[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Implement and test server descriptors.



Update of /home/minion/cvsroot/src/minion/src
In directory moria.seul.org:/tmp/cvs-serv27794/src

Modified Files:
	crypt.c tls.c 
Log Message:
Implement and test server descriptors.

Config: 
	- Add functionality for allow/deny rules. 
	- Add 'restricted' format for descriptors
	- Add fast path for assumed-valid files
	- Make 'Host' sections of config optional
	- Add more key-management and descriptor-generation fields to 
	  server config.

Crypto:
	- Add wrappers for PEM

ServerInfo:
	- Implement and debug server descriptors

test:
	- Tests for above functionality
	- Tests for logs

crypt.c:
	- Change generate_cert to take a time range instead of a number
	  of days.

tls.c:
	- Remove stale XXXX comment.


Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- crypt.c	9 Jul 2002 04:07:14 -0000	1.8
+++ crypt.c	28 Jul 2002 22:42:33 -0000	1.9
@@ -2,6 +2,8 @@
 /* $Id$ */
 #include <Python.h>
 
+#include <time.h>
+
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/aes.h>
@@ -871,20 +873,25 @@
 }
 
 const char mm_generate_cert__doc__[] = 
-   "generate_cert(filename, rsa, days, cn)\n\n"
-   "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
-   "server.  The certificate will be stored to <filename>, and use the\n"
-   "=private= key <rsa>.  It will be valid for the next <days> days.  The\n"
-   "certificate\'s commonName field will be set to <cn>.  All other fields\n"
-   "will be given reasonable defaults.\n";
+  "generate_cert(filename, rsa, cn, start_time, end_time)\n\n"
+  "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
+  "server.  The certificate will be stored to <filename>, and use the\n"
+  "=private= key <rsa>.  The certificate\'s commonName field will be set to\n"
+  "<cn>.  The key will be valid from <start_time> until <end_time>.\n"
+  "All other fields will be given reasonable defaults.\n";
 
 PyObject *
 mm_generate_cert(PyObject *self, PyObject *args, PyObject *kwargs)
 {
-	static char *kwlist[] = { "filename", "rsa", "days", "cn", NULL };
+	static char *kwlist[] = { "filename", "rsa", "cn", 
+				  "start_time", "end_time", NULL };
 	char *filename, *cn;
 	PyObject *_rsa;
-	int days;
+	/* XXXX Python wants to write into longs.  C wants time_t.  We should
+	 * XXXX check somewhere to be sure that we can case long to time_t
+	 * XXXX without ill effects.
+	 */
+	long start_time, end_time;
 	
 	RSA *rsa = NULL;
 	EVP_PKEY *pkey = NULL;
@@ -893,10 +900,12 @@
 	X509_NAME *name = NULL;
 	int nid;
 	PyObject *retval;
-
-	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO!is:PEM_write_key",
+	time_t time;
+	
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO!sll:generate_cert",
 					 kwlist, &filename,
-					 &mm_RSA_Type, &_rsa, &days, &cn))
+					 &mm_RSA_Type, &_rsa, &cn, 
+					 &start_time, &end_time))
 		return NULL;
 
 	if (!(rsa = RSAPrivateKey_dup(((mm_RSA*)_rsa)->rsa)))
@@ -927,9 +936,12 @@
 
 	if (!(X509_set_issuer_name(x509, name)))
 		goto error;
-	if (!X509_gmtime_adj(X509_get_notBefore(x509),0)) 
+
+	time = (time_t) start_time;
+	if (!X509_time_adj(X509_get_notBefore(x509),0,&time)) 
 		goto error;
-	if (!X509_gmtime_adj(X509_get_notAfter(x509), 60L*60L*24L*days)) 
+	time = (time_t) end_time;
+	if (!X509_time_adj(X509_get_notAfter(x509),0,&time))
 		goto error;
 	if (!(X509_set_pubkey(x509, pkey)))
 		goto error;

Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- tls.c	25 Jul 2002 15:52:57 -0000	1.5
+++ tls.c	28 Jul 2002 22:42:33 -0000	1.6
@@ -88,8 +88,6 @@
 
 #define mm_TLSSock_Check(v) ((v)->ob_type == &mm_TLSSock_Type)
 
-/* XXXX Code to make new cert */
-
 const char mm_TLSContext_new__doc__[] = 
    "TLSContext([certfile, [rsa, [dhfile] ] ] )\n\n"
    "Allocates a new TLSContext object.  The files, if provided, are used\n"