Botan  1.11.15
src/lib/cert/x509/certstor.cpp
Go to the documentation of this file.
00001 /*
00002 * Certificate Store
00003 * (C) 1999-2010,2013 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/certstor.h>
00009 #include <botan/fs.h>
00010 
00011 namespace Botan {
00012 
00013 const X509_CRL* Certificate_Store::find_crl_for(const X509_Certificate&) const
00014    {
00015    return nullptr;
00016    }
00017 
00018 void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert)
00019    {
00020    for(size_t i = 0; i != m_certs.size(); ++i)
00021       {
00022       if(m_certs[i] == cert)
00023          return;
00024       }
00025 
00026    m_certs.push_back(cert);
00027    }
00028 
00029 std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const
00030    {
00031    std::vector<X509_DN> subjects;
00032    for(size_t i = 0; i != m_certs.size(); ++i)
00033       subjects.push_back(m_certs[i].subject_dn());
00034    return subjects;
00035    }
00036 
00037 namespace {
00038 
00039 const X509_Certificate*
00040 cert_search(const X509_DN& subject_dn, const std::vector<byte>& key_id,
00041             const std::vector<X509_Certificate>& certs)
00042    {
00043    for(size_t i = 0; i != certs.size(); ++i)
00044       {
00045       // Only compare key ids if set in both call and in the cert
00046       if(key_id.size())
00047          {
00048          std::vector<byte> skid = certs[i].subject_key_id();
00049 
00050          if(skid.size() && skid != key_id) // no match
00051             continue;
00052          }
00053 
00054       if(certs[i].subject_dn() == subject_dn)
00055          return &certs[i];
00056       }
00057 
00058    return nullptr;
00059    }
00060 
00061 }
00062 
00063 const X509_Certificate*
00064 Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn,
00065                                        const std::vector<byte>& key_id) const
00066    {
00067    return cert_search(subject_dn, key_id, m_certs);
00068    }
00069 
00070 void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl)
00071    {
00072    X509_DN crl_issuer = crl.issuer_dn();
00073 
00074    for(size_t i = 0; i != m_crls.size(); ++i)
00075       {
00076       // Found an update of a previously existing one; replace it
00077       if(m_crls[i].issuer_dn() == crl_issuer)
00078          {
00079          if(m_crls[i].this_update() <= crl.this_update())
00080             m_crls[i] = crl;
00081          return;
00082          }
00083       }
00084 
00085    // Totally new CRL, add to the list
00086    m_crls.push_back(crl);
00087    }
00088 
00089 const X509_CRL* Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const
00090    {
00091    const std::vector<byte>& key_id = subject.authority_key_id();
00092 
00093    for(size_t i = 0; i != m_crls.size(); ++i)
00094       {
00095       // Only compare key ids if set in both call and in the CRL
00096       if(key_id.size())
00097          {
00098          std::vector<byte> akid = m_crls[i].authority_key_id();
00099 
00100          if(akid.size() && akid != key_id) // no match
00101             continue;
00102          }
00103 
00104       if(m_crls[i].issuer_dn() == subject.issuer_dn())
00105          return &m_crls[i];
00106       }
00107 
00108    return nullptr;
00109    }
00110 
00111 Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir)
00112    {
00113    if(dir == "")
00114       return;
00115 
00116    std::vector<std::string> maybe_certs = list_all_readable_files_in_or_under(dir);
00117    for(auto&& cert_file : maybe_certs)
00118       {
00119       try
00120          {
00121          m_certs.push_back(X509_Certificate(cert_file));
00122          }
00123       catch(std::exception&)
00124          {
00125          }
00126       }
00127    }
00128 
00129 const X509_Certificate*
00130 Certificate_Store_Overlay::find_cert(const X509_DN& subject_dn,
00131                                      const std::vector<byte>& key_id) const
00132    {
00133    return cert_search(subject_dn, key_id, m_certs);
00134    }
00135 
00136 std::vector<X509_DN> Certificate_Store_Overlay::all_subjects() const
00137    {
00138    std::vector<X509_DN> subjects;
00139    for(size_t i = 0; i != m_certs.size(); ++i)
00140       subjects.push_back(m_certs[i].subject_dn());
00141    return subjects;
00142    }
00143 
00144 }