Commit 635efcad authored by Adrien Béraud's avatar Adrien Béraud

certstore: allow to find certificate by name or altname

Refs #76889

Change-Id: I0031894dde39b882e700321843ea48b175c7a6ba
parent 9beb3939
# OPENDHT
OPENDHT_VERSION := a0544e8fcfa98754d695c2af4e1ceddd660e2fe1
OPENDHT_VERSION := db1b9c2f3889ff380f74fcf391389ffc4be48e7e
OPENDHT_URL := https://github.com/savoirfairelinux/opendht/archive/$(OPENDHT_VERSION).tar.gz
PKGS += opendht
......
......@@ -98,6 +98,22 @@ CertificateStore::getCertificate(const std::string& k) const
return cit->second;
}
std::shared_ptr<crypto::Certificate>
CertificateStore::findCertificateByName(const std::string& name, crypto::Certificate::NameType type)
{
std::unique_lock<std::mutex> l(lock_);
for (auto& i : certs_) {
if (i.second->getName() == name)
return i.second;
if (type != crypto::Certificate::NameType::UNKNOWN) {
for (const auto& alt : i.second->getAltNames())
if (alt.first == type and alt.second == name)
return i.second;
}
}
return {};
}
static std::vector<crypto::Certificate>
readCertificates(const std::string& path)
{
......
......@@ -47,6 +47,8 @@ public:
std::vector<std::string> getPinnedCertificates() const;
std::shared_ptr<crypto::Certificate> getCertificate(const std::string& cert_id) const;
std::shared_ptr<crypto::Certificate> findCertificateByName(const std::string& name, crypto::Certificate::NameType type = crypto::Certificate::NameType::UNKNOWN);
std::vector<std::string> pinCertificate(const std::vector<uint8_t>& crt, bool local = true) noexcept;
std::vector<std::string> pinCertificate(crypto::Certificate&& crt, bool local = true);
std::vector<std::string> pinCertificate(std::shared_ptr<crypto::Certificate> crt, bool local = true);
......
......@@ -38,6 +38,8 @@
#include "config.h"
#endif
#include "certstore.h"
#include "fileutils.h"
#include "string_utils.h"
#include "logger.h"
......@@ -1064,8 +1066,12 @@ TlsValidator::CheckResult TlsValidator::getSerialNumber()
*/
TlsValidator::CheckResult TlsValidator::getIssuer()
{
if (not x509crt_->issuer)
if (not x509crt_->issuer) {
auto icrt = CertificateStore::instance().findCertificateByName(x509crt_->getIssuerName());
if (icrt)
return TlsValidator::CheckResult(CheckValues::CUSTOM, icrt->getId().toString());
return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, "");
}
return TlsValidator::CheckResult(CheckValues::CUSTOM, x509crt_->issuer->getId().toString());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment