blob: 1608aaa1187566c14f9c2ece235e4f41f2a5f7b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
/*
* Certificate Store
* (C) 1999-2019 Jack Lloyd
* (C) 2019 Patrick Schmidt
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_CERT_STORE_FLATFILE_H_
#define BOTAN_CERT_STORE_FLATFILE_H_
#include <botan/certstor.h>
#include <vector>
#include <memory>
#include <map>
namespace Botan {
/**
* Certificate Store that is backed by a file of PEMs of trusted CAs.
*/
class BOTAN_PUBLIC_API(2, 11) Flatfile_Certificate_Store final : public Certificate_Store
{
public:
/**
* Construct a new Certificate_Store given a file path to a file including
* PEMs of trusted self-signed CAs.
*
* @param file the name of the file to read certificates from
* @param ignore_non_ca if true, certs that are not self-signed CA certs will
* be ignored. Otherwise (if false), an exception will be thrown instead.
*/
Flatfile_Certificate_Store(const std::string& file, bool ignore_non_ca = false);
Flatfile_Certificate_Store(const Flatfile_Certificate_Store&) = default;
Flatfile_Certificate_Store(Flatfile_Certificate_Store&&) = default;
Flatfile_Certificate_Store& operator=(const Flatfile_Certificate_Store&) = default;
Flatfile_Certificate_Store& operator=(Flatfile_Certificate_Store&&) = default;
/**
* @return DNs for all certificates managed by the store
*/
std::vector<X509_DN> all_subjects() const override;
/**
* Find all certificates with a given Subject DN.
* Subject DN and even the key identifier might not be unique.
*/
std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
/**
* Find a certificate by searching for one with a matching SHA-1 hash of
* public key.
* @return a matching certificate or nullptr otherwise
*/
std::shared_ptr<const X509_Certificate>
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
std::shared_ptr<const X509_Certificate>
find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
/**
* Fetching CRLs is not supported by this certificate store. This will
* always return an empty list.
*/
std::shared_ptr<const X509_CRL> find_crl_for(const X509_Certificate& subject) const override;
private:
std::vector<X509_DN> m_all_subjects;
std::map<X509_DN, std::vector<std::shared_ptr<const X509_Certificate>>> m_dn_to_cert;
std::map<std::vector<uint8_t>, std::shared_ptr<const X509_Certificate>> m_pubkey_sha1_to_cert;
std::map<std::vector<uint8_t>, std::shared_ptr<const X509_Certificate>> m_subject_dn_sha256_to_cert;
};
}
#endif
|
