Branch: Tag:

2015-12-18

2015-12-18 13:52:09 by Martin Nilsson <nilsson@fastmail.com>

Rename preferred_auth_methods to client_auth_methods, and fill it with actual certificate type information.

848:   //! @[get_trusted_issuers()], @[set_trusted_issuers()]   mapping(string(8bit):array(Standards.X509.Verifier)) trusted_issuers_cache = ([]);    - //! For client authentication. Used only if auth_level is AUTH_ask or - //! AUTH_require. - array(int) preferred_auth_methods = - ({ AUTH_rsa_sign }); + //! The possible client authentication methods. Used only if + //! auth_level is AUTH_ask or AUTH_require. Generated by + //! @[set_authorities]. + array(int) client_auth_methods = ({});      // Lookup from issuer DER to an array of suitable @[CertificatePair]s,   // sorted in order of strength.
994:   private void update_authorities()   {    authorities_cache = ({}); +  mapping(int:int) cert_types = ([]);    foreach(authorities, string a) -  authorities_cache += ({ Standards.X509.decode_certificate(a)-> -  subject->get_der() }); +  { +  Standards.X509.TBSCertificate tbs = Standards.X509.decode_certificate(a); +  Standards.ASN1.Types.Identifier id = [object(Standards.ASN1.Types.Identifier)]tbs->algorithm[0]; +  +  // --- START Duplicated code from CertificatePair +  array(HashAlgorithm|SignatureAlgorithm) sign_alg; +  sign_alg = [array(HashAlgorithm|SignatureAlgorithm)]pkcs_der_to_sign_alg[id->get_der()]; +  if (!sign_alg) error("Unknown signature algorithm.\n"); +  +  int cert_type = ([ +  SIGNATURE_rsa: AUTH_rsa_sign, +  SIGNATURE_dsa: AUTH_dss_sign, +  SIGNATURE_ecdsa: AUTH_ecdsa_sign, +  ])[sign_alg[1]]; +  // --- END Duplicated code from CertificatePair +  +  cert_types[cert_type]++; +  authorities_cache += ({ tbs->subject->get_der() });    } -  +  client_auth_methods = indices(cert_types); + }      // update the cached decoded issuers list   private void update_trusted_issuers()