bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert) { if(find_cert(cert.subject_dn(),cert.subject_key_id())) return false; DER_Encoder enc; auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " + m_prefix + "certificates (\ fingerprint, \ subject_dn, \ key_id, \ priv_fingerprint, \ certificate \ ) VALUES ( ?1, ?2, ?3, ?4, ?5 )"); stmt->bind(1,cert.fingerprint("SHA-256")); cert.subject_dn().encode_into(enc); stmt->bind(2,enc.get_contents_unlocked()); stmt->bind(3,cert.subject_key_id()); stmt->bind(4,std::vector<uint8_t>()); enc = DER_Encoder(); cert.encode_into(enc); stmt->bind(5,enc.get_contents_unlocked()); stmt->spin(); return true; }
Request::Request(const X509_Certificate& issuer_cert, const X509_Certificate& subject_cert) : m_issuer(issuer_cert), m_certid(m_issuer, BigInt::decode(subject_cert.serial_number())) { if(subject_cert.issuer_dn() != issuer_cert.subject_dn()) throw Invalid_Argument("Invalid cert pair to OCSP::Request (mismatched issuer,subject args?)"); }
bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert) { if(!find_cert(cert.subject_dn(),cert.subject_key_id())) return false; auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "certificates WHERE fingerprint == ?1"); stmt->bind(1,cert.fingerprint("SHA-256")); stmt->spin(); return true; }
Response online_check(const X509_Certificate& issuer, const X509_Certificate& subject, Certificate_Store* trusted_roots, std::chrono::milliseconds timeout) { if(subject.issuer_dn() != issuer.subject_dn()) throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)"); return online_check(issuer, BigInt::decode(subject.serial_number()), subject.ocsp_responder(), trusted_roots, timeout); }
GeneralName::MatchResult GeneralName::matches(const X509_Certificate& cert) const { std::vector<std::string> nam; std::function<bool(const GeneralName*,const std::string&)> match_fn; if(type() == "DNS") { match_fn = std::mem_fn(&GeneralName::matches_dns); nam = cert.subject_info("DNS"); if(nam.empty()) { nam = cert.subject_info("CN"); } } else if(type() == "DN") { match_fn = std::mem_fn(&GeneralName::matches_dn); std::stringstream ss; ss << cert.subject_dn(); nam.push_back(ss.str()); } else if(type() == "IP") { match_fn = std::mem_fn(&GeneralName::matches_ip); nam = cert.subject_info("IP"); } else { return MatchResult::UnknownType; } if(nam.empty()) { return MatchResult::NotFound; } bool some = false; bool all = true; for(const std::string& n: nam) { bool m = match_fn(this,n); some |= m; all &= m; } if(all) { return MatchResult::All; } else if(some) { return MatchResult::Some; } else { return MatchResult::None; } }