Roxen.git / server / etc / modules / CertDB.pmod

version» Context lines:

Roxen.git/server/etc/modules/CertDB.pmod:11:   #else   # define SSL3_WERR(X ...)   #endif         // Some convenience constants.   protected local constant Compound = Standards.ASN1.Types.Compound;   protected local constant Identifier = Standards.ASN1.Types.Identifier;   protected local constant Sequence = Standards.ASN1.Types.Sequence;    + protected typedef mapping(string:int|string) sql_row; +    //! - array(mapping(string:int|string)) list_keys() + array(sql_row) list_keys()   {    Sql.Sql db = DBManager.cached_get("roxen");    return db->typed_query("SELECT * "    " FROM cert_keys "    " ORDER BY id ASC");   }      //! - array(mapping(string:int|string)) list_keypairs() + array(sql_row) list_keypairs()   {    Sql.Sql db = DBManager.cached_get("roxen");    return db->typed_query("SELECT * "    " FROM cert_keypairs "    " ORDER BY cert_id ASC, key_id ASC");   }      //! - mapping(string:int|string) get_cert(int cert_id) + sql_row get_cert(int cert_id)   {    Sql.Sql db = DBManager.cached_get("roxen");    array(mapping(string:int|string)) res =    db->typed_query("SELECT * "    " FROM certs "    " WHERE id = %d",    cert_id);    if (!sizeof(res)) return 0;    return res[0];   }
Roxen.git/server/etc/modules/CertDB.pmod:88:   {    // FIXME: Support X.509v2?    Sequence seq = Standards.ASN1.Decode.secure_der_decode(dn, ([]));    return format_dn(seq);   }      protected void low_refresh_pem(int pem_id, int|void force)   {    Sql.Sql db = DBManager.cached_get("roxen");    -  array(mapping(string:int|string)) tmp = +  array(sql_row) tmp =    db->typed_query("SELECT * "    " FROM cert_pem_files "    " WHERE id = %d",    pem_id);    if (!sizeof(tmp)) return;    -  mapping(string:int|string) pem_info = tmp[0]; +  sql_row pem_info = tmp[0];    -  array(mapping(string:int|string)) certs = ({}); -  array(mapping(string:int|string)) keys = ({}); +  array(sql_row) certs = ({}); +  array(sql_row) keys = ({});       string pem_file = pem_info->path;       if (!sizeof(pem_file)) return;       string raw_pem;    string pem_hash;       Stdio.Stat st = lfile_stat(pem_file);    if (st) {
Roxen.git/server/etc/modules/CertDB.pmod:230:    SSL3_WERR("Unsupported PEM message: %O\n", msg->pre);    break;    }    }    };    if (err) {    werror("Failed to handle PEM file:\n");    master()->handle_error(err);    }    -  foreach(keys, mapping(string:string|int) key_info) { +  foreach(keys, sql_row key_info) {    tmp = db->typed_query("SELECT * "    " FROM cert_keys "    " WHERE keyhash = %s",    key_info->keyhash);    if (!sizeof(tmp)) {    db->query("INSERT INTO cert_keys "    " (pem_id, msg_no, keyhash, data) "    "VALUES (%d, %d, %s, %s)",    key_info->pem_id, key_info->msg_no,    key_info->keyhash, key_info->data);    key_info->id = db->master_sql->insert_id();       // Check if we have any matching certificates that currently lack keys,    // and add corresponding keypairs.    foreach(db->typed_query("SELECT * "    " FROM certs "    " WHERE keyhash = %s "    " ORDER BY id ASC",    key_info->keyhash), -  mapping(string:string|int) cert_info) { +  sql_row cert_info) {    if (sizeof(db->query("SELECT * "    " FROM cert_keypairs "    " WHERE cert_id = %d",    cert_info->id))) {    // Keypair already exists.    continue;    }    string name = format_dn(cert_info->subject);    if (cert_info->issuer == cert_info->subject) {    name += " (self-signed)";
