/src/botan/build/include/public/botan/certstor.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Certificate Store |
3 | | * (C) 1999-2010,2013 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_CERT_STORE_H_ |
9 | | #define BOTAN_CERT_STORE_H_ |
10 | | |
11 | | #include <botan/x509_crl.h> |
12 | | #include <botan/x509cert.h> |
13 | | #include <optional> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | /** |
18 | | * Certificate Store Interface |
19 | | */ |
20 | | class BOTAN_PUBLIC_API(2, 0) Certificate_Store { |
21 | | public: |
22 | | virtual ~Certificate_Store(); |
23 | | |
24 | | /** |
25 | | * Find a certificate by Subject DN and (optionally) key identifier |
26 | | * @param subject_dn the subject's distinguished name |
27 | | * @param key_id an optional key id |
28 | | * @return a matching certificate or nullopt otherwise |
29 | | * If more than one certificate in the certificate store matches, then |
30 | | * a single value is selected arbitrarily. |
31 | | */ |
32 | | virtual std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn, |
33 | | const std::vector<uint8_t>& key_id) const; |
34 | | |
35 | | /** |
36 | | * Find all certificates with a given Subject DN. |
37 | | * Subject DN and even the key identifier might not be unique. |
38 | | */ |
39 | | virtual std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn, |
40 | | const std::vector<uint8_t>& key_id) const = 0; |
41 | | |
42 | | /** |
43 | | * Find a certificate by searching for one with a matching SHA-1 hash of |
44 | | * public key. Used for OCSP. |
45 | | * @param key_hash SHA-1 hash of the subject's public key |
46 | | * @return a matching certificate or nullopt otherwise |
47 | | */ |
48 | | virtual std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const = 0; |
49 | | |
50 | | /** |
51 | | * Find a certificate by searching for one with a matching SHA-256 hash of |
52 | | * raw subject name. Used for OCSP. |
53 | | * @param subject_hash SHA-256 hash of the subject's raw name |
54 | | * @return a matching certificate or nullopt otherwise |
55 | | */ |
56 | | virtual std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256( |
57 | | const std::vector<uint8_t>& subject_hash) const = 0; |
58 | | |
59 | | /** |
60 | | * Finds a CRL for the given certificate |
61 | | * @param subject the subject certificate |
62 | | * @return the CRL for subject or nullopt otherwise |
63 | | */ |
64 | | virtual std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const; |
65 | | |
66 | | /** |
67 | | * @return whether the certificate is known |
68 | | * @param cert certififcate to be searched |
69 | | */ |
70 | 0 | bool certificate_known(const X509_Certificate& cert) const { |
71 | 0 | return find_cert(cert.subject_dn(), cert.subject_key_id()).has_value(); |
72 | 0 | } |
73 | | |
74 | | // remove this (used by TLS::Server) |
75 | | virtual std::vector<X509_DN> all_subjects() const = 0; |
76 | | }; |
77 | | |
78 | | /** |
79 | | * In Memory Certificate Store |
80 | | */ |
81 | | class BOTAN_PUBLIC_API(2, 0) Certificate_Store_In_Memory final : public Certificate_Store { |
82 | | public: |
83 | | /** |
84 | | * Attempt to parse all files in dir (including subdirectories) |
85 | | * as certificates. Ignores errors. |
86 | | */ |
87 | | explicit Certificate_Store_In_Memory(std::string_view dir); |
88 | | |
89 | | /** |
90 | | * Adds given certificate to the store. |
91 | | */ |
92 | | explicit Certificate_Store_In_Memory(const X509_Certificate& cert); |
93 | | |
94 | | /** |
95 | | * Create an empty store. |
96 | | */ |
97 | 1.29k | Certificate_Store_In_Memory() = default; |
98 | | |
99 | | /** |
100 | | * Add a certificate to the store. |
101 | | * @param cert certificate to be added |
102 | | */ |
103 | | void add_certificate(const X509_Certificate& cert); |
104 | | |
105 | | /** |
106 | | * Add a certificate revocation list (CRL) to the store. |
107 | | * @param crl CRL to be added |
108 | | */ |
109 | | void add_crl(const X509_CRL& crl); |
110 | | |
111 | | /** |
112 | | * @return DNs for all certificates managed by the store |
113 | | */ |
114 | | std::vector<X509_DN> all_subjects() const override; |
115 | | |
116 | | /* |
117 | | * Find a certificate by Subject DN and (optionally) key identifier |
118 | | * @return the first certificate that matches |
119 | | */ |
120 | | std::optional<X509_Certificate> find_cert(const X509_DN& subject_dn, |
121 | | const std::vector<uint8_t>& key_id) const override; |
122 | | |
123 | | /* |
124 | | * Find all certificates with a given Subject DN. |
125 | | * Subject DN and even the key identifier might not be unique. |
126 | | */ |
127 | | std::vector<X509_Certificate> find_all_certs(const X509_DN& subject_dn, |
128 | | const std::vector<uint8_t>& key_id) const override; |
129 | | |
130 | | std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override; |
131 | | |
132 | | std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256( |
133 | | const std::vector<uint8_t>& subject_hash) const override; |
134 | | |
135 | | /** |
136 | | * Finds a CRL for the given certificate |
137 | | */ |
138 | | std::optional<X509_CRL> find_crl_for(const X509_Certificate& subject) const override; |
139 | | |
140 | | private: |
141 | | // TODO: Add indexing on the DN and key id to avoid linear search |
142 | | std::vector<X509_Certificate> m_certs; |
143 | | std::vector<X509_CRL> m_crls; |
144 | | }; |
145 | | |
146 | | } // namespace Botan |
147 | | |
148 | | #endif |