pike.git / lib / modules / Tools.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Tools.pmod/X509.pmod:1:   #pike __REAL_VERSION__   //#pragma strict_types + #pragma no_deprecation_warnings    - /* -  * Some random functions for creating RFC-2459 style X.509 certificates. -  * -  */ + //! Functions to generate and validate RFC2459 style X.509 v3 + //! certificates. + //! @deprecated Standards.X509      constant dont_dump_module = 1;      #if constant(Standards.ASN1.Types.Sequence) && constant(Crypto.Hash)      import Standards.ASN1.Types;   import Standards.PKCS;      // Note: Redump this module if you change X509_DEBUG   #ifdef X509_DEBUG
pike.git/lib/modules/Tools.pmod/X509.pmod:36:   constant CERT_ROOT_UNTRUSTED = 5;      //!   constant CERT_BAD_SIGNATURE = 6;      //!   constant CERT_UNAUTHORIZED_CA = 7;      //! Creates a @[Standards.ASN1.Types.UTC] object from the posix   //! time @[t]. - UTC make_time(int t) + __deprecated__ UTC make_time(int t)   {    object /*Calendar.Second*/ second = Calendar["Second"](t)->set_timezone("UTC");       if (second->year_no() >= 2050)    error( "Times later than 2049 not supported yet\n" );       return UTC(sprintf("%02d%02d%02d%02d%02d%02dZ",    second->year_no() % 100,    second->month_no(),    second->month_day(),
pike.git/lib/modules/Tools.pmod/X509.pmod:62:   //! Returns a mapping similar to that returned by gmtime   //! @returns   //! @mapping   //! @member int "year"   //! @member int "mon"   //! @member int "mday"   //! @member int "hour"   //! @member int "min"   //! @member int "sec"   //! @endmapping - mapping(string:int) parse_time(UTC asn1) + __deprecated__ mapping(string:int) parse_time(UTC asn1)   {    if ((asn1->type_name != "UTCTime")    || (sizeof(asn1->value) != 13))    return 0;       sscanf(asn1->value, "%[0-9]s%c", string s, int c);    if ( (sizeof(s) != 12) && (c != 'Z') )    return 0;       /* NOTE: This relies on pike-0.7 not interpreting leading zeros as
pike.git/lib/modules/Tools.pmod/X509.pmod:103:       /* NOTE: Allows for leap seconds */    if ( (m->sec < 0) || (m->sec > 60))    return 0;       return m;   }      //! Comparision function between two "date" mappings of the   //! kind that @[parse_time] returns. - int(-1..1) time_compare(mapping(string:int) t1, mapping(string:int) t2) + __deprecated__ int(-1..1) time_compare(mapping(string:int) t1, mapping(string:int) t2)   {    foreach( ({ "year", "mon", "mday", "hour", "min", "sec" }), string name)    if (t1[name] < t2[name])    return -1;    else if (t1[name] > t2[name])    return 1;    return 0;   }      
pike.git/lib/modules/Tools.pmod/X509.pmod:129:   Sequence rsa_md2_algorithm = Sequence( ({ Identifiers.rsa_md2_id, Null() }) );      Sequence rsa_md5_algorithm = Sequence( ({ Identifiers.rsa_md5_id, Null() }) );      Sequence rsa_sha1_algorithm = Sequence( ({ Identifiers.rsa_sha1_id,    Null() }) );      Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) );      //! - Sequence make_tbs(object issuer, object algorithm, + __deprecated__ Sequence make_tbs(object issuer, object algorithm,    object subject, object keyinfo,    object serial, int ttl,    array extensions)   {    int now = time();    Sequence validity = Sequence( ({ make_time(now), make_time(now + ttl) }) );       return (extensions    ? Sequence( ({ version_integer(Integer(2)), /* Version 3 */    serial,
pike.git/lib/modules/Tools.pmod/X509.pmod:179:   //! Serial number for this key and issuer.   //!   //! @param ttl   //! Validity time in seconds for this signature to be valid.   //!   //! @param extensions   //! Set of extensions.   //!   //! @returns   //! Returns a DER-encoded certificate. - string dsa_sign_key(Sequence issuer, Crypto.DSA dsa, + __deprecated__ string dsa_sign_key(Sequence issuer, Crypto.DSA dsa,    Sequence subject, string public_key,    int serial, int ttl, array|void extensions)   {    Sequence tbs = make_tbs(issuer, dsa_sha1_algorithm,    subject,    Sequence(({ DSA.algorithm_identifier(dsa),    BitString(public_key) }) ),    Integer(serial), ttl, extensions);       string digest = tbs->get_der();    return Sequence(({ tbs, dsa_sha1_algorithm,    BitString(dsa->sign_ssl(digest))    }))->get_der();   }      //! - string make_selfsigned_dsa_certificate(Crypto.DSA dsa, int ttl, array name, + __deprecated__ string make_selfsigned_dsa_certificate(Crypto.DSA dsa, int ttl, array name,    array|void extensions)   {    int serial =    (int)Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256);       Sequence dn = Certificate.build_distinguished_name(@name);       return dsa_sign_key(dn, dsa, dn, DSA.public_key(dsa),    serial, ttl, extensions);   }      //! - string rsa_sign_digest(Crypto.RSA rsa, object digest_id, string digest) + __deprecated__ string rsa_sign_digest(Crypto.RSA rsa, object digest_id, string digest)   {    Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ),    OctetString(digest) }) );    return rsa->raw_sign(digest_info->get_der())->digits(256);   }      //! - int(0..1) rsa_verify_digest(Crypto.RSA rsa, object digest_id, + __deprecated__ int(0..1) rsa_verify_digest(Crypto.RSA rsa, object digest_id,    string digest, string s)   {    Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ),    OctetString(digest) }) );    return rsa->raw_verify(digest_info->get_der(), Gmp.mpz(s, 256));   }      //!   //! @param issuer   //! Distinguished name for the issuer.
