Roxen.git / server / etc / modules / CertDB.pmod

version» Context lines:

Roxen.git/server/etc/modules/CertDB.pmod:6:      //! Certificate Database API      #ifdef SSL3_DEBUG   # define SSL3_WERR(X) report_debug("CertDB: %s\n", X)   #else   # define SSL3_WERR(X)   #endif       + // Some convenience constants. + protected local constant Compound = Standards.ASN1.Types.Compound; + protected local constant Identifier = Standards.ASN1.Types.Identifier; + protected local constant Sequence = Standards.ASN1.Types.Sequence;      //!   array(mapping(string:int|string)) list_keys()   {    Sql.Sql db = DBManager.cached_get("roxen");    return db->typed_query("SELECT * "    " FROM cert_keys "    " ORDER BY id ASC");   }   
Roxen.git/server/etc/modules/CertDB.pmod:38:    Sql.Sql db = DBManager.cached_get("roxen");    array(mapping(string:int|string)) res =    db->typed_query("SELECT * "    " FROM certs "    " WHERE id = %d",    cert_id);    if (!sizeof(res)) return 0;    return res[0];   }    + //! Attempt to create a presentable string from DN. + protected string format_dn(Sequence dn) + { +  mapping(Identifier:string) ids = ([]); +  foreach(dn->elements, Compound pair) +  { +  if(pair->type_name!="SET" || !sizeof(pair)) continue; +  pair = pair[0]; +  if(pair->type_name!="SEQUENCE" || sizeof(pair)!=2) +  continue; +  if(pair[0]->type_name=="OBJECT IDENTIFIER" && +  pair[1]->value && !ids[pair[0]]) +  ids[pair[0]] = pair[1]->value; +  } +  +  string res; +  // NB: Loop backwards to join oun and on before cn. +  foreach(({ Standards.PKCS.Identifiers.at_ids.organizationUnitName, +  Standards.PKCS.Identifiers.at_ids.organizationName, +  Standards.PKCS.Identifiers.at_ids.commonName, +  }); int i; Identifier id) { +  string val = ids[id]; +  if (!val) continue; +  if (res) { +  if (i == 2) { +  res = "(" + res + ")"; +  } +  res = val + " " + res; +  } else { +  res = val; +  } +  } +  return res || "<NO SUITABLE NAME>"; + } +  + protected variant string format_dn(string(8bit) dn) + { +  // FIXME: Support X.509v2? +  Sequence seq = Standards.ASN1.Decode.secure_der_decode(dn, ([])); +  return format_dn(seq); + } +    protected void low_refresh_pem(int pem_id)   {    Sql.Sql db = DBManager.cached_get("roxen");       array(mapping(string:int|string)) tmp =    db->typed_query("SELECT * "    " FROM cert_pem_files "    " WHERE id = %d",    pem_id);    if (!sizeof(tmp)) return;
Roxen.git/server/etc/modules/CertDB.pmod:199:    " ORDER BY id ASC",    key_info->keyhash),    mapping(string:string|int) cert_info) {    if (sizeof(db->query("SELECT * "    " FROM cert_keypairs "    " WHERE cert_id = %d",    cert_info->id))) {    // Keypair already exists.    continue;    } +  string name = format_dn(cert_info->subject); +  if (cert_info->issuer == cert_info->subject) { +  name += " (self-signed)"; +  } else { +  name += " " + format_dn(cert_info->issuer); +  }    db->query("INSERT INTO cert_keypairs " -  " (cert_id, key_id) " -  "VALUES (%d, %d)", -  cert_info->id, key_info->id); +  " (cert_id, key_id, name) " +  "VALUES (%d, %d, %s)", +  cert_info->id, key_info->id, name);    }    } else {    // Zap any stale or update in progress marker for the key.    db->query("UPDATE cert_keys "    " SET pem_id = %d, "    " msg_no = %d "    " WHERE id = %d",    key_info->pem_id, key_info->msg_no,    tmp[0]->id);    }
Roxen.git/server/etc/modules/CertDB.pmod:241:    cert_info->id = db->master_sql->insert_id();       // Check if we have a matching private key.    tmp = db->typed_query("SELECT * "    " FROM cert_keys "    " WHERE keyhash = %s "    " ORDER BY id ASC",    cert_info->keyhash);    if (sizeof(tmp)) {    // FIXME: Key selection policy. +  string name = format_dn(cert_info->subject); +  if (cert_info->issuer == cert_info->subject) { +  name += " (self-signed)"; +  } else { +  name += " " + format_dn(cert_info->issuer); +  }    db->query("INSERT INTO cert_keypairs " -  " (cert_id, key_id) " -  "VALUES (%d, %d)", -  cert_info->id, tmp[0]->id); +  " (cert_id, key_id, name) " +  "VALUES (%d, %d, %s)", +  cert_info->id, tmp[0]->id, name);    }       if (cert_info->subject != cert_info->issuer) {    // Not a self-signed certificate.       // Check if we have the cert that this cert was signed by.    tmp = db->typed_query("SELECT * "    " FROM certs "    " WHERE subject = %s",    cert_info->issuer);