Coverage Report

Created: 2020-11-21 08:34

/src/botan/build/include/botan/certstor.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Certificate Store
3
* (C) 1999-2010,2013 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#ifndef BOTAN_CERT_STORE_H_
9
#define BOTAN_CERT_STORE_H_
10
11
#include <botan/x509cert.h>
12
#include <botan/x509_crl.h>
13
14
namespace Botan {
15
16
/**
17
* Certificate Store Interface
18
*/
19
class BOTAN_PUBLIC_API(2,0) Certificate_Store
20
   {
21
   public:
22
      virtual ~Certificate_Store();
23
24
      /**
25
      * Find a certificate by Subject DN and (optionally) key identifier
26
      * @param subject_dn the subject's distinguished name
27
      * @param key_id an optional key id
28
      * @return a matching certificate or nullptr otherwise
29
      * If more than one certificate in the certificate store matches, then
30
      * a single value is selected arbitrarily.
31
      */
32
      virtual std::shared_ptr<const X509_Certificate>
33
         find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const;
34
35
      /**
36
      * Find all certificates with a given Subject DN.
37
      * Subject DN and even the key identifier might not be unique.
38
      */
39
      virtual std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
40
         const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0;
41
42
43
      /**
44
      * Find a certificate by searching for one with a matching SHA-1 hash of
45
      * public key. Used for OCSP.
46
      * @param key_hash SHA-1 hash of the subject's public key
47
      * @return a matching certificate or nullptr otherwise
48
      */
49
      virtual std::shared_ptr<const X509_Certificate>
50
         find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0;
51
52
      /**
53
      * Find a certificate by searching for one with a matching SHA-256 hash of
54
      * raw subject name. Used for OCSP.
55
      * @param subject_hash SHA-256 hash of the subject's raw name
56
      * @return a matching certificate or nullptr otherwise
57
      */
58
      virtual std::shared_ptr<const X509_Certificate>
59
         find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0;
60
61
      /**
62
      * Finds a CRL for the given certificate
63
      * @param subject the subject certificate
64
      * @return the CRL for subject or nullptr otherwise
65
      */
66
      virtual std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const;
67
68
      /**
69
      * @return whether the certificate is known
70
      * @param cert certififcate to be searched
71
      */
72
      bool certificate_known(const X509_Certificate& cert) const
73
0
         {
74
0
         return find_cert(cert.subject_dn(), cert.subject_key_id()) != nullptr;
75
0
         }
76
77
      // remove this (used by TLS::Server)
78
      virtual std::vector<X509_DN> all_subjects() const = 0;
79
   };
80
81
/**
82
* In Memory Certificate Store
83
*/
84
class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certificate_Store
85
   {
86
   public:
87
      /**
88
      * Attempt to parse all files in dir (including subdirectories)
89
      * as certificates. Ignores errors.
90
      */
91
      explicit Certificate_Store_In_Memory(const std::string& dir);
92
93
      /**
94
      * Adds given certificate to the store.
95
      */
96
      explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
97
98
      /**
99
      * Create an empty store.
100
      */
101
526
      Certificate_Store_In_Memory() = default;
102
103
      /**
104
      * Add a certificate to the store.
105
      * @param cert certificate to be added
106
      */
107
      void add_certificate(const X509_Certificate& cert);
108
109
      /**
110
      * Add a certificate already in a shared_ptr to the store.
111
      * @param cert certificate to be added
112
      */
113
      void add_certificate(std::shared_ptr<const X509_Certificate> cert);
114
115
      /**
116
      * Add a certificate revocation list (CRL) to the store.
117
      * @param crl CRL to be added
118
      */
119
      void add_crl(const X509_CRL& crl);
120
121
      /**
122
      * Add a certificate revocation list (CRL) to the store as a shared_ptr
123
      * @param crl CRL to be added
124
      */
125
      void add_crl(std::shared_ptr<const X509_CRL> crl);
126
127
      /**
128
      * @return DNs for all certificates managed by the store
129
      */
130
      std::vector<X509_DN> all_subjects() const override;
131
132
      /*
133
      * Find a certificate by Subject DN and (optionally) key identifier
134
      * @return the first certificate that matches
135
      */
136
      std::shared_ptr<const X509_Certificate> find_cert(
137
         const X509_DN& subject_dn,
138
         const std::vector<uint8_t>& key_id) const override;
139
140
      /*
141
      * Find all certificates with a given Subject DN.
142
      * Subject DN and even the key identifier might not be unique.
143
      */
144
      std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
145
         const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
146
147
      std::shared_ptr<const X509_Certificate>
148
         find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
149
150
      std::shared_ptr<const X509_Certificate>
151
         find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
152
153
      /**
154
      * Finds a CRL for the given certificate
155
      */
156
      std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
157
   private:
158
      // TODO: Add indexing on the DN and key id to avoid linear search
159
      std::vector<std::shared_ptr<const X509_Certificate>> m_certs;
160
      std::vector<std::shared_ptr<const X509_CRL>> m_crls;
161
   };
162
163
}
164
165
#endif