pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:110:   int(-1..1) time_compare(mapping(string:int) t1, mapping(string:int) t2)   {    foreach( ({ "year", "mon", "mday", "hour", "min", "sec" }), string name)    if (t1[name] < t2[name])    return -1;    else if (t1[name] > t2[name])    return 1;    return 0;   }    -  + protected {    MetaExplicit extension_sequence = MetaExplicit(2, 3);    MetaExplicit version_integer = MetaExplicit(2, 0);       Sequence rsa_public_key = Sequence( ({ Identifiers.rsa_id, Null() }));       Sequence rsa_md2_algorithm = Sequence( ({ Identifiers.rsa_md2_id, Null() }) );       Sequence rsa_md5_algorithm = Sequence( ({ Identifiers.rsa_md5_id, Null() }) );       Sequence rsa_sha1_algorithm = Sequence( ({ Identifiers.rsa_sha1_id,    Null() }) );       Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); -  + }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,    Integer serial, int ttl,    array extensions)
pike.git/lib/modules/Standards.pmod/X509.pmod:289:   }      class Verifier {    constant type = "none";    int(0..1) verify(object,string,string);    this_program init(string key);       optional Crypto.RSA rsa; // Ugly   }    - //! - class rsa_verifier + protected class rsa_verifier   {    inherit Verifier;    Crypto.RSA rsa;       constant type = "rsa";       //!    this_program init(string key) {    rsa = RSA.parse_public_key(key);    return rsa && this;
pike.git/lib/modules/Standards.pmod/X509.pmod:327: Inside #if constant(Crypto.MD2.hash)
   Crypto.MD2.hash(msg),    signature);   #endif    return 0;    }   }      #if 0   /* FIXME: This is a little more difficult, as the dsa-parameters are    * sometimes taken from the CA, and not present in the keyinfo. */ - class dsa_verifier + protected class dsa_verifier   {    inherit Verifier;    object dsa;       constant type = "dsa";       object init(string key)    {    }   }   #endif    - //! - Verifier make_verifier(Object _keyinfo) + protected Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;    if ( (keyinfo->type_name != "SEQUENCE")    || (sizeof(keyinfo->elements) != 2)    || (keyinfo->elements[0]->type_name != "SEQUENCE")    || !sizeof(([object(Sequence)]keyinfo->elements[0])->elements)    || (keyinfo->elements[1]->type_name != "BIT STRING")    || keyinfo->elements[1]->unused)
pike.git/lib/modules/Standards.pmod/X509.pmod:449:    || (sizeof(a[0]->elements) != 1)    || (a[0]->elements[0]->type_name != "INTEGER"))    return 0;       version = (int) a[0]->elements[0]->value + 1;    if ( (version < 2) || (version > 3))    return 0;    a = a[1..];    } else    version = 1; -  +     DBG("TBSCertificate: version = %d\n", version); -  +     if (a[0]->type_name != "INTEGER")    return 0;    serial = a[0]->value; -  +     DBG("TBSCertificate: serial = %s\n", (string) serial);       if ((a[1]->type_name != "SEQUENCE")    || !sizeof(a[1]->elements )    || (a[1]->elements[0]->type_name != "OBJECT IDENTIFIER"))    return 0;       algorithm = a[1]; -  +     DBG("TBSCertificate: algorithm = %s\n", algorithm->debug_string());       if (a[2]->type_name != "SEQUENCE")    return 0;    issuer = a[2]; -  +     DBG("TBSCertificate: issuer = %s\n", issuer->debug_string());       if ((a[3]->type_name != "SEQUENCE")    || (sizeof(a[3]->elements) != 2))    return 0; -  +     array validity = a[3]->elements;       not_before = parse_time(validity[0]);    if (!not_before)    return 0; -  +     DBG("TBSCertificate: not_before = %O\n", not_before);       not_after = parse_time(validity[1]);    if (!not_after)    return 0; -  +     DBG("TBSCertificate: not_after = %O\n", not_after);       if (a[4]->type_name != "SEQUENCE")    return 0;    subject = a[4];       DBG("TBSCertificate: keyinfo = %s\n", a[5]->debug_string()); -  +     public_key = make_verifier(a[5]);       if (!public_key)    return 0;       DBG("TBSCertificate: parsed public key. type = %s\n",    public_key->type);       int i = 6;    if (i == sizeof(a))