pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:554:    return;    }    elements[subject_pos] = s;    }    SubjectId `subject_id()    {    if (subject_pos) return elements[subject_pos];    return UNDEFINED;    }    +  protected mapping extension_types = ([ +  .PKCS.Identifiers.ce_ids.authorityKeyIdentifier : ([ +  make_combined_tag(2,0) : OctetString, +  ]), +  ]); +     //! The raw ASN.1 objects from which @[extensions] and @[critical]    //! have been generated.    //!    //! @note    //! optional    void `raw_extensions=(Sequence r)    {    internal_der = UNDEFINED;    internal_extensions = ([]);    internal_critical = (<>);
pike.git/lib/modules/Standards.pmod/X509.pmod:599:    DBG("TBSCertificate: extension: %O\n", ext[0]);    Identifier id = ext[0];       if( extensions[id] )    {    DBG("TBSCertificate: extension %O sent twice.\n");    return 0;    }       extensions[ id ] = -  Standards.ASN1.Decode.simple_der_decode(ext->elements[-1]->value); +  Standards.ASN1.Decode.simple_der_decode(ext->elements[-1]->value, +  extension_types[id]);    if(sizeof(ext)==3)    {    if( ext[1]->type_name != "BOOLEAN" ) return 0;    if( ext[1]->value ) critical[id]=1;    }    }       if (!extensions_pos) {    if (version < 3) version = 3;    extensions_pos = sizeof(elements);
pike.git/lib/modules/Standards.pmod/X509.pmod:896:    return 0;    Sequence s = [object(Sequence)]o;    if( sizeof(s)<1 || sizeof(s)>2 || s[0]->type_name!="BOOLEAN" )    return 0;    if( sizeof(s)==2 )    {    if( s[1]->type_name!="INTEGER" || s[0]->value==0 || s[1]->value<0 )    return 0;    ext_basicConstraints_pathLenConstraint = s[1]->value + 1;    // FIXME: pathLenConstraint is not permitted if keyCertSign -  // isn't set in key usage. +  // isn't set in key usage. We need to check that at a higher +  // level though.    }    ext_basicConstraints = 1;    ext_basicConstraints_cA = s[0]->value;    return 1;    }       //! Set if the certificate contains a valid authorityKeyIdentifier    //! extension. RFC3280 4.2.1.1.    int(0..1) ext_authorityKeyIdentifier;    -  +  //! Set to the KeyIdentifier, if set in the extension. +  string ext_authorityKeyIdentifier_keyIdentifier; +     protected int(0..1) parse_authorityKeyIdentifier(Object o)    {    if( o->type_name!="SEQUENCE" )    return 0;    Sequence s = [object(Sequence)]o;    -  // FIXME: Actually parse this. +  foreach(s->elements, Object o) +  if( o->type_name=="OCTET STRING" ) +  { +  if( ext_authorityKeyIdentifier_keyIdentifier ) +  { +  ext_authorityKeyIdentifier_keyIdentifier = 0; +  return 0; +  } +  ext_authorityKeyIdentifier_keyIdentifier = o->value; +  } +  +  // FIXME: We don't parse authorityCertIssuer nor +  // authorityCertSerialNumber yet. +     ext_authorityKeyIdentifier = 1;    return 1;    }       //! Set to the value of the SubjectKeyIdentifier if the certificate    //! contains the subjectKeyIdentifier extension. RFC3280 4.2.1.2.    string ext_subjectKeyIdentifier;       protected int(0..1) parse_subjectKeyIdentifier(Object o)    {