pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:210:   //! Validity time in seconds for this signature to be valid.   //!   //! @param extensions   //! Set of extensions.   //!   //! @returns   //! Returns a DER-encoded certificate.   string sign_key(Sequence issuer, Crypto.RSA|Crypto.DSA c, Sequence subject,    int serial, int ttl, array|void extensions)   { -  function(string:string) sign; -  if( object_program(c) == Crypto.RSA ) -  { -  sign = lambda(string d) { -  return c->pkcs_sign(d, Crypto.SHA1); -  }; -  } -  else if( object_program(c) == Crypto.DSA ) -  { -  sign = c->sign_ssl; -  } -  else -  error("Unhandled cipher %O. Use RSA or DSA.\n", c); -  +     Sequence tbs = make_tbs(issuer, c->pkcs_algorithm_id(Crypto.SHA1),    subject, c->pkcs_public_key(),    Integer(serial), ttl, extensions);       return Sequence(({ tbs, c->pkcs_algorithm_id(Crypto.SHA1), -  BitString(sign(tbs->get_der())) }))->get_der(); +  BitString(c->pkcs_sign(tbs->get_der(), Crypto.SHA1)) +  }))->get_der();   }      //! Creates a selfsigned certificate, i.e. where issuer and subject   //! are the same entity. This entity is derived from the list of pairs   //! in @[name], which is encoded into an distinguished_name by   //! @[Standards.PKCS.Certificate.build_distinguished_name].   //!   //! @param c   //! The public key cipher used for the certificate, @[Crypto.RSA] or   //! @[Crypto.DSA]. The object should be initialized with (at least)
pike.git/lib/modules/Standards.pmod/X509.pmod:315:    }       //! Verifies the @[signature] of the certificate @[msg] using the    //! indicated hash @[algorithm]. The signature is the DER-encoded    //! ASN.1 sequence Dss-Sig-Value with the two integers r and s. See    //! RFC 3279 section 2.2.2.    int(0..1) verify(Sequence algorithm, string msg, string signature)    {    if (!dsa) return 0;    if (algorithm->get_der() == dsa_sha1_algorithm->get_der()) -  return dsa->verify_ssl(msg, signature); +  return dsa->pkcs_verify(msg, Crypto.SHA1, signature);       return 0;    }   }      protected Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;