bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert)
{
if(find_cert(cert.subject_dn(),cert.subject_key_id()))
return false;
DER_Encoder enc;
auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " +
m_prefix + "certificates (\
fingerprint, \
subject_dn, \
key_id, \
priv_fingerprint, \
certificate \
) VALUES ( ?1, ?2, ?3, ?4, ?5 )");
stmt->bind(1,cert.fingerprint("SHA-256"));
cert.subject_dn().encode_into(enc);
stmt->bind(2,enc.get_contents_unlocked());
stmt->bind(3,cert.subject_key_id());
stmt->bind(4,std::vector<uint8_t>());
enc = DER_Encoder();
cert.encode_into(enc);
stmt->bind(5,enc.get_contents_unlocked());
stmt->spin();
return true;
}
Request::Request(const X509_Certificate& issuer_cert,
const X509_Certificate& subject_cert) :
m_issuer(issuer_cert),
m_certid(m_issuer, BigInt::decode(subject_cert.serial_number()))
{
if(subject_cert.issuer_dn() != issuer_cert.subject_dn())
throw Invalid_Argument("Invalid cert pair to OCSP::Request (mismatched issuer,subject args?)");
}
bool Certificate_Store_In_SQL::remove_cert(const X509_Certificate& cert)
{
if(!find_cert(cert.subject_dn(),cert.subject_key_id()))
return false;
auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "certificates WHERE fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
stmt->spin();
return true;
}
Response online_check(const X509_Certificate& issuer,
const X509_Certificate& subject,
Certificate_Store* trusted_roots,
std::chrono::milliseconds timeout)
{
if(subject.issuer_dn() != issuer.subject_dn())
throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)");
return online_check(issuer,
BigInt::decode(subject.serial_number()),
subject.ocsp_responder(),
trusted_roots,
timeout);
}
GeneralName::MatchResult GeneralName::matches(const X509_Certificate& cert) const
{
std::vector<std::string> nam;
std::function<bool(const GeneralName*,const std::string&)> match_fn;
if(type() == "DNS")
{
match_fn = std::mem_fn(&GeneralName::matches_dns);
nam = cert.subject_info("DNS");
if(nam.empty())
{
nam = cert.subject_info("CN");
}
}
else if(type() == "DN")
{
match_fn = std::mem_fn(&GeneralName::matches_dn);
std::stringstream ss;
ss << cert.subject_dn();
nam.push_back(ss.str());
}
else if(type() == "IP")
{
match_fn = std::mem_fn(&GeneralName::matches_ip);
nam = cert.subject_info("IP");
}
else
{
return MatchResult::UnknownType;
}
if(nam.empty())
{
return MatchResult::NotFound;
}
bool some = false;
bool all = true;
for(const std::string& n: nam)
{
bool m = match_fn(this,n);
some |= m;
all &= m;
}
if(all)
{
return MatchResult::All;
}
else if(some)
{
return MatchResult::Some;
}
else
{
return MatchResult::None;
}
}