pike.git/lib/modules/Tools.pmod/X509.pmod:250:   //! Serial number for this key and subject.   //!   //! @param ttl   //! Validity time in seconds for this signature to be valid.   //!   //! @param extensions   //! Set of extensions.   //!   //! @returns   //! Returns a DER-encoded certificate. - string rsa_sign_key(Sequence issuer, Crypto.RSA rsa, + __deprecated__ string rsa_sign_key(Sequence issuer, Crypto.RSA rsa,    Sequence subject, string public_key,    int serial, int ttl, array|void extensions)   {    Sequence tbs = make_tbs(issuer, rsa_sha1_algorithm,    subject,    Sequence(({ rsa_public_key,    BitString(public_key) }) ),    Integer(serial), ttl, extensions);       string digest = Crypto.SHA1.hash(tbs->get_der());    return Sequence(({ tbs, rsa_sha1_algorithm,    BitString(rsa_sign_digest(rsa, Identifiers.sha1_id,    digest))    }))->get_der();   }      //! - string make_selfsigned_rsa_certificate(Crypto.RSA rsa, int ttl, array name, + __deprecated__ string make_selfsigned_rsa_certificate(Crypto.RSA rsa, int ttl, array name,    array|void extensions)   {    int serial =    (int)Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256);       Sequence dn = Certificate.build_distinguished_name(@name);       return rsa_sign_key(dn, rsa, dn, RSA.public_key(rsa),    serial, ttl, extensions);   }      class Verifier {    constant type = "none";    int(0..1) verify(object,string,string);    this_program init(string key); -  +  __deprecated__ void create() { }       optional Crypto.RSA rsa; // Ugly   }      //!   class rsa_verifier   {    inherit Verifier;    Crypto.RSA rsa;   
pike.git/lib/modules/Tools.pmod/X509.pmod:340: Inside #if 0
      constant type = "dsa";       object init(string key)    {    }   }   #endif      //! - Verifier make_verifier(Object _keyinfo) + __deprecated__ Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;    if ( (keyinfo->type_name != "SEQUENCE")    || (sizeof(keyinfo->elements) != 2)    || (keyinfo->elements[0]->type_name != "SEQUENCE")    || !sizeof(([object(Sequence)]keyinfo->elements[0])->elements)    || (keyinfo->elements[1]->type_name != "BIT STRING")    || keyinfo->elements[1]->unused)
pike.git/lib/modules/Tools.pmod/X509.pmod:417:    BitString issuer_id;       //! @note    //! optional    BitString subject_id;       //! @note    //! optional    object extensions;    +  __deprecated__ void create() { } +     //!    this_program init(Object asn1)    {    der = asn1->get_der();    if (asn1->type_name != "SEQUENCE")    return 0;       array(Object) a = ([object(Sequence)]asn1)->elements;    X509_WERR("TBSCertificate: sizeof(a) = %d\n", sizeof(a));   
pike.git/lib/modules/Tools.pmod/X509.pmod:537:    i++;    if (i == sizeof(a))    return this;    }    /* Too many fields */    return 0;    }   }      //! - TBSCertificate decode_certificate(string|object cert) + __deprecated__ TBSCertificate decode_certificate(string|object cert)   {    if (stringp (cert)) cert = Standards.ASN1.Decode.simple_der_decode(cert);       if (!cert    || (cert->type_name != "SEQUENCE")    || (sizeof(cert->elements) != 3)    || (cert->elements[0]->type_name != "SEQUENCE")    || (cert->elements[1]->type_name != "SEQUENCE")    || (!sizeof(cert->elements[1]->elements))    || (cert->elements[1]->elements[0]->type_name != "OBJECT IDENTIFIER")
pike.git/lib/modules/Tools.pmod/X509.pmod:568:   }      //! Decodes a certificate, checks the signature. Returns the   //! TBSCertificate structure, or 0 if decoding or verification failes.   //!   //! Authorities is a mapping from (DER-encoded) names to a verifiers.   //!   //! @note   //! This function allows self-signed certificates, and it doesn't   //! check that names or extensions make sense. - TBSCertificate verify_certificate(string s, mapping authorities) + __deprecated__ TBSCertificate verify_certificate(string s, mapping authorities)   {    object cert = Standards.ASN1.Decode.simple_der_decode(s);       TBSCertificate tbs = decode_certificate(cert);    if (!tbs) return 0;       object v;       if (tbs->issuer->get_der() == tbs->subject->get_der())    {
pike.git/lib/modules/Tools.pmod/X509.pmod:630:   //! An array of certificates, with the relative-root last. Each   //! certificate should be a DER-encoded certificate.   //! @param authorities   //! A mapping from (DER-encoded) names to verifiers.   //! @param require_trust   //! Require that the certificate be traced to an authority, even if   //! it is self signed.   //!   //! See @[Standards.PKCS.Certificate.get_dn_string] for converting the   //! RDN to an X500 style string. - mapping verify_certificate_chain(array(string) cert_chain, + __deprecated__ mapping verify_certificate_chain(array(string) cert_chain,    mapping authorities, int|void require_trust)   {       mapping m = ([ ]);       int len = sizeof(cert_chain);    array chain_obj = allocate(len);    array chain_cert = allocate(len);       foreach(cert_chain; int idx; string c)