1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
/*
* Certificate Store in SQL
* (C) 2016 Kai Michaelis, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_CERT_STORE_SQL_H_
#define BOTAN_CERT_STORE_SQL_H_
#include <botan/certstor.h>
#include <botan/x509cert.h>
#include <botan/x509_crl.h>
#include <botan/database.h>
#include <botan/mutex.h>
namespace Botan {
class Private_Key;
class RandomNumberGenerator;
/**
* Certificate and private key store backed by an SQL database.
*/
class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_SQL : public Certificate_Store
{
public:
/**
* Create/open a certificate store.
* @param db underlying database storage
* @param passwd password to encrypt private keys in the database
* @param rng used for encrypting keys
* @param table_prefix optional prefix for db table names
*/
explicit Certificate_Store_In_SQL(const std::shared_ptr<SQL_Database> db,
const std::string& passwd,
RandomNumberGenerator& rng,
const std::string& table_prefix = "");
/**
* Returns the first certificate with matching subject DN and optional key ID.
*/
std::shared_ptr<const X509_Certificate>
find_cert(const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
/*
* Find all certificates with a given Subject DN.
* Subject DN and even the key identifier might not be unique.
*/
std::vector<std::shared_ptr<const X509_Certificate>> find_all_certs(
const X509_DN& subject_dn, const std::vector<uint8_t>& key_id) const override;
std::shared_ptr<const X509_Certificate>
find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;
std::shared_ptr<const X509_Certificate>
find_cert_by_raw_subject_dn_sha256(const std::vector<uint8_t>& subject_hash) const override;
/**
* Returns all subject DNs known to the store instance.
*/
std::vector<X509_DN> all_subjects() const override;
/**
* Inserts "cert" into the store, returns false if the certificate is
* already known and true if insertion was successful.
*/
bool insert_cert(const X509_Certificate& cert);
/**
* Removes "cert" from the store. Returns false if the certificate could not
* be found and true if removal was successful.
*/
bool remove_cert(const X509_Certificate& cert);
/// Returns the private key for "cert" or an empty shared_ptr if none was found.
std::shared_ptr<const Private_Key> find_key(const X509_Certificate&) const;
/// Returns all certificates for private key "key".
std::vector<std::shared_ptr<const X509_Certificate>>
find_certs_for_key(const Private_Key& key) const;
/**
* Inserts "key" for "cert" into the store, returns false if the key is
* already known and true if insertion was successful.
*/
bool insert_key(const X509_Certificate& cert, const Private_Key& key);
/// Removes "key" from the store.
void remove_key(const Private_Key& key);
/// Marks "cert" as revoked starting from "time".
void revoke_cert(const X509_Certificate&, CRL_Code, const X509_Time& time = X509_Time());
/// Reverses the revokation for "cert".
void affirm_cert(const X509_Certificate&);
/**
* Generates Certificate Revocation Lists for all certificates marked as revoked.
* A CRL is returned for each unique issuer DN.
*/
std::vector<X509_CRL> generate_crls() const;
/**
* Generates a CRL for all certificates issued by the given issuer.
*/
std::shared_ptr<const X509_CRL>
find_crl_for(const X509_Certificate& issuer) const override;
private:
RandomNumberGenerator& m_rng;
std::shared_ptr<SQL_Database> m_database;
std::string m_prefix;
std::string m_password;
mutex_type m_mutex;
};
}
#endif
|
