pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1:   #pike __REAL_VERSION__   #require constant(Crypto.Hash)   //#pragma strict_types    - //! Functions to generate and validate RFC2459 style X.509 v3 + //! Functions to generate and validate @rfc{2459@} style X.509 v3   //! certificates.      constant dont_dump_module = 1;      import Standards.ASN1.Types;      #ifdef X509_DEBUG   #define DBG(X ...) werror(X)   #define NULL(X ...) werror(X) && 0   #else
pike.git/lib/modules/Standards.pmod/X509.pmod:910:    return this;       return NULL("init: Too many fields. %O\n", sizeof(a));    }       //    // --- Extension code    //       //! Set if the certificate contains a valid basicConstraints -  //! extension. RFC3280 4.2.1.10. +  //! extension. @rfc{3280@} 4.2.1.10.    int(0..1) ext_basicConstraints;       //! If set, the certificate may be used as a CA certificate, i.e.    //! sign other certificates.    int(0..1) ext_basicConstraints_cA;       //! The maximum number of certificates that may follow this -  //! certificate in a certificate chain. @expr{0@} in case no limit is -  //! imposed. Note that this variable is off by one compared to the -  //! RFC 3280 definition, which only counts intermediate certificates -  //! (i.e. 0 intermediates means this variable would be 1, as in one -  //! following certificate). +  //! certificate in a certificate chain. @expr{0@} in case no limit +  //! is imposed. Note that this variable is off by one compared to +  //! the @rfc{3280@} definition, which only counts intermediate +  //! certificates (i.e. 0 intermediates means this variable would be +  //! 1, as in one following certificate).    int ext_basicConstraints_pathLenConstraint;       protected int(0..1) parse_basicConstraints(Object o)    {    // FIXME: This extension must be critical if certificate contains    // public keys use usage is to validate signatures on    // certificates.       if( o->type_name!="SEQUENCE" )    return 0;
pike.git/lib/modules/Standards.pmod/X509.pmod:961:    }    else    ext_basicConstraints_pathLenConstraint = 0;       ext_basicConstraints = 1;    ext_basicConstraints_cA = s[0]->value;    return 1;    }       //! Set if the certificate contains a valid authorityKeyIdentifier -  //! extension. RFC3280 4.2.1.1. +  //! extension. @rfc{3280@} 4.2.1.1.    int(0..1) ext_authorityKeyIdentifier;       //! Set to the KeyIdentifier, if set in the extension.    string ext_authorityKeyIdentifier_keyIdentifier;       //! Set to the CertificateSerialNumber, if set in the extension.    Gmp.mpz ext_authorityKeyIdentifier_authorityCertSerialNumber;       protected int(0..1) parse_authorityKeyIdentifier(Object o)    {
pike.git/lib/modules/Standards.pmod/X509.pmod:1001:    break;    }}       // FIXME: We don't parse authorityCertIssuer yet.       ext_authorityKeyIdentifier = 1;    return 1;    }       //! Set to the value of the SubjectKeyIdentifier if the certificate -  //! contains the subjectKeyIdentifier extension. RFC3280 4.2.1.2. +  //! contains the subjectKeyIdentifier extension. @rfc{3280@} +  //! 4.2.1.2.    string ext_subjectKeyIdentifier;       protected int(0..1) parse_subjectKeyIdentifier(Object o)    {    if( o->type_name!="OCTET STRING" )    return 0;    ext_subjectKeyIdentifier = o->value;    return 1;    }    -  //! Set to the value of the KeyUsage if the certificate -  //! contains the keyUsage extension. RFC3280 4.2.1.3. +  //! Set to the value of the KeyUsage if the certificate contains the +  //! keyUsage extension. @rfc{3280@} 4.2.1.3.    keyUsage ext_keyUsage;       protected int(0..1) parse_keyUsage(Object o)    {    if( o->type_name!="BIT STRING" )    return 0;       int pos;    foreach(o->value;; int char)    for(int i; i<8; i++)
pike.git/lib/modules/Standards.pmod/X509.pmod:1037:    pos++;    char <<= 1;    }       return 1;    }       //! Set to the list of extended key usages from anyExtendedKeyUsage,    //! if the certificate contains the extKeyUsage extensions. These    //! Identifier objects are typically found in -  //! @[.PKCS.Identifiers.reverse_kp_ids]. RFC3280 4.2.1.13. +  //! @[.PKCS.Identifiers.reverse_kp_ids]. @rfc{3280@} 4.2.1.13.    array(Identifier) ext_extKeyUsage;       protected int(0..1) parse_extKeyUsage(Object o)    {    if( o->type_name!="SEQUENCE" )    return 0;    Sequence s = [object(Sequence)]o;       ext_extKeyUsage = s->elements;    return 1;
pike.git/lib/modules/Standards.pmod/X509.pmod:1101:    }       // FIXME: otherName, x400Address, directoryName and ediPartyName    // not supported.       return 1;    }      }    - //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section + //! Creates the ASN.1 TBSCertificate sequence (see @rfc{2459@} section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, and @[extensions] is optionally added to the sequence.   //! issuerUniqueID and subjectUniqueID are not supported.   TBSCertificate make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,    Integer serial, Sequence validity,    array|int(0..0)|void extensions)   {    TBSCertificate tbs = TBSCertificate();    tbs->serial = serial->value;    tbs->algorithm = algorithm;    tbs->issuer = issuer;    tbs->validity = validity;    tbs->subject = subject;    tbs->keyinfo = keyinfo;    tbs->raw_extensions = extensions && Sequence(extensions);    return tbs;   }    - //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section + //! Creates the ASN.1 TBSCertificate sequence (see @rfc{2459@} section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and - //! @[extensions] is optionally added to the sequence. - //! issuerUniqueID and subjectUniqueID are not supported. + //! @[extensions] is optionally added to the sequence. issuerUniqueID + //! and subjectUniqueID are not supported.   //!   //! @note   //! Prior to Pike 8.0 this function returned a plain @[Sequence] object.   variant TBSCertificate make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,    Integer serial, int ttl,    array|int(0..0)|void extensions)   {    int now = time();    Sequence validity = Sequence( ({ UTC(now),