[Pkg-privacy-commits] [msva-perl] 192/356: add support for x509pem as a pkc type (addressing MS #2566)
Ximin Luo
infinity0 at moszumanska.debian.org
Mon Aug 24 07:41:55 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository msva-perl.
commit 5cc620f363f28e36b0f9cec7c305cae123149752
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Oct 28 18:44:01 2010 -0400
add support for x509pem as a pkc type (addressing MS #2566)
---
Crypt/Monkeysphere/MSVA.pm | 34 ++++++++++++++++++++++++++++++++--
Crypt/Monkeysphere/MSVA/Client.pm | 11 ++++++++---
2 files changed, 40 insertions(+), 5 deletions(-)
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index c0858e0..55dc5bc 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -389,6 +389,24 @@
return 0;
}
+ sub pem2der {
+ my $pem = shift;
+ my @lines = split(/\n/, $pem);
+ my @goodlines = ();
+ my $ready = 0;
+ use MIME::Base64;
+ foreach my $line (@lines) {
+ if ($ready) {
+ push @goodlines, $line;
+ } elsif ($line eq '-----BEGIN CERTIFICATE-----') {
+ $ready = 1;
+ } elsif ($line eq '-----END CERTIFICATE-----') {
+ last;
+ }
+ }
+ return decode_base64(join('', @goodlines));
+ }
+
sub getuid {
my $data = shift;
if ($data->{context} =~ /^(https|ssh)$/) {
@@ -500,9 +518,21 @@
msvalog('verbose', "context: %s\n", $data->{context});
msvalog('verbose', "peer: %s\n", $data->{peer});
- my $rawdata = join('', map(chr, @{$data->{pkc}->{data}}));
+ my $rawdata;
+ if ($data->{pkc}->{type} eq 'x509der') {
+ $rawdata = join('', map(chr, @{$data->{pkc}->{data}}));
+ } elsif ($data->{pkc}->{type} eq 'x509pem') {
+ $rawdata = pem2der($data->{pkc}->{data});
+ } else {
+ $ret->{message} = sprintf("Don't know this public key carrier type: %s", $data->{pkc}->{type});
+ return $status,$ret;
+ }
my $cert = Crypt::X509->new(cert => $rawdata);
+ if ($cert->error) {
+ $ret->{message} = sprintf("Error decoding X.509 certificate: %s", $cert->error);
+ return $status, $ret;
+ }
msvalog('verbose', "cert subject: %s\n", $cert->subject_cn());
msvalog('verbose', "cert issuer: %s\n", $cert->issuer_cn());
msvalog('verbose', "cert pubkey algo: %s\n", $cert->PubKeyAlg());
@@ -523,7 +553,7 @@
);
if ($key->{modulus}->copy()->blog(2) < 1000) { # FIXME: this appears to be the full pubkey, including DER overhead
- $ret->{message} = sprintf('public key size is less than 1000 bits (was: %d bits)', $cert->pubkey_size());
+ $ret->{message} = sprintf('Public key size is less than 1000 bits (was: %d bits)', $cert->pubkey_size());
} else {
$ret->{message} = sprintf('Failed to validate "%s" through the OpenPGP Web of Trust.', $uid);
my $lastloop = 0;
diff --git a/Crypt/Monkeysphere/MSVA/Client.pm b/Crypt/Monkeysphere/MSVA/Client.pm
index d657a98..a6d1ed7 100644
--- a/Crypt/Monkeysphere/MSVA/Client.pm
+++ b/Crypt/Monkeysphere/MSVA/Client.pm
@@ -86,6 +86,8 @@
$self->log('debug', "peer: %s\n", $peer);
$self->log('debug', "pkctype: %s\n", $pkctype);
+ my $transformed_data;
+
if ($pkctype eq 'x509der') {
if ($self->{logger}->is_logging_at('verbose')) {
if (Module::Load::Conditional::can_load('modules' => { 'Crypt::X509' => undef })) {
@@ -104,8 +106,12 @@
$self->log('verbose', "X.509 cert going to agent but we cannot inspect it without Crypt::X509\n");
}
}
+ # remap raw pkc data into numeric array
+ $transformed_data = [map(ord, split(//,$pkcdata))];
+ } elsif ($pkctype eq 'x509pem') {
+ $transformed_data = $pkcdata;
} else {
- $self->log('error', "unknown pkc type '%s'.\n", $pkctype);
+ $self->log('error', "unknown pkc type '%s'.\n", $pkctype);
};
return {
@@ -113,8 +119,7 @@
peer => $peer,
pkc => {
type => $pkctype,
- # remap raw pkc data into numeric array
- data => [map(ord, split(//,$pkcdata))],
+ data => $transformed_data,
},
};
};
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git
More information about the Pkg-privacy-commits
mailing list