pike.git / lib / modules / Tools.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Tools.pmod/X509.pmod:1:   /* -  * $Id: X509.pmod,v 1.9 2000/05/25 20:20:31 sigge Exp $ +  * $Id: X509.pmod,v 1.10 2000/08/01 19:51:47 sigge Exp $    *    * Some random functions for creating RFC-2459 style X.509 certificates.    *    */      #if constant(Standards.ASN1.Types.asn1_sequence)      import Standards.ASN1.Types;   import Standards.PKCS;    -  + // Note: Redump this module if you change X509_DEBUG + #ifdef X509_DEBUG + #define X509_WERR werror + #else + #define X509_WERR + #endif +    object make_time(int t)   {    mapping m = gmtime(t);       if (m->year >= 150)    throw( ({ "Tools.X509.make_time: "    "Times later than 2049 not supported yet\n",    backtrace() }) );       return asn1_utc(sprintf("%02d%02d%02d%02d%02d%02dZ",
pike.git/lib/modules/Tools.pmod/X509.pmod:43: Inside #if constant(Standards.ASN1.Types.asn1_sequence)
   * an octal prefix. */    mapping m = mkmapping( ({ "year", "mon", "mday", "hour", "min", "sec" }),    (array(int)) (s/2));       if (m->year < 50)    m->year += 100;    if ( (m->mon <= 0 ) || (m->mon > 12) )    return 0;    m->mon--;    -  if ( (m->mday <= 0) || (m->mday >= Calendar.ISO.Year(m->year + 1900) +  if ( (m->mday <= 0) || (m->mday > Calendar.ISO.Year(m->year + 1900)    ->month(m->mon + 1)->number_of_days()))    return 0;       if ( (m->hour < 0) || (m->hour > 23))    return 0;       if ( (m->min < 0) || (m->min > 59))    return 0;    -  /* NOTE: Allows for lead seconds */ -  if ( (m->sec < 0) || (m->min > 60)) +  /* NOTE: Allows for leap seconds */ +  if ( (m->sec < 0) || (m->sec > 60))    return 0;       return m;   }      int time_compare(mapping t1, mapping t2)   {    foreach( ({ "year", "mon", "mday", "hour", "min", "sec" }), string name)    {    if (t1->name < t2->name)
pike.git/lib/modules/Tools.pmod/X509.pmod:76: Inside #if constant(Standards.ASN1.Types.asn1_sequence)
   if (t1->name > t2->name)    return 1;    }    return 0;   }         object extension_sequence = meta_explicit(2, 3);   object version_integer = meta_explicit(2, 0);    + object rsa_md2_algorithm = asn1_sequence( ({ Identifiers.rsa_md2_id, +  asn1_null() }) ); +    object rsa_md5_algorithm = asn1_sequence( ({ Identifiers.rsa_md5_id,    asn1_null() }) );      object rsa_sha1_algorithm = asn1_sequence( ({ Identifiers.rsa_sha1_id,    asn1_null() }) );         object make_tbs(object issuer, object algorithm,    object subject, object keyinfo,    object serial, int ttl,
pike.git/lib/modules/Tools.pmod/X509.pmod:208: Inside #if constant(Standards.ASN1.Types.asn1_sequence)
   {    {    if (algorithm->get_der() == rsa_md5_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.md5_id,    Crypto.md5()->update(msg)->digest(),    signature);    else if (algorithm->get_der() == rsa_sha1_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.sha1_id,    Crypto.sha()->update(msg)->digest(),    signature); +  else if (algorithm->get_der() == rsa_md2_algorithm->get_der()) +  return rsa_verify_digest(rsa, Identifiers.md2_id, +  Crypto.md2()->update(msg)->digest(), +  signature);    else    return 0;    }    }   }      #if 0   /* FIXME: This is a little more difficult, as the dsa-parameters are    * sometimes taken from the CA, and not present in the keyinfo. */   class dsa_verifier
pike.git/lib/modules/Tools.pmod/X509.pmod:283: Inside #if constant(Standards.ASN1.Types.asn1_sequence)
