pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:33:   constant CERT_ROOT_UNTRUSTED = 5;      //!   constant CERT_BAD_SIGNATURE = 6;      #if 0   // A CA certificate does not have the CA basic constraint.   constant CERT_UNAUTHORIZED_CA = 7;   #endif    + // Bit 0 is the first bit in the BitString.   protected enum keyUsage { -  digitalSignature = (1<<0), -  nonRepudiation = (1<<1), -  keyCertSign = (1<<5), -  cRLSign = (1<<6), +  digitalSignature = (1<<(7-0)), +  nonRepudiation = (1<<(7-1)), +  keyEncipherment = (1<<(7-2)), +  dataEncipherment = (1<<(7-3)), +  keyAgreement = (1<<(7-4)), +  keyCertSign = (1<<(7-5)), +  cRLSign = (1<<(7-6)),   };         //! Unique identifier for the certificate issuer.   //!   //! X.509v2 (deprecated).   class IssuerId {    inherit BitString;    constant cls = 2;    constant tag = 1;
pike.git/lib/modules/Standards.pmod/X509.pmod:947:   //! number.   //!   //! @seealso   //! @[sign_key()], @[sign_tbs()]   string make_selfsigned_certificate(Crypto.Sign c, int ttl,    mapping|array name, array|void extensions,    void|Crypto.Hash h, void|int serial)   {    if(!serial)    serial = (int)Gmp.mpz(Standards.UUID.make_version1(-1)->encode(), 256); +     Sequence dn = Certificate.build_distinguished_name(name);       // Extensions mandated for Suite B Self-Signed CA Certificates, RFC    // 5759 4.5.1.   #define ADD(X,Y,Z) extensions+=({ make_extension(Identifiers.ce_ids->X,Y,Z) })       if(!extensions) extensions = ({});       // While RFC 3280 section 4.2.1.2 suggest to only hash the BIT    // STRING part of the subjectPublicKey, it is only a suggestion.    ADD(subjectKeyIdentifier,    OctetString( Crypto.SHA1.hash(c->pkcs_public_key()->get_der()) ),    0); - #if 0 +     ADD(keyUsage, -  BitString()-> -  set_from_ascii(sprintf("%09b", keyCertSign|cRLSign|digitalSignature)), +  BitString(Gmp.mpz(keyCertSign|cRLSign|digitalSignature)->digits(256)),    1); - #endif +     ADD(basicConstraints,    Sequence(({Boolean(1)})),    1);      #undef ADD       return sign_key(dn, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      //! Decodes a certificate and verifies that it is structually sound.