Branch: Tag:

2014-04-28

2014-04-28 15:49:33 by Martin Nilsson <nilsson@opera.com>

Added partial subjectAltName support.

563:       protected mapping extension_types = ([    .PKCS.Identifiers.ce_ids.authorityKeyIdentifier : ([ -  make_combined_tag(2,0) : OctetString, +  make_combined_tag(2,0) : OctetString, // keyIdentifier    ]), -  +  .PKCS.Identifiers.ce_ids.subjectAltName : ([ +  make_combined_tag(2,2) : IA5String, // dNSName +  make_combined_tag(2,7) : OctetString, // iPAddress +  ]),    ]);       //! The raw ASN.1 objects from which @[extensions] and @[critical]
863:    EXT(subjectKeyIdentifier); // 2.5.29.14    EXT(keyUsage); // 2.5.29.15    EXT(extKeyUsage); // 2.5.29.37 +  EXT(subjectAltName); // 2.5.29.17   #undef EXT    }    }
993:    {    if( o->type_name!="SEQUENCE" )    return 0; +  Sequence s = [object(Sequence)]o;    -  ext_extKeyUsage = o->elements; +  ext_extKeyUsage = s->elements;    return 1;    }    -  +  array(string) ext_subjectAltName_dNSName; +  +  array(string) ext_subjectAltName_iPAddress; +  +  protected int(0..1) parse_subjectAltName(Object o) +  { +  if( o->type_name!="SEQUENCE" ) +  return 0; +  Sequence s = [object(Sequence)]o; +  +  foreach(s->elements, Object o) +  { +  switch(o->type_name) +  { +  case "IA5STRING": +  if(!ext_subjectAltName_dNSName) +  ext_subjectAltName_dNSName = ({}); +  ext_subjectAltName_dNSName += ({ o->value }); +  break; +  case "OCTET STRING": +  if(!ext_subjectAltName_iPAddress) +  ext_subjectAltName_iPAddress = ({}); +  ext_subjectAltName_iPAddress += ({ o->value }); +  break;    } -  +  }    -  +  return 1; +  } +  + } +    //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, and @[extensions] is optionally added to the sequence.