| Subject: | Adding certificate stores |
こんにちは。
必要な証明書をいちいちsetPublicKey()で設定するのが大変なので、opensslの-CAfileや-CApathにあたるものを設定できるようにしてみました。
パッチを添付します。
| Subject: | Crypt-SMIME-0.14-publickeystore-20140812.patch |
diff -ur Crypt-SMIME-0.14.orig/SMIME.mlpod Crypt-SMIME-0.14/SMIME.mlpod
--- Crypt-SMIME-0.14.orig/SMIME.mlpod 2014-08-04 15:38:46.000000000 +0900
+++ Crypt-SMIME-0.14/SMIME.mlpod 2014-08-12 11:26:17.000000000 +0900
@@ -84,6 +84,23 @@
対å¿ãã¦ãããã©ã¼ããã㯠PEM ã®ã¿ãéµã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
>>
+=item setPublicKeyStore()
+
+ $smime->setPublicKeyStore($path, ...);
+
+Set the paths of file or directory containing trusted certificates.
+The certificate stores will be used for verification.
+J<< ja;
+ä¿¡é ¼ãã¦ãã証ææ¸ (è¤æ°å¯)
+ãå
¥ã£ããã¡ã¤ã«ããã£ã¬ã¯ããªã®ãã¹ (è¤æ°å¯)
+ãè¨å®ãããããã§è¨å®ããã証ææ¸ã¹ãã¢ã¯ãç½²åã®æ¤è¨¼ã®éã«ç¨ããããã
+>>
+
+The method dies if it fails to load the certificate stores.
+J<< ja;
+証ææ¸ã¹ãã¢ã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
+>>
+
=item sign()
$signed_mime = $smime->sign($raw_mime);
diff -ur Crypt-SMIME-0.14.orig/SMIME.pod Crypt-SMIME-0.14/SMIME.pod
--- Crypt-SMIME-0.14.orig/SMIME.pod 2014-08-04 15:41:54.000000000 +0900
+++ Crypt-SMIME-0.14/SMIME.pod 2014-08-12 11:26:21.000000000 +0900
@@ -68,6 +68,17 @@
load the certificates.
+=item setPublicKeyStore()
+
+ $smime->setPublicKeyStore($path, ...);
+
+Set the paths of file or directory containing trusted certificates.
+The certificate stores will be used for verification.
+
+
+The method dies if it fails to load the certificate stores.
+
+
=item sign()
$signed_mime = $smime->sign($raw_mime);
diff -ur Crypt-SMIME-0.14.orig/SMIME.xs Crypt-SMIME-0.14/SMIME.xs
--- Crypt-SMIME-0.14.orig/SMIME.xs 2014-08-04 15:40:12.000000000 +0900
+++ Crypt-SMIME-0.14/SMIME.xs 2014-08-12 11:14:52.000000000 +0900
@@ -11,6 +11,8 @@
#if defined(HAVE_TIME_H)
# include <time.h>
#endif
+#include <sys/types.h>
+#include <sys/stat.h>
#include "EXTERN.h"
#include "perl.h"
@@ -485,7 +487,7 @@
this->pubkeys_store = X509_STORE_new();
if (this->pubkeys_store == NULL) {
- croak("Crypt::SMIME#new: failed to allocate X509_STORE");
+ croak("Crypt::SMIME#setPublicKey: failed to allocate X509_STORE");
}
/* ä½æ
STACK_OF(X509)ã¨X509_STOREã®äºã¤ã使ãå¿
è¦ãããã®ãã */
@@ -599,6 +601,95 @@
this->pubkeys_are_tainted = SvTAINTED(ST(1));
SV*
+setPublicKeyStore(Crypt_SMIME this, ...)
