pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:132:    Identifiers.rsa_sha384_id->get_der() : Crypto.SHA384,   #endif   #if constant(Crypto.SHA512)    Identifiers.rsa_sha512_id->get_der() : Crypto.SHA512,   #endif       Identifiers.dsa_sha_id->get_der() : Crypto.SHA1,   #if constant(Crypto.SHA224)    Identifiers.dsa_sha224_id->get_der() : Crypto.SHA224,   #endif - #if constant(Crypto.SHA256) +     Identifiers.dsa_sha256_id->get_der() : Crypto.SHA256, - #endif +     ]);   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,
pike.git/lib/modules/Standards.pmod/X509.pmod:196:   //! Serial number for this key and subject.   //!   //! @param ttl   //! Validity time in seconds for this signature to be valid.   //!   //! @param extensions   //! Set of extensions.   //!   //! @returns   //! Returns a DER-encoded certificate. - string sign_key(Sequence issuer, Crypto.RSA|Crypto.DSA c, Sequence subject, -  int serial, int ttl, array|void extensions) + string sign_key(Sequence issuer, Crypto.RSA|Crypto.DSA c, Crypto.Hash h, +  Sequence subject, int serial, int ttl, array|void extensions)   { -  Sequence tbs = make_tbs(issuer, c->pkcs_algorithm_id(Crypto.SHA1), +  Sequence algorithm_id = c->pkcs_algorithm_id(h); +  if(!algorithm_id) error("Can't use %O for %O.\n", h, c); +  Sequence tbs = make_tbs(issuer, algorithm_id,    subject, c->pkcs_public_key(),    Integer(serial), ttl, extensions);    -  return Sequence(({ tbs, c->pkcs_algorithm_id(Crypto.SHA1), -  BitString(c->pkcs_sign(tbs->get_der(), Crypto.SHA1)) +  return Sequence(({ tbs, c->pkcs_algorithm_id(h), +  BitString(c->pkcs_sign(tbs->get_der(), h))    }))->get_der();   }      //! Creates a selfsigned certificate, i.e. where issuer and subject   //! are the same entity. This entity is derived from the list of pairs   //! in @[name], which is encoded into an distinguished_name by   //! @[Standards.PKCS.Certificate.build_distinguished_name].   //!   //! @param c   //! The public key cipher used for the certificate, @[Crypto.RSA] or
pike.git/lib/modules/Standards.pmod/X509.pmod:235:   //! @param extensions   //! List of extensions as ASN.1 structures.   //!   //! @param serial   //! Serial number of the certificate. Defaults to generating a UUID   //! version1 value with random node. Some browsers will refuse   //! different certificates from the same signer with the same serial   //! number.   string make_selfsigned_certificate(Crypto.RSA|Crypto.DSA c, int ttl,    mapping|array name, array|void extensions, -  void|int serial) +  void|Crypto.Hash h, void|int serial)   {    if(!serial)    serial = (int)Gmp.mpz(Standards.UUID.make_version1(-1)->encode(), 256);    Sequence dn = Certificate.build_distinguished_name(name); -  return sign_key(dn, c, dn, serial, ttl, extensions); +  return sign_key(dn, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      class Verifier {    constant type = "none";    int(0..1) verify(object,string,string);    optional Crypto.RSA rsa;    optional Crypto.DSA dsa;       extern protected int(0..1) pkcs_verify(string, Crypto.Hash, string);