1 files changed, 47 insertions, 55 deletions

diff --git a/kiki.hs b/kiki.hs
index 3628307..c8adb51 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -26,6 +26,7 @@ import System.Environment
 import System.Exit
 import System.IO (hPutStrLn,stderr)
 import qualified Codec.Binary.Base64 as Base64
+import qualified Codec.Binary.Base16 as Base16
 import qualified Crypto.Hash.RIPEMD160 as RIPEMD160
 import qualified Crypto.Hash.SHA256    as SHA256
 import qualified Data.ByteString      as S
@@ -40,6 +41,7 @@ import Crypto.PubKey.RSA as RSA
 import qualified Codec.Compression.GZip as GZip
 import Data.Time.Clock.POSIX ( utcTimeToPOSIXSeconds )
 import Data.Time.Clock ( UTCTime )
+import Data.Monoid ( (<>) )
 
 
 import DotLock
@@ -353,25 +355,42 @@ parseCertBlob comp bs = do
         (notBefore,notAfter) = certValidity cert
     case certPubKey cert of
         PubKeyRSA key -> do
-            let ex = let ekey = Char8.toStrict $ encodeASN1 DER (toASN1 key [])
-                         (pre,post) = S.breakSubstring ekey $ Char8.toStrict bs
-                         post' = S.drop (S.length ekey) post
-                         len :: Word16
-                         len = if S.null post then maxBound
-                                              else fromIntegral $ S.length pre
-                     in encode len `L.append` GZip.compress (Char8.fromChunks [pre,post'])
+            let withoutkey =
+                    let ekey = Char8.toStrict $ encodeASN1 DER (toASN1 key [])
+                        (pre,post) = S.breakSubstring ekey $ Char8.toStrict bs
+                        post' = S.drop (S.length ekey) post
+                        len :: Word16
+                        len = if S.null post then maxBound
+                                             else fromIntegral $ S.length pre
+                    in if len < 4096
+                        then encode len `L.append` GZip.compress (Char8.fromChunks [pre,post'])
+                        else bs
             return
                 ParsedCert { pcertKey = packetFromPublicRSAKey notBefore
                                                                (MPI $ public_n key)
                                                                (MPI $ public_e key)
                            , pcertTimestamp = notBefore
-                           , pcertBlob = case comp of
-                                            0 -> ex
-                                            1 -> bs
-                                            2 -> GZip.compress bs
+                           , pcertBlob = if comp then withoutkey
+                                                 else bs
                            }
         _ -> Nothing
 