+ INIT:
+ X509_STORE* store;
+ X509* pub_cert;
+ X509_LOOKUP *lookup_file, *lookup_path;
+ int i, has_file = 0, has_path = 0;
+ char* pathname;
+ struct stat bufstat;
+ CODE:
+ /* å¤ã証ææ¸ã¹ãã¢ããã£ããæ¶ã */
+ if (this->pubkeys_store) {
+ X509_STORE_free(this->pubkeys_store);
+ this->pubkeys_store = NULL;
+ }
+
+ store = X509_STORE_new();
+ if (store == NULL) {
+ croak("Crypt::SMIME#setPublicKeyStore: failed to allocate X509_STORE");
+ }
+
+ /* setPublicKey()ã§è¨å®ãã証ææ¸ãããã°è¿½å ãã */
+ for (i = 0; i < sk_X509_num(this->pubkeys_stack); i++) {
+ pub_cert = sk_X509_value(this->pubkeys_stack, i);
+ if (pub_cert == NULL || X509_STORE_add_cert(store, pub_cert) == 0) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: failed to store the public cert");
+ }
+ }
+
+ /* å¼æ°ãããã°è¨¼ææ¸ã¹ãã¢ã¨ãã¦è¿½å ãã */
+ lookup_file = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup_file == NULL) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: failed to allocate X509_LOOKUP");
+ }
+ lookup_path = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup_path == NULL) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: failed to allocate X509_LOOKUP");
+ }
+ for (i = 1; i < items; i++) {
+ if (ST(i) == NULL) {
+ continue; /* å¤åèµ·ãããªãã⦠*/
+ }
+ if (!is_string(ST(i))) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: ARG[%d] is non-string value", i);
+ }
+
+ pathname = (char *)SvPV_nolen(ST(i));
+ if (stat(pathname, &bufstat) != 0) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: cannot stat %s",
+ pathname);
+ } else if (bufstat.st_mode & S_IFDIR) {
+ if (!X509_LOOKUP_add_dir(lookup_path, pathname,
+ X509_FILETYPE_PEM)) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: failed to add ARG[%d] as store", i);
+ }
+ has_path = 1;
+ } else {
+ if (!X509_LOOKUP_load_file(lookup_file, pathname,
+ X509_FILETYPE_PEM)) {
+ X509_STORE_free(store);
+ croak("Crypt::SMIME#setPublicKeyStore: failed to add ARG[%d] as store", i);
+ }
+ has_file = 1;
+ }
+ }
+
+ /* å¼æ°ããªããã°åæå¤ã®å ´æã®ã¹ãã¢ã (åå¨ããã°) 追å ãã */
+ if (!has_file) {
+ X509_LOOKUP_load_file(lookup_file, NULL, X509_FILETYPE_DEFAULT);
+ }
+ if (!has_path) {
+ X509_LOOKUP_add_dir(lookup_path, NULL, X509_FILETYPE_DEFAULT);
+ }
+
+ ERR_clear_error();
+ this->pubkeys_store = store;
+
+ SvREFCNT_inc(ST(0));
+ RETVAL = ST(0);
+
+ OUTPUT:
+ RETVAL
+
+SV*
_sign(Crypt_SMIME this, char* plaintext)
CODE:
/* ç§å¯éµãã¾ã ã»ããããã¦ããªããã°ã¨ã©ã¼ */
diff -ur Crypt-SMIME-0.14.orig/lib/SMIME/JA.pod Crypt-SMIME-0.14/lib/SMIME/JA.pod
--- Crypt-SMIME-0.14.orig/lib/SMIME/JA.pod 2014-08-04 15:41:54.000000000 +0900
+++ Crypt-SMIME-0.14/lib/SMIME/JA.pod 2014-08-12 11:26:21.000000000 +0900
@@ -58,6 +58,16 @@
対å¿ãã¦ãããã©ã¼ããã㯠PEM ã®ã¿ãéµã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
+=item setPublicKeyStore()
+
+ $smime->setPublicKeyStore($path, ...);
+
+ä¿¡é ¼ãã¦ãã証ææ¸ (è¤æ°å¯)
+ãå
¥ã£ããã¡ã¤ã«ããã£ã¬ã¯ããªã®ãã¹ (è¤æ°å¯)
+ãè¨å®ãããããã§è¨å®ããã証ææ¸ã¹ãã¢ã¯ãç½²åã®æ¤è¨¼ã®éã«ç¨ããããã
+
+証ææ¸ã¹ãã¢ã®èªã¿è¾¼ã¿ã«å¤±æããå ´åã¯dieããã
+
=item sign()
$signed_mime = $smime->sign($raw_mime);
diff -ur Crypt-SMIME-0.14.orig/lib/SMIME.pm Crypt-SMIME-0.14/lib/SMIME.pm
--- Crypt-SMIME-0.14.orig/lib/SMIME.pm 2014-08-04 15:41:54.000000000 +0900
+++ Crypt-SMIME-0.14/lib/SMIME.pm 2014-08-12 11:26:21.000000000 +0900
@@ -247,6 +247,17 @@
load the certificates.
+=item setPublicKeyStore()
+
+ $smime->setPublicKeyStore($path, ...);
+
+Set the paths of file or directory containing trusted certificates.
+The certificate stores will be used for verification.
+
+
+The method dies if it fails to load the certificate stores.
+
+
=item sign()
$signed_mime = $smime->sign($raw_mime);