pike.git / lib / modules / Tools.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Tools.pmod/X509.pmod:21:    m->mon + 1,    m->mday,    m->hour,    m->min,    m->sec));   }      /* Returns a mapping similar to that returned by gmtime */   mapping parse_time(object asn1)   { -  if ((asn1->tag_name != "UTCTime") +  if ((asn1->type_name != "UTCTime")    || (strlen(asn1->value) != 13))    return 0;       sscanf(asn1->value, "%[0-9]s%c", string s, int c);    if ( (strlen(s) != 12) && (c != 'Z') )    return 0;    -  +  /* NOTE: This relies on pike-0.7 not interpreting leading zeros as +  * an octal prefix. */    mapping m = mkmapping( ({ "year", "mon", "mday", "hour", "min", "sec" }), -  (array(string)) (s/2)); +  (array(int)) (s/2));       if (m->year < 50)    m->year += 50;    if ( (m->mon <= 0 ) || (m->mon > 12) )    return 0;    m->mon--;       if ( (m->mday <= 0) || (m->mday >= Calendar.ISO.Year(m->year + 1900)    ->month(m->mon + 1)->number_of_days()))    return 0;
pike.git/lib/modules/Tools.pmod/X509.pmod:71:    if (t1->name > t2->name)    return 1;    }    return 0;   }         object extension_sequence = meta_explicit(2, 3);   object version_integer = meta_explicit(2, 0);    + object rsa_md5_algorithm = asn1_sequence( ({ Identifiers.rsa_md5_id, +  asn1_null() }) ); +  + object rsa_sha1_algorithm = asn1_sequence( ({ Identifiers.rsa_sha1_id, +  asn1_null() }) ); +  +    object make_tbs(object issuer, object algorithm,    object subject, object keyinfo,    object serial, int ttl,    array extensions)   {    int now = time();    object validity = asn1_sequence( ({ make_time(now),    make_time(now + ttl) }) );       return (extensions
pike.git/lib/modules/Tools.pmod/X509.pmod:161:    object signature_algorithm = asn1_sequence( ({ Identifiers.rsa_sha1_id,    asn1_null() }) );       object keyinfo = asn1_sequence(    ({ asn1_sequence( ({ Identifiers.rsa_id,    asn1_null() }) ),    asn1_bit_string(RSA.public_key(rsa)) }) );       object dn = Certificate.build_distinguished_name(@name);    -  object tbs = make_tbs(dn, signature_algorithm, +  object tbs = make_tbs(dn, rsa_sha1_algorithm,    dn, keyinfo,    serial, ttl, extensions);       return asn1_sequence(    ({ tbs, -  signature_algorithm, +  rsa_sha1_algorithm,    asn1_bit_string(rsa_sign_digest(rsa, Identifiers.sha1_id,    Crypto.sha()->update(tbs->get_der())    ->digest())) }) )->get_der();   }      class rsa_verifier   {    object rsa;       constant type = "rsa";       object init(string key)    {    rsa = RSA.parse_public_key(key);    return rsa && this_object();    }       int verify(object algorithm, string msg, string signature)    {    { -  if (algorithm->get_der() == Identifiers.rsa_md5_id) +  if (algorithm->get_der() == rsa_md5_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.md5_id,    Crypto.md5()->update(msg)->digest(),    signature); -  else if (algorithm->get_der() == Identifiers.rsa_sha1_id) +  else if (algorithm->get_der() == rsa_sha1_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.sha1_id,    Crypto.sha()->update(msg)->digest(),    signature);    else    return 0;    }    }   }      #if 0
pike.git/lib/modules/Tools.pmod/X509.pmod:235:    return 0;       if (keyinfo->elements[0]->elements[0]->get_der()    == Identifiers.rsa_id->get_der())    {    if ( (sizeof(keyinfo->elements[0]->elements) != 2)    || (keyinfo->elements[0]->elements[1]->get_der()    != asn1_null()->get_der()))    return 0;    -  return rsa_verifier(keyinfo->elements[1]->value); +  return rsa_verifier()->init(keyinfo->elements[1]->value);    }    else if (keyinfo->elements[0]->elements[0]->get_der()    == Identifiers.dsa_sha_id->get_der())    {    /* FIXME: Not implemented */    return 0;    }   }      class TBSCertificate
