pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1245:   //! @[sign_key()], @[sign_tbs()]   string make_selfsigned_certificate(Crypto.Sign c, int ttl,    mapping|array name, array|void extensions,    void|Crypto.Hash h, void|int serial)   {    if(!serial)    serial = (int)Gmp.mpz(Standards.UUID.make_version1(-1)->encode(), 256);       Sequence dn = Certificate.build_distinguished_name(name);    -  // Extensions mandated for Suite B Self-Signed CA Certificates, RFC -  // 5759 4.5.1. +    #define ADD(X,Y,Z) extensions+=({ make_extension(Identifiers.ce_ids->X,Y,Z) })       if(!extensions) extensions = ({});       // While RFC 3280 section 4.2.1.2 suggest to only hash the BIT    // STRING part of the subjectPublicKey, it is only a suggestion.    ADD(subjectKeyIdentifier,    OctetString( Crypto.SHA1.hash(c->pkcs_public_key()->get_der()) ),    0);    ADD(keyUsage, -  build_keyUsage(KU_keyCertSign|KU_cRLSign|KU_digitalSignature), +  build_keyUsage(KU_digitalSignature|KU_keyEncipherment),    1);    ADD(basicConstraints, -  Sequence(({Boolean(1)})), +  Sequence(({Boolean(0)})),    1);      #undef ADD       return sign_key(dn, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      //! Decodes a certificate and verifies that it is structually sound.   //! Returns a @[TBSCertificate] object if ok, otherwise @expr{0@}.   TBSCertificate decode_certificate(string|object cert)