/src/botan/build/include/botan/certstor.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Certificate Store |
3 | | * (C) 1999-2010,2013 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_CERT_STORE_H_ |
9 | | #define BOTAN_CERT_STORE_H_ |
10 | | |
11 | | #include <botan/x509cert.h> |
12 | | #include <botan/x509_crl.h> |
13 | | #include <optional> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | /** |
18 | | * Certificate Store Interface |
19 | | */ |
20 | | class BOTAN_PUBLIC_API(2,0) Certificate_Store |
21 | | { |
22 | | public: |
23 | | virtual ~Certificate_Store(); |
24 | | |
25 | | /** |
26 | | * Find a certificate by Subject DN and (optionally) key identifier |
27 | | * @param subject_dn the subject's distinguished name |
28 | | * @param key_id an optional key id |
29 | | * @return a matching certificate or nullopt otherwise |
30 | | * If more than one certificate in the certificate store matches, then |
31 | | * a single value is selected arbitrarily. |
32 | | */ |
33 | | virtual std::optional<X509_Certificate> |
34 | | find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const; |
35 | | |
36 | | /** |
37 | | * Find all certificates with a given Subject DN. |
38 | | * Subject DN and even the key identifier might not be unique. |
39 | | */ |
40 | | virtual std::vector<X509_Certificate> find_all_certs( |
41 | | const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const = 0; |
42 | | |
43 | | |
44 | | /** |
45 | | * Find a certificate by searching for one with a matching SHA-1 hash of |
46 | | * public key. Used for OCSP. |
47 | | * @param key_hash SHA-1 hash of the subject's public key |
48 | | * @return a matching certificate or nullopt otherwise |
49 | | */ |
50 | | virtual std::optional<X509_Certificate> |
51 | | find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0; |
52 | | |
53 | | /** |
54 | | * Find a certificate by searching for one with a matching SHA-256 hash of |
55 | | * raw subject name. Used for OCSP. |
56 | | * @param subject_hash SHA-256 hash of the subject's raw name |
57 | | * @return a matching certificate or nullopt otherwise |
58 | | */ |
59 | | virtual std::optional<X509_Certificate> |
60 | | find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const = 0; |
61 | | |
62 | | /** |
63 | | * Finds a CRL for the given certificate |
64 | | * @param subject the subject certificate |
65 | | * @return the CRL for subject or nullopt otherwise |
66 | | */ |
67 | | virtual std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const; |
68 | | |
69 | | /** |
70 | | * @return whether the certificate is known |
71 | | * @param cert certififcate to be searched |
72 | | */ |
73 | | bool certificate_known(const X509_Certificate& cert) const |
74 | 0 | { |
75 | 0 | return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value(); |
76 | 0 | } |
77 | | |
78 | | // remove this (used by TLS::Server) |
79 | | virtual std::vector<X509_DN> all_subjects() const = 0; |
80 | | }; |
81 | | |
82 | | /** |
83 | | * In Memory Certificate Store |
84 | | */ |
85 | | class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certificate_Store |
86 | | { |
87 | | public: |
88 | | /** |
89 | | * Attempt to parse all files in dir (including subdirectories) |
90 | | * as certificates. Ignores errors. |
91 | | */ |
92 | | explicit Certificate_Store_In_Memory(const std::string& dir); |
93 | | |
94 | | /** |
95 | | * Adds given certificate to the store. |
96 | | */ |
97 | | explicit Certificate_Store_In_Memory(const X509_Certificate& cert); |
98 | | |
99 | | /** |
100 | | * Create an empty store. |
101 | | */ |
102 | 574 | Certificate_Store_In_Memory() = default; |
103 | | |
104 | | /** |
105 | | * Add a certificate to the store. |
106 | | * @param cert certificate to be added |
107 | | */ |
108 | | void add_certificate(const X509_Certificate& cert); |
109 | | |
110 | | /** |
111 | | * Add a certificate revocation list (CRL) to the store. |
112 | | * @param crl CRL to be added |
113 | | */ |
114 | | void add_crl(const X509_CRL& crl); |
115 | | |
116 | | /** |
117 | | * @return DNs for all certificates managed by the store |
118 | | */ |
119 | | std::vector<X509_DN> all_subjects() const override; |
120 | | |
121 | | /* |
122 | | * Find a certificate by Subject DN and (optionally) key identifier |
123 | | * @return the first certificate that matches |
124 | | */ |
125 | | std::optional<X509_Certificate> find_cert( |
126 | | const X509_DN& subject_dn, |
127 | | const std::vector<uint8_t>& key_id) const override; |
128 | | |
129 | | /* |
130 | | * Find all certificates with a given Subject DN. |
131 | | * Subject DN and even the key identifier might not be unique. |
132 | | */ |
133 | | std::vector<X509_Certificate> find_all_certs( |
134 | | const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override; |
135 | | |
136 | | std::optional<X509_Certificate> |
137 | | find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; |
138 | | |
139 | | std::optional<X509_Certificate> |
140 | | find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override; |
141 | | |
142 | | /** |
143 | | * Finds a CRL for the given certificate |
144 | | */ |
145 | | std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override; |
146 | | private: |
147 | | // TODO: Add indexing on the DN and key id to avoid linear search |
148 | | std::vector<X509_Certificate> m_certs; |
149 | | std::vector<X509_CRL> m_crls; |
150 | | }; |
151 | | |
152 | | } |
153 | | |
154 | | #endif |