Botan
1.11.15
|
00001 /* 00002 * Certificate Store 00003 * (C) 1999-2010,2013 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/certstor.h> 00009 #include <botan/fs.h> 00010 00011 namespace Botan { 00012 00013 const X509_CRL* Certificate_Store::find_crl_for(const X509_Certificate&) const 00014 { 00015 return nullptr; 00016 } 00017 00018 void Certificate_Store_In_Memory::add_certificate(const X509_Certificate& cert) 00019 { 00020 for(size_t i = 0; i != m_certs.size(); ++i) 00021 { 00022 if(m_certs[i] == cert) 00023 return; 00024 } 00025 00026 m_certs.push_back(cert); 00027 } 00028 00029 std::vector<X509_DN> Certificate_Store_In_Memory::all_subjects() const 00030 { 00031 std::vector<X509_DN> subjects; 00032 for(size_t i = 0; i != m_certs.size(); ++i) 00033 subjects.push_back(m_certs[i].subject_dn()); 00034 return subjects; 00035 } 00036 00037 namespace { 00038 00039 const X509_Certificate* 00040 cert_search(const X509_DN& subject_dn, const std::vector<byte>& key_id, 00041 const std::vector<X509_Certificate>& certs) 00042 { 00043 for(size_t i = 0; i != certs.size(); ++i) 00044 { 00045 // Only compare key ids if set in both call and in the cert 00046 if(key_id.size()) 00047 { 00048 std::vector<byte> skid = certs[i].subject_key_id(); 00049 00050 if(skid.size() && skid != key_id) // no match 00051 continue; 00052 } 00053 00054 if(certs[i].subject_dn() == subject_dn) 00055 return &certs[i]; 00056 } 00057 00058 return nullptr; 00059 } 00060 00061 } 00062 00063 const X509_Certificate* 00064 Certificate_Store_In_Memory::find_cert(const X509_DN& subject_dn, 00065 const std::vector<byte>& key_id) const 00066 { 00067 return cert_search(subject_dn, key_id, m_certs); 00068 } 00069 00070 void Certificate_Store_In_Memory::add_crl(const X509_CRL& crl) 00071 { 00072 X509_DN crl_issuer = crl.issuer_dn(); 00073 00074 for(size_t i = 0; i != m_crls.size(); ++i) 00075 { 00076 // Found an update of a previously existing one; replace it 00077 if(m_crls[i].issuer_dn() == crl_issuer) 00078 { 00079 if(m_crls[i].this_update() <= crl.this_update()) 00080 m_crls[i] = crl; 00081 return; 00082 } 00083 } 00084 00085 // Totally new CRL, add to the list 00086 m_crls.push_back(crl); 00087 } 00088 00089 const X509_CRL* Certificate_Store_In_Memory::find_crl_for(const X509_Certificate& subject) const 00090 { 00091 const std::vector<byte>& key_id = subject.authority_key_id(); 00092 00093 for(size_t i = 0; i != m_crls.size(); ++i) 00094 { 00095 // Only compare key ids if set in both call and in the CRL 00096 if(key_id.size()) 00097 { 00098 std::vector<byte> akid = m_crls[i].authority_key_id(); 00099 00100 if(akid.size() && akid != key_id) // no match 00101 continue; 00102 } 00103 00104 if(m_crls[i].issuer_dn() == subject.issuer_dn()) 00105 return &m_crls[i]; 00106 } 00107 00108 return nullptr; 00109 } 00110 00111 Certificate_Store_In_Memory::Certificate_Store_In_Memory(const std::string& dir) 00112 { 00113 if(dir == "") 00114 return; 00115 00116 std::vector<std::string> maybe_certs = list_all_readable_files_in_or_under(dir); 00117 for(auto&& cert_file : maybe_certs) 00118 { 00119 try 00120 { 00121 m_certs.push_back(X509_Certificate(cert_file)); 00122 } 00123 catch(std::exception&) 00124 { 00125 } 00126 } 00127 } 00128 00129 const X509_Certificate* 00130 Certificate_Store_Overlay::find_cert(const X509_DN& subject_dn, 00131 const std::vector<byte>& key_id) const 00132 { 00133 return cert_search(subject_dn, key_id, m_certs); 00134 } 00135 00136 std::vector<X509_DN> Certificate_Store_Overlay::all_subjects() const 00137 { 00138 std::vector<X509_DN> subjects; 00139 for(size_t i = 0; i != m_certs.size(); ++i) 00140 subjects.push_back(m_certs[i].subject_dn()); 00141 return subjects; 00142 } 00143 00144 }