pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:155:    //! Verifies the @[signature] of the certificate @[msg] using the    //! indicated hash @[algorithm].    int(0..1) verify(Sequence algorithm, string(8bit) msg, string(8bit) signature)    {    DBG("Verify hash %O\n", algorithm[0]);    Crypto.Hash hash = algorithms[algorithm[0]];    if (!hash) return 0;    return pkc && pkc->pkcs_verify(msg, hash, signature);    }    +  protected int(0..1) `==(mixed o) +  { +  return objectp(o) && o->pkc?->name && pkc->name()==o->pkc->name() && +  pkc->public_key_equal(o->pkc); +  } +     protected string _sprintf(int t)    {    return t=='O' && sprintf("%O(%O)", this_program, pkc);    }   }      protected class RSAVerifier   {    inherit Verifier;    constant type = "rsa";
pike.git/lib/modules/Standards.pmod/X509.pmod:1501:    mapping(string:array(Verifier)) res = ([]);       foreach(root_cert_dirs, string dir) {    string pem = Stdio.read_bytes(combine_path(dir, "ca-certificates.crt"));    if (pem) {    Standards.PEM.Messages messages = Standards.PEM.Messages(pem);    foreach(messages->fragments, string|Standards.PEM.Message m) {    if (!objectp(m)) continue;    TBSCertificate tbs = verify_ca_certificate(m->body);    if (!tbs) continue; -  res[tbs->subject->get_der()] += ({ tbs->public_key }); +  string subj = tbs->subject->get_der(); +  if( !res[subj] || !has_value(res[subj], tbs->public_key ) ) +  res[subj] += ({ tbs->public_key });    }    continue;    }    foreach(get_dir(dir) || ({}), string fname) {    if (has_suffix(fname, ".0")) {    // Skip OpenSSL hash files for now (as they are duplicates).    continue;    }    fname = combine_path(dir, fname);    if (!Stdio.is_file(fname)) continue;    pem = Stdio.read_bytes(fname);    if (!pem) continue;    string cert = Standards.PEM.simple_decode(pem);    if (!cert) continue;    TBSCertificate tbs = verify_ca_certificate(cert);    if (!tbs) continue; -  res[tbs->subject->get_der()] += ({ tbs->public_key }); +  string subj = tbs->subject->get_der(); +  if( !res[subj] || !has_value(res[subj], tbs->public_key ) ) +  res[subj] += ({ tbs->public_key });    }    }    return res;   }      //! Decodes a certificate chain, oredered from leaf to root, and   //! checks the signatures. Verifies that the chain can be decoded   //! correctly, is unbroken, and that all certificates are in effect   //! (time-wise.) and allowed to sign it's child certificate.   //!