   object subject_id;    object extensions;       object init(object asn1)    {    der = asn1->get_der();    if (asn1->type_name != "SEQUENCE")    return 0;       array a = asn1->elements; -  //werror("TBSCertificate: sizeof(a) = %d\n", sizeof(a)); +  X509_WERR("TBSCertificate: sizeof(a) = %d\n", sizeof(a));       if (sizeof(a) < 6)    return 0;       if (sizeof(a) > 6)    {    /* The optional version field must be present */    if (!a[0]->constructed    || (a[0]->get_combined_tag() != make_combined_tag(2, 0))    || (sizeof(a[0]->elements) != 1)    || (a[0]->elements[0]->type_name != "INTEGER"))    return 0;       version = (int) a[0]->elements[0]->value + 1;    if ( (version < 2) || (version > 3))    return 0;    a = a[1..];    } else    version = 1;    -  //werror("TBSCertificate: version = %d\n", version); +  X509_WERR("TBSCertificate: version = %d\n", version);    if (a[0]->type_name != "INTEGER")    return 0;    serial = a[0]->value;    -  //werror("TBSCertificate: serial = %s\n", (string) serial); +  X509_WERR("TBSCertificate: serial = %s\n", (string) serial);       if ((a[1]->type_name != "SEQUENCE")    || !sizeof(a[1]->elements )    || (a[1]->elements[0]->type_name != "OBJECT IDENTIFIER"))    return 0;       algorithm = a[1];    -  //werror("TBSCertificate: algorithm = %s\n", algorithm->debug_string()); +  X509_WERR("TBSCertificate: algorithm = %s\n", algorithm->debug_string());       if (a[2]->type_name != "SEQUENCE")    return 0;    issuer = a[2];    -  //werror("TBSCertificate: issuer = %s\n", issuer->debug_string()); +  X509_WERR("TBSCertificate: issuer = %s\n", issuer->debug_string());       if ((a[3]->type_name != "SEQUENCE")    || (sizeof(a[3]->elements) != 2))    return 0;       array validity = a[3]->elements;       not_before = parse_time(validity[0]);    if (!not_before)    return 0;    -  //werror("TBSCertificate: not_before = %O\n", not_before); +  X509_WERR("TBSCertificate: not_before = %O\n", not_before);    -  not_after = parse_time(validity[0]); +  not_after = parse_time(validity[1]);    if (!not_after)    return 0;    -  //werror("TBSCertificate: not_after = %O\n", not_after); +  X509_WERR("TBSCertificate: not_after = %O\n", not_after);       if (a[4]->type_name != "SEQUENCE")    return 0;    subject = a[4];    -  //werror("TBSCertificate: keyinfo = %s\n", a[5]->debug_string()); +  X509_WERR("TBSCertificate: keyinfo = %s\n", a[5]->debug_string());       public_key = make_verifier(a[5]);       if (!public_key)    return 0;    -  //werror("TBSCertificate: parsed public key. type = %s\n", -  // public_key->type); +  X509_WERR("TBSCertificate: parsed public key. type = %s\n", +  public_key->type);       int i = 6;    if (i == sizeof(a))    return this_object();       if (version < 2)    return 0;       if (! a[i]->constructed    && (a[i]->combined_tag == make_combined_tag(2, 1)))
pike.git/lib/modules/Tools.pmod/X509.pmod:437: Inside #if constant(Standards.ASN1.Types.asn1_sequence)
   object cert = Standards.ASN1.Decode.simple_der_decode(s);       object(TBSCertificate) tbs = decode_certificate(cert);    if (!tbs) return 0;       object v;       if (tbs->issuer->get_der() == tbs->subject->get_der())    {    /* A self signed certificate */ -  //werror("Self signed certificate\n"); +  X509_WERR("Self signed certificate\n");    v = tbs->public_key;    }    else    v = authorities[tbs->issuer->get_der()];       return v && v->verify(cert->elements[1],    cert->elements[0]->get_der(),    cert->elements[2]->value)    && tbs;   }      #endif