Roxen.git/server/etc/modules/CertDB.pmod:280:    // Zap any stale or update in progress marker for the key.    db->query("UPDATE cert_keys "    " SET pem_id = %d, "    " msg_no = %d "    " WHERE id = %d",    key_info->pem_id, key_info->msg_no,    tmp[0]->id);    }    }    -  foreach(certs, mapping(string:string|int) cert_info) { +  foreach(certs, sql_row cert_info) {    tmp = db->typed_query("SELECT * "    " FROM certs "    " WHERE keyhash = %s "    " AND subject = %s "    " AND issuer = %s",    cert_info->keyhash,    cert_info->subject,    cert_info->issuer);    if (!sizeof(tmp)) {    db->query("INSERT INTO certs "
Roxen.git/server/etc/modules/CertDB.pmod:422:   //!   //! @note   //! Return value differs from that of @[register_pem_files()].   //!   //! @seealso   //! @[register_pem_files()]   protected int low_register_pem_file(string pem_file, string|void password)   {    Sql.Sql db = DBManager.cached_get("roxen");    -  array(mapping(string:int|string)) row = +  array(sql_row) row =    db->typed_query("SELECT * "    " FROM cert_pem_files "    " WHERE path = %s",    pem_file);    int pem_id;    if (sizeof(row)) {    pem_id = row[0]->id;    if (password && (row[0]->pass != password)) {    db->query("UPDATE cert_pem_files "    " SET pass = %s "
Roxen.git/server/etc/modules/CertDB.pmod:517:    return sort(keypairs);   }      //! Get the private key and the list of certificates given a keypair id.   array(Crypto.Sign.State|array(string)) get_keypair(int keypair_id)   {    // FIXME: Consider having a keypair lookup cache.       Sql.Sql db = DBManager.cached_get("roxen");    -  array(mapping(string:string|int)) tmp = +  array(sql_row) tmp =    db->typed_query("SELECT * "    " FROM cert_keypairs "    " WHERE id = %d",    keypair_id);    if (!sizeof(tmp)) return 0;       int key_id = tmp[0]->key_id;    int cert_id = tmp[0]->cert_id;       tmp = db->typed_query("SELECT * "
Roxen.git/server/etc/modules/CertDB.pmod:564:    certs += ({ tmp[0]->data });    cert_id = tmp[0]->parent;    }    if (!sizeof(certs)) {    SSL3_WERR("Missing certificate (#%d) for keypair %d.\n", cert_id, keypair_id);    return 0;    }       return ({ private_key, certs });   } +  + //! Get metadata for a keypair id. + mapping(string:string|sql_row|array(sql_row)) get_keypair_metadata(int keypair_id) + { +  Sql.Sql db = DBManager.cached_get("roxen"); +  +  array(sql_row) tmp = +  db->typed_query("SELECT * " +  " FROM cert_keypairs " +  " WHERE id = %d", +  keypair_id); +  if (!sizeof(tmp)) return 0; +  +  int key_id = tmp[0]->key_id; +  int cert_id = tmp[0]->cert_id; +  +  mapping(string:string|sql_row|array(sql_row)) res = ([ +  "name": tmp[0]->name, +  ]); +  +  tmp = db->typed_query("SELECT id, pem_id, msg_no, HEX(keyhash) AS keyhash " +  " FROM cert_keys " +  " WHERE id = %d", +  key_id); +  if (sizeof(tmp)) { +  res->key = tmp[0]; +  +  if (tmp[0]->pem_id) { +  tmp = db->typed_query("SELECT path " +  " FROM cert_pem_files " +  " WHERE id = %d", +  tmp[0]->pem_id); +  if (sizeof(tmp)) { +  res->key->pem_path = tmp[0]->path; +  } +  } +  } +  +  while(cert_id) { +  tmp = db->typed_query("SELECT id, HEX(subject) AS subject, " +  " HEX(issuer) AS issuer, parent, " +  " pem_id, msg_no, expires, " +  " HEX(keyhash) AS keyhash " +  " FROM certs " +  " WHERE id = %d", +  cert_id); +  if (!sizeof(tmp)) break; +  +  res->certs += tmp; +  cert_id = tmp[0]->parent; +  +  if (tmp[0]->pem_id) { +  tmp = db->typed_query("SELECT path " +  " FROM cert_pem_files " +  " WHERE id = %d", +  tmp[0]->pem_id); +  if (sizeof(tmp)) { +  res->certs[-1]->pem_path = tmp[0]->path; +  } +  } +  } +  +  return res; + }