static int openssl_revoked_info(lua_State* L) { X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked"); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (revoked->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, revoked->extensions); lua_rawset(L, -3); } return 1; };
static int openssl_crl_extensions(lua_State* L) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); if (lua_isnone(L, 2)) { STACK_OF(X509_EXTENSION) *exts = crl->crl->extensions; if (exts) { openssl_sk_x509_extension_totable(L, exts); } else lua_pushnil(L); return 1; } else { STACK_OF(X509_EXTENSION) *exts = openssl_sk_x509_extension_fromtable(L, 2); int i, n; n = sk_X509_EXTENSION_num(exts); for (i = 0; i < n; i++) { X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); X509_CRL_add_ext(crl, X509_EXTENSION_dup(ext), i); }; sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); return openssl_pushresult(L, 1); } }
static LUA_FUNCTION(openssl_csr_parse) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME * subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); openssl_push_x509_algor(L, csr->sig_alg); lua_setfield(L, -2, "sig_alg"); lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_REQ_INFO* ri = csr->req_info; int i, c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); openssl_push_asn1object(L, ri->pubkey->algor->algorithm); lua_setfield(L, -2, "algorithm"); AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = 0; X509_REVOKED *revoked = NULL; if (lua_isinteger(L, 2)) { i = lua_tointeger(L, 2); luaL_argcheck(L, (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)), 2, "Out of range"); revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); } else { ASN1_STRING *sn = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_integer"); int cnt = sk_X509_REVOKED_num(crl->crl->revoked); for (i = 0; i < cnt; i++) { X509_REVOKED *rev = sk_X509_REVOKED_value(crl->crl->revoked, i); if (ASN1_STRING_cmp(rev->serialNumber, sn) == 0) { revoked = rev; break; } } } if (revoked) { lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "code", revoked->reason, number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "code", ASN1_ENUMERATED_get(reason), number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } } else lua_pushnil(L); return 1; }
static int openssl_revoked_extensions(lua_State* L) { X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked"); if (revoked->extensions) { openssl_sk_x509_extension_totable(L, revoked->extensions); } else lua_pushnil(L); return 1; };
static int openssl_crl_extensions(lua_State* L) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); if (lua_isnone(L, 2)) { const STACK_OF(X509_EXTENSION) *exts = X509_CRL_get0_extensions(crl); if (exts) { openssl_sk_x509_extension_totable(L, exts); } else lua_pushnil(L); return 1; } else {
static int openssl_revoked2table(lua_State*L, X509_REVOKED *revoked) { int reason = openssl_x509_revoked_get_reason(revoked); lua_newtable(L); AUXILIAR_SET(L, -1, "code", reason, number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(reason), string); PUSH_ASN1_INTEGER(L, X509_REVOKED_get0_serialNumber(revoked)); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, X509_REVOKED_get0_revocationDate(revoked)); lua_setfield(L, -2, "revocationDate"); lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, X509_REVOKED_get0_extensions(revoked)); lua_rawset(L, -3); return 1; }
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = luaL_checkint(L, 2); if (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } return 1; } else lua_pushnil(L); return 1; }
/*** set extension of x509_req object @function extensions @tparam stack_of_x509_extension extensions @treturn boolean result true for success */ static LUA_FUNCTION(openssl_csr_extensions) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); if (lua_isnone(L, 2)) { STACK_OF(X509_EXTENSION) *sk = X509_REQ_get_extensions(csr); if (sk) { openssl_sk_x509_extension_totable(L, sk); sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); } else lua_pushnil(L); return 1; } else { STACK_OF(X509_EXTENSION) *sk = openssl_sk_x509_extension_fromtable(L, 2); int ret = X509_REQ_add_extensions(csr, sk); sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); return openssl_pushresult(L, ret); } }
static LUA_FUNCTION(openssl_crl_parse) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int num, i; lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer); /* hash as used in CA directories to lookup cert by subject name */ { char buf[32]; snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl))); AUXILIAR_SET(L, -1, "hash", buf, string); } { const EVP_MD *digest = EVP_get_digestbyname("sha1"); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int l = sizeof(md); if (X509_CRL_digest(crl, digest, md, &l) == 1) { lua_newtable(L); AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string); AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, l); lua_setfield(L, -2, "fingerprint"); } } openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl)); lua_setfield(L, -2, "issuer"); PUSH_ASN1_TIME(L, X509_CRL_get_lastUpdate(crl)); lua_setfield(L, -2, "lastUpdate"); PUSH_ASN1_TIME(L, X509_CRL_get_nextUpdate(crl)); lua_setfield(L, -2, "nextUpdate"); openssl_push_x509_algor(L, crl->crl->sig_alg); lua_setfield(L, -2, "sig_alg"); #if OPENSSL_VERSION_NUMBER > 0x00909000L if (crl->crl_number) { PUSH_ASN1_INTEGER(L, crl->crl_number); lua_setfield(L, -2, "crl_number"); } #endif if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } num = sk_X509_REVOKED_num(crl->crl->revoked); lua_newtable(L); for (i = 0; i < num; i++) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "CRLReason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "CRLReason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "revoked"); return 1; }
/*** parse x509_req object as table @function parse @tparam[opt=true] shortname default will use short object name @treturn table result */ static LUA_FUNCTION(openssl_csr_parse) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME *subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); { const ASN1_BIT_STRING *sig = NULL; const X509_ALGOR *alg = NULL; X509_REQ_get0_signature(csr, &sig, &alg); openssl_push_asn1(L, sig, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); alg = X509_ALGOR_dup((X509_ALGOR *)alg); PUSH_OBJECT(alg, "openssl.x509_algor"); lua_setfield(L, -2, "sig_alg"); } lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr); ASN1_OBJECT *oalg = NULL; int c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { int i; lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub)) { openssl_push_asn1object(L, oalg); lua_setfield(L, -2, "algorithm"); } AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }