autodoc.git
/
traditional_manual
/
chapter_21.html
version
»
Context lines:
10
20
40
80
file
none
3
autodoc.git/traditional_manual/chapter_21.html:47474:
<dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Decodes a certificate and verifies that it is structually sound. Returns a <code>TBSCertificate</code> object if ok, otherwise <code class='expr'>0</code>.</p> </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span>
+
<span class='homogen--name'><b>get_algorithms</b></span>
+
</dt>
+
<dd><p><code><code class='datatype'>mapping</code>(<code class='object unresolved'>Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>) <b><span class='method'>get_algorithms</span>(</b><b>)</b></code></p></dd>
+
+
<dt class='head--doc'>Description</dt>
+
<dd class='body--doc'><p>Returns the mapping of signature algorithm to hash algorithm
+
supported by <code>Verifier</code> and thus <code>verify_ca_certificate()</code>,
+
<code>verify_certificate()</code>, and <code>verify_certificate_chain()</code>.</p>
+
</dd></dl>
+
+
+
<hr />
+
<dl class='group--doc'>
+
<dt class='head--type'><span class='homogen--type'>Method</span>
<span class='homogen--name'><b>load_authorities</b></span> </dt> <dd><p><code><code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <b><span class='method'>load_authorities</span>(</b><code class='datatype'>string</code>|<code class='datatype'>array</code>(<code class='datatype'>string</code>)|<code class='datatype'>void</code> <code class='argument'>root_cert_dirs</code>, <code class='datatype'>bool</code>|<code class='datatype'>void</code> <code class='argument'>cache</code><b>)</b></code></p></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Convenience function for loading known root certificates.</p> </dd> <dt class='head--doc'><span id='p-root_cert_dirs'></span>Parameter <code class='parameter'>root_cert_dirs</code></dt> <dd></dd><dd class='body--doc'><p>Directory/directories containing the PEM-encoded root certificates to load. Defaults to a rather long list of directories, including
autodoc.git/traditional_manual/chapter_21.html:47728:
<dd class='body--doc'><p>Verifies that all extensions mandated for certificate signing certificates are present and valid.</p> </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>verify_certificate</b></span> </dt>
-
<dd><p><code><code class='object unresolved'>TBSCertificate</code> <b><span class='method'>verify_certificate</span>(</b><code class='datatype'>string</code> <code class='argument'>s</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code><b>)</b></code></p></dd>
+
<dd><p><code><code class='object unresolved'>TBSCertificate</code> <b><span class='method'>verify_certificate</span>(</b><code class='datatype'>string</code> <code class='argument'>s</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code>
,
<
code class='datatype'>mapping</code>(<code class='object unresolved'>Standards.ASN1.Types.Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>)|<code class='datatype'>void</code> <code class='argument'>options</code><
b>)</b></code></p></dd>
<dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Decodes a certificate, checks the signature. Returns the TBSCertificate structure, or 0 if decoding or verification failes. The valid time range for the certificate is not checked.</p>
-
<p> Authorities is a mapping from (DER-encoded) names to a verifiers.</p>
+
</dd>
-
+
<dt class='head--doc'><span id='p-authorities'></span>Parameter <code class='parameter'>authorities</code></dt>
+
<dd></dd><dd class='body--doc'><p>A mapping from (DER-encoded) names to a verifiers.</p>
+
</dd>
+
<dt class='head--doc'><span id='p-options'></span>Parameter <code class='parameter'>options</code></dt>
+
<dd></dd><dd class='body--doc'><table class='box'><tr><td><code><code class='key'>"verifier_algorithms"</code> : <code class='datatype'>mapping</code>(<code class='object unresolved'>Standards.ASN1.Types.Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>)</code></td><td><p>A mapping of verifier algorithm identifier to hash algorithm
+
implementation.</p>
+
</td></tr>
+
</table>
+
</dd>
<dt class='head--doc'>Note</dt> <dd class='body--doc'><p>This function allows self-signed certificates, and it doesn't check that names or extensions make sense.</p> </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>verify_certificate_chain</b></span> </dt>
-
<dd><p><code><code class='datatype'>mapping</code> <b><span class='method'>verify_certificate_chain</span>(</b><code class='datatype'>array</code>(<code class='datatype'>string</code>|<code class='object unresolved'>.PKCS.Signature.Signed</code>) <code class='argument'>cert_chain</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code>, <code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>require_trust</code><b>)</b></code></p></dd>
+
<dd><p><code><code class='datatype'>mapping</code> <b><span class='method'>verify_certificate_chain</span>(</b><code class='datatype'>array</code>(<code class='datatype'>string</code>|<code class='object unresolved'>.PKCS.Signature.Signed</code>) <code class='argument'>cert_chain</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code>, <code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>require_trust</code>
,
<
code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='datatype'>mixed</code>)|<code class='datatype'>void</code> <code class='argument'>options</code><
b>)</b></code></p></dd>
<dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Decodes a certificate chain, ordered from leaf to root, and checks the signatures. Verifies that the chain can be decoded correctly, is unbroken, and that all certificates are in effect (time-wise.) and allowed to sign it's child certificate.</p> <p> No verifications are done on the leaf certificate to determine what it can and can not be used for.</p> <p> Returns a mapping with the following contents, depending on the verification of the certificate chain:</p>
autodoc.git/traditional_manual/chapter_21.html:47790:
<dd></dd><dd class='body--doc'><p>An array of certificates, with the relative-root last. Each certificate should be a DER-encoded certificate, or decoded as a <code>Standards.PKCS.Signature.Signed</code> object.</p> </dd> <dt class='head--doc'><span id='p-authorities'></span>Parameter <code class='parameter'>authorities</code></dt> <dd></dd><dd class='body--doc'><p>A mapping from (DER-encoded) names to verifiers.</p> </dd> <dt class='head--doc'><span id='p-require_trust'></span>Parameter <code class='parameter'>require_trust</code></dt> <dd></dd><dd class='body--doc'><p>Require that the certificate be traced to an authority, even if it is self signed.</p>
+
</dd>
+
<dt class='head--doc'><span id='p-options'></span>Parameter <code class='parameter'>options</code></dt>
+
<dd></dd><dd class='body--doc'><table class='box'><tr><td><code><code class='key'>"verifier_algorithms"</code> : <code class='datatype'>mapping</code>(<code class='object unresolved'>Standards.ASN1.Types.Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>)</code></td><td><p>A mapping of verifier algorithm identifier to hash algorithm
+
implementation.</p>
+
</td></tr>
+
</table>
+
</dd>
+
<dt class='head--doc'>See also</dt>
+
<dd class='body--doc'><p><code>get_algorithms()</code></p>
<p> See <code>Standards.PKCS.Certificate.get_dn_string</code> for converting the RDN to an X500 style string.</p> </dd></dl> <dl><dt><h2 class='header'>Enum <b class='ms datatype'>Standards.X509.CertFailure</b></h2> </dt><dd> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Constant</span> <span class='homogen--name'><b>CERT_BAD_SIGNATURE</b></span>
autodoc.git/traditional_manual/chapter_21.html:48306:
<dd><p><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.<b><span class='variable'>version</span></b></code></p></dd> </dl> </dd></dl><dl><dt><h2 class='header'>Class <b class='ms datatype'>Standards.X509.Verifier</b></h2> </dt><dd> <hr /> <dl class='group--doc'> <dt class='head--type'><span class='homogen--type'>Method</span> <span class='homogen--name'><b>verify</b></span> </dt>
-
<dd><p><code><code class='datatype'>bool</code> <b><span class='method'>verify</span>(</b><code class='object unresolved'>Sequence</code> <code class='argument'>algorithm</code>, <code class='datatype'>string(8bit)</code> <code class='argument'>msg</code>, <code class='datatype'>string(8bit)</code> <code class='argument'>signature</code><b>)</b></code></p></dd>
+
<dd><p><code><code class='datatype'>bool</code> <b><span class='method'>verify</span>(</b><code class='object unresolved'>Sequence</code> <code class='argument'>algorithm</code>, <code class='datatype'>string(8bit)</code> <code class='argument'>msg</code>, <code class='datatype'>string(8bit)</code> <code class='argument'>signature</code>
,
<
code class='datatype'>mapping</code>(<code class='object unresolved'>Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>)|<code class='datatype'>void</code> <code class='argument'>verifier_algorithms</code><
b>)</b></code></p></dd>
<dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Verifies the <code>signature</code> of the certificate <code>msg</code> using the
-
indicated hash <code>algorithm</code>.</p>
+
indicated hash <code>algorithm</code>
, choosing from <code>verifier_algorithms</code>
.</p>
+
</dd>
+
<dt class='head--doc'>See also</dt>
+
<dd class='body--doc'><p><code>get_algorithms()</code></p>
</dd></dl> </dd></dl></dd></dl><dl><dt><h2 class='header'>Module <b class='ms datatype'>Standards.XML</b></h2> </dt><dd><dl><dt><h2 class='header'>Module <b class='ms datatype'>Standards.XML.Wix</b></h2> </dt><dd><dl class='group--doc'> <dt class='head--doc'>Description</dt> <dd class='body--doc'><p>Helper module for generating Windows Installer XML structures.</p> </dd> <dt class='head--doc'>See also</dt> <dd class='body--doc'><p><code>Parser.XML.Tree.SimpleNode</code></p> </dd></dl>