+decodeBlob cert =
+    if 0 /= (bs `L.index` 0) .&. 0x10
+     then bs
+     else let (keypos0,bs') = L.splitAt 2 bs
+              keypos :: Word16
+              keypos = decode keypos0
+              ds = GZip.decompress bs'
+              (prekey,postkey) = L.splitAt (fromIntegral keypos) ds
+           in prekey <> key <> postkey
+ where
+    bs = pcertBlob cert
+    key = maybe L.empty (encodeASN1 DER . flip toASN1 []) $ rsaKeyFromPacket $ pcertKey cert
+
+parsePEM :: L.ByteString -> L.ByteString -> (Message,L.ByteString)
+parsePEM hdr bs = error "todo"
+
 show_torhash pubkey _ = do
     bs <- Char8.readFile pubkey 
     let parsekey f dta  = do
@@ -391,50 +410,13 @@ show_cert certfile _ = do
     bs <- Char8.readFile certfile
     let dta = extractPEM "CERTIFICATE" bs
         mdta = L.pack <$> Base64.decode (Char8.unpack dta)
-    {-
-        pubkey =  RSA.PublicKey
-                    { public_size = 128
-                    , public_n = 154361684503603802222425703762858923586891027963572326870083767113931020265732747123162809298697685461466566794668728252513238617267841367255306789892103614749619835666015844098056127878039846958283514957904585088494988419964303541700240003254472965884445634980070222782747273430139103311807958905274574715853
-                    , public_e = 65537}
-        pubkey2 =  RSAKey8
-                    (MPI 154361684503603802222425703762858923586891027963572326870083767113931020265732747123162809298697685461466566794668728252513238617267841367255306789892103614749619835666015844098056127878039846958283514957904585088494988419964303541700240003254472965884445634980070222782747273430139103311807958905274574715853)
-                    (MPI 65537)
-        mdta = Base64.decode (Char8.unpack dta)
-        cert = do
-            e <- decodeASN1 DER . L.pack <$> mdta
-            let scert = searchit bs -- decodeSignedCertificate $ Char8.toStrict (Char8.drop 4 bs)
-                scert :: Either String SignedCertificate
-                searchit bs | Char8.null bs = Left "thoroughly exhausted"
-                searchit bs = either (const $ searchit $ Char8.drop 1 bs) Right $ go bs
-                go bs | Char8.null bs = Left "exhausted"
-                go bs = either (const $ go $ Char8.init bs) Right $ (decodeSignedCertificate $ Char8.toStrict bs)
-            asn1 <- either (const Nothing) (Just) e
-            let asn1' = drop 2 asn1 -- getSequence 0 (drop 1 asn1) -- reverse $ dropWhile (/=End Sequence) $ drop 1 $ reverse asn1
-            -- k <- either (Just . Left) (Just . Right . fst) (fromASN1 asn1')
-            k <- either (const Nothing) (Just . fst) (fromASN1 asn1')
-            let _ = k :: Certificate -- Either String Certificate
-            return (k,scert) -- (asn1', k) -- asn1
-        ekey = encodeASN1 DER (toASN1 pubkey [])
-        ekey2 = encodeASN1 DER (toASN1 pubkey2 [])
-        ekey2_64 = Base64.encode $ L.unpack ekey2
-        ex = do
-            dta <- mdta
-            let ekey_ = Char8.toStrict ekey
-                (pre,post) = S.breakSubstring ekey_ (S.pack dta)
-                post' = S.drop (S.length ekey_) post
-            return $ ( b64L $ GZip.compress (Char8.fromChunks [pre,post']), (b64 pre, b64 post'))
-    putStrLn $ show dta
-    putStrLn $ show (fmap fst cert)
-    -- putStrLn $ show (fmap snd cert)
-    putStrLn $ show (Base64.encode $ L.unpack ekey)
-    putStrLn $ show (Base64.encode $ L.unpack ekey2)
-    putStrLn $ show ex
-    -}
-    let c = mdta >>= parseCertBlob 0
-        d = mdta >>= parseCertBlob 1
-        e = mdta >>= parseCertBlob 2
+    let c = mdta >>= parseCertBlob True
+        d = mdta >>= parseCertBlob False
+        -- e = mdta >>= parseCertBlob 2
         b64 = Base64.encode . S.unpack
         b64L = Base64.encode . L.unpack
+        hex = Base16.encode . S.unpack
+        hexL = Base16.encode . L.unpack
     putStrLn $ maybe "" (fingerprint . pcertKey) c
     putStrLn $ maybe "" (torhash . pcertKey) c
     putStrLn ""
@@ -442,16 +424,26 @@ show_cert certfile _ = do
     putStrLn $ maybe "" (("key = " ++) . show . pcertKey) c
     putStrLn ""
     putStrLn $ maybe "" (("small blob length = " ++) . show . L.length . pcertBlob) c
-    putStrLn ""
     putStrLn $ maybe "" (("small blob = " ++) . b64L . pcertBlob) c
+    putStrLn $ maybe "" (("   decoded = " ++) . b64L . decodeBlob) c
     putStrLn ""
     putStrLn $ maybe "" (("  big blob length = " ++) . show . L.length . pcertBlob) d
-    putStrLn ""
     putStrLn $ maybe "" (("  big blob = " ++) . b64L . pcertBlob) d
+    putStrLn $ maybe "" (("   decoded = " ++) . b64L . decodeBlob) d
+    {-
     putStrLn ""
     putStrLn $ maybe "" ((" gzip blob length = " ++) . show . L.length . pcertBlob) e
     putStrLn ""
     putStrLn $ maybe "" ((" gzip blob = " ++) . b64L . pcertBlob) e
+    -}
+    -- ASN1 starts: 
+    --   1  2  3  4  5  6  7  8
+    --   cl....pc.tag..........
+    -- Start Sequence tag = 0x10
+    -- Start Sequence cl = 0
+    let v = encodeASN1 DER [Start Sequence]
+    putStrLn ""
+    putStrLn $ "prefix = " ++ hexL v
     return ()
 
 cannonical_eckey x y = 0x4:pad32(numToBytes x) ++ pad32(numToBytes y) :: [Word8]