pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:556:    elements[subject_pos] = s;    }    SubjectId `subject_id()    {    if (subject_pos) return elements[subject_pos];    return UNDEFINED;    }       protected mapping extension_types = ([    .PKCS.Identifiers.ce_ids.authorityKeyIdentifier : ([ -  make_combined_tag(2,0) : OctetString, +  make_combined_tag(2,0) : OctetString, // keyIdentifier    ]), -  +  .PKCS.Identifiers.ce_ids.subjectAltName : ([ +  make_combined_tag(2,2) : IA5String, // dNSName +  make_combined_tag(2,7) : OctetString, // iPAddress +  ]),    ]);       //! The raw ASN.1 objects from which @[extensions] and @[critical]    //! have been generated.    //!    //! @note    //! optional    void `raw_extensions=(Sequence r)    {    internal_der = UNDEFINED;
pike.git/lib/modules/Standards.pmod/X509.pmod:856:   #define EXT(X) do { \    Object o = internal_extensions[.PKCS.Identifiers.ce_ids.##X]; \    if(o && !parse_##X(o)) \    DBG("TBSCertificate: Failed to parse extension %O.\n", #X); \    } while (0)    EXT(basicConstraints); // 2.5.29.19    EXT(authorityKeyIdentifier); // 2.5.29.35    EXT(subjectKeyIdentifier); // 2.5.29.14    EXT(keyUsage); // 2.5.29.15    EXT(extKeyUsage); // 2.5.29.37 +  EXT(subjectAltName); // 2.5.29.17   #undef EXT    }    }    internal_der = asn1->get_der();    if (i == sizeof(a))    return this;    /* Too many fields */    return 0;    }   
pike.git/lib/modules/Standards.pmod/X509.pmod:986:    //! Set to the list of extended key usages from anyExtendedKeyUsage,    //! if the certificate contains the extKeyUsage extensions. These    //! Identifier objects are typically found in    //! @[.PKCS.Identifiers.reverse_kp_ids]. RFC3280 4.2.1.13.    array(Identifier) ext_extKeyUsage;       protected int(0..1) parse_extKeyUsage(Object o)    {    if( o->type_name!="SEQUENCE" )    return 0; +  Sequence s = [object(Sequence)]o;    -  ext_extKeyUsage = o->elements; +  ext_extKeyUsage = s->elements;    return 1;    }    -  +  array(string) ext_subjectAltName_dNSName; +  +  array(string) ext_subjectAltName_iPAddress; +  +  protected int(0..1) parse_subjectAltName(Object o) +  { +  if( o->type_name!="SEQUENCE" ) +  return 0; +  Sequence s = [object(Sequence)]o; +  +  foreach(s->elements, Object o) +  { +  switch(o->type_name) +  { +  case "IA5STRING": +  if(!ext_subjectAltName_dNSName) +  ext_subjectAltName_dNSName = ({}); +  ext_subjectAltName_dNSName += ({ o->value }); +  break; +  case "OCTET STRING": +  if(!ext_subjectAltName_iPAddress) +  ext_subjectAltName_iPAddress = ({}); +  ext_subjectAltName_iPAddress += ({ o->value }); +  break;    } -  +  }    -  +  return 1; +  } +  + } +    //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, and @[extensions] is optionally added to the sequence.   //! issuerUniqueID and subjectUniqueID are not supported.   TBSCertificate make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,    Integer serial, Sequence validity,    array|int(0..0)|void extensions)   {    TBSCertificate tbs = TBSCertificate();