pike.git/lib/modules/Tools.pmod/X509.pmod:271:    object subject_id;    object extensions;       object init(object asn1)    {    der = asn1->get_der();    if (asn1->type_name != "SEQUENCE")    return 0;       array a = asn1->elements; +  werror("TBSCertificate: sizeof(a) = %d\n", sizeof(a)); +     if (sizeof(a) < 6)    return 0;       if (sizeof(a) > 6)    {    /* The optional version field must be present */    if (!a[0]->constructed    || (a[0]->get_combinded_tag() != make_combined_tag(2, 0))    || (sizeof(a[0]->elements) != 1) -  || (a[0]->elements[0]->tag_name != "INTEGER")) +  || (a[0]->elements[0]->type_name != "INTEGER"))    return 0;       version = (int) a[0]->elements[0]->value + 1;    if ( (version < 2) || (version > 3))    return 0;    a = a[1..];    } else    version = 1;    -  if (a[0]->tag_name != "INTEGER") +  werror("TBSCertificate: version = %d\n", version); +  if (a[0]->type_name != "INTEGER")    return 0;    serial = a[0]->value;    -  if ((a[1]->tag_name != "SEQUENCE") +  werror("TBSCertificate: serial = %s\n", (string) serial); +  +  if ((a[1]->type_name != "SEQUENCE")    || !sizeof(a[1]->elements ) -  || (a[1]->elements[0]->tag_name != "OBJECT IDENTIFIER")) +  || (a[1]->elements[0]->type_name != "OBJECT IDENTIFIER"))    return 0;       algorithm = a[1];    -  if (a[2]->tag_name != "SEQUENCE") +  werror("TBSCertificate: algorithm = %s\n", algorithm->debug_string()); +  +  if (a[2]->type_name != "SEQUENCE")    return 0;    issuer = a[2];    -  if ((a[3]->tag_name != "SEQUENCE") +  werror("TBSCertificate: issuer = %s\n", issuer->debug_string()); +  +  if ((a[3]->type_name != "SEQUENCE")    || (sizeof(a[3]->elements) != 2))    return 0;       array validity = a[3]->elements;       not_before = parse_time(validity[0]);    if (!not_before)    return 0;    -  +  werror("TBSCertificate: not_before = %O\n", not_before); +     not_after = parse_time(validity[0]);    if (!not_after)    return 0;    -  +  werror("TBSCertificate: not_after = %O\n", not_after); +  +  if (a[4]->type_name != "SEQUENCE") +  return 0;    subject = a[4]; -  +  +  werror("TBSCertificate: keyinfo = %s\n", a[5]->debug_string()); +     public_key = make_verifier(a[5]);       if (!public_key)    return 0;    -  +  werror("TBSCertificate: parsed public key. type = %s\n", +  public_key->type); +     int i = 6;    if (i == sizeof(a))    return this_object();       if (version < 2)    return 0;       if (! a[i]->constructed    && (a[i]->combined_tag == make_combined_tag(2, 1)))    {
pike.git/lib/modules/Tools.pmod/X509.pmod:386:    || (cert->elements[0]->type_name != "SEQUENCE")    || (cert->elements[1]->type_name != "SEQUENCE")    || (!sizeof(cert->elements[1]->elements))    || (cert->elements[1]->elements[0]->type_name != "OBJECT IDENTIFIER")    || (cert->elements[2]->type_name != "BIT STRING")    || cert->elements[2]->unused)    return 0;       object(TBSCertificate) tbs = TBSCertificate()->init(cert->elements[0]);    -  if (!tbs || cert->elements[1]->get_der() != tbs->algorithm->get_der()) +  if (!tbs || (cert->elements[1]->get_der() != tbs->algorithm->get_der()))    return 0;       object v;       if (tbs->issuer->get_der() == tbs->subject->get_der())    {    /* A self signed certificate */ -  +  werror("Self signed certificate\n");    v = tbs->public_key;    }    else    v = authorities[tbs->issuer->get_der()];       return v && v->verify(cert->elements[1],    cert->elements[0]->get_der(),    cert->elements[2]->value)    && tbs;   }