificate or nullptr otherwise
46
      */
47
      virtual std::shared_ptr<const X509_Certificate>
48
         find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
49
50
      /**
51
      * Find a certificate by searching for one with a matching SHA-256 hash of
52
      * raw subject name. Used for OCSP.
53
      * @param subject_hash SHA-256 hash of the subject's raw name
54
      * @return a matching certificate or nullptr otherwise
55
      */
56
      virtual std::shared_ptr<const X509_Certificate>
57
         find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
58
59
      /**
60
      * Finds a CRL for the given certificate
61
      * @param subject the subject certificate
62
      * @return the CRL for subject or nullptr otherwise
63
      */
64
      virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const;
65
66
      /**
67
      * @return whether the certificate is known
68
      * @param cert certififcate to be searched
69
      */
70
      bool certificate_known(const X509_Certificate& cert) const
71
0
         {
72
0
         return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
73
0
         }
74
75
      // remove this (used by TLS::Server)
76
      virtual std::vector<X509_DN> all_subjects() const = 0;
77
   };
78
79
/**
80
* In Memory Certificate Store
81
*/
82
class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certificate_Store
83
   {
84
   public:
85
      /**
86
      * Attempt to parse all files in dir (including subdirectories)
87
      * as certificates. Ignores errors.
88
      */
89
      explicit Certificate_Store_In_Memory(const std::string& dir);
90
91
      /**
92
      * Adds given certificate to the store.
93
      */
94
      explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
95
96
      /**
97
      * Create an empty store.
98
      */
99
626
      Certificate_Store_In_Memory() = default;
100
101
      /**
102
      * Add a certificate to the store.
103
      * @param cert certificate to be added
104
      */
105
      void add_certificate(const X509_Certificate& cert);
106
107
      /**
108
      * Add a certificate already in a shared_ptr to the store.
109
      * @param cert certificate to be added
110
      */
111
      void add_certificate(std::shared_ptr<const X509_Certificate> cert);
112
113
      /**
114
      * Add a certificate revocation list (CRL) to the store.
115
      * @param crl CRL to be added
116
      */
117
      void add_crl(const X509_CRL& crl);
118
119
      /**
120
      * Add a certificate revocation list (CRL) to the store as a shared_ptr
121
      * @param crl CRL to be added
122
      */
123
      void add_crl(std::shared_ptr<const X509_CRL> crl);
124
125
      /**
126
      * @return DNs for all certificates managed by the store
127
      */
128
      std::vector<X509_DN> all_subjects() const override;
129
130
      /*
131
      * Find a certificate by Subject DN and (optionally) key identifier
132
      * @return the first certificate that matches
133
      */
134
      std::shared_ptr<const X509_Certificate> find_cert(
135
         const X509_DN& subject_dn,
136
         const std::vector<uint8_t>& key_id) const override;
137
138
      /*
139
      * Find all certificates with a given Subject DN.
140
      * Subject DN and even the key identifier might not be unique.
141
      */
142
      std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
143
         const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
144
145
      std::shared_ptr<const X509_Certificate>
146
         find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
147
148
      std::shared_ptr<const X509_Certificate>
149
         find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
150
151
      /**
152
      * Finds a CRL for the given certificate
153
      */
154
      std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
155
   private:
156
      // TODO: Add indexing on the DN and key id to avoid linear search
157
      std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
158
      std::vector<std::shared_ptr<const X509_CRL>> m_crls;
159
   };
160
161
}
162
163
#endif