static LUA_FUNCTION(openssl_crl_issuer)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
return openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
}
else if (auxiliar_isclass(L, "openssl.x509_name", 2))
{
X509_NAME* xn = CHECK_OBJECT(2, X509_NAME, "openssl.x509_name");
int ret = X509_CRL_set_issuer_name(crl, xn);
return openssl_pushresult(L, ret);
}
else if (auxiliar_isclass(L, "openssl.x509", 2))
{
X509* x = CHECK_OBJECT(2, X509, "openssl.x509");
int ret = X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x));
return openssl_pushresult(L, ret);
}
else
{
luaL_argerror(L, 2, "only accept x509 or x509_name object");
}
return 0;
}
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME * subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
openssl_push_x509_algor(L, csr->sig_alg);
lua_setfield(L, -2, "sig_alg");
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_REQ_INFO* ri = csr->req_info;
int i, c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
openssl_push_asn1object(L, ri->pubkey->algor->algorithm);
lua_setfield(L, -2, "algorithm");
AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
static LUA_FUNCTION(openssl_csr_subject)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
if (lua_isnone(L, 2))
{
X509_NAME *xn = X509_REQ_get_subject_name(csr);
if (xn)
openssl_push_xname_asobject(L, xn);
else
lua_pushnil(L);
return 1;
}
else
{
X509_NAME* xn = CHECK_OBJECT(2, X509_NAME, "openssl.x509_name");
int ret = X509_REQ_set_subject_name(csr, xn);
return openssl_pushresult(L, ret);
}
}
int openssl_push_general_name(lua_State*L, const GENERAL_NAME* general_name)
{
lua_newtable(L);
switch (general_name->type)
{
case GEN_OTHERNAME:
{
OTHERNAME *otherName = general_name->d.otherName;
lua_newtable(L);
openssl_push_asn1object(L, otherName->type_id);
PUSH_ASN1_STRING(L, otherName->value->value.asn1_string);
lua_settable(L, -3);
lua_setfield(L, -2, "otherName");
lua_pushstring(L, "otherName");
lua_setfield(L, -2, "type");
break;
}
case GEN_EMAIL:
PUSH_ASN1_STRING(L, general_name->d.rfc822Name);
lua_setfield(L, -2, "rfc822Name");
lua_pushstring(L, "rfc822Name");
lua_setfield(L, -2, "type");
break;
case GEN_DNS:
PUSH_ASN1_STRING(L, general_name->d.dNSName);
lua_setfield(L, -2, "dNSName");
lua_pushstring(L, "dNSName");
lua_setfield(L, -2, "type");
break;
case GEN_X400:
openssl_push_asn1type(L, general_name->d.x400Address);
lua_setfield(L, -2, "x400Address");
lua_pushstring(L, "x400Address");
lua_setfield(L, -2, "type");
break;
case GEN_DIRNAME:
{
X509_NAME* xn = general_name->d.directoryName;
openssl_push_xname_asobject(L, xn);
lua_setfield(L, -2, "directoryName");
lua_pushstring(L, "directoryName");
lua_setfield(L, -2, "type");
}
break;
case GEN_URI:
PUSH_ASN1_STRING(L, general_name->d.uniformResourceIdentifier);
lua_setfield(L, -2, "uniformResourceIdentifier");
lua_pushstring(L, "uniformResourceIdentifier");
lua_setfield(L, -2, "type");
break;
case GEN_IPADD:
lua_newtable(L);
PUSH_ASN1_OCTET_STRING(L, general_name->d.iPAddress);
lua_setfield(L, -2, "iPAddress");
lua_pushstring(L, "iPAddress");
lua_setfield(L, -2, "type");
break;
case GEN_EDIPARTY:
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->nameAssigner);
lua_setfield(L, -2, "nameAssigner");
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->partyName);
lua_setfield(L, -2, "partyName");
lua_setfield(L, -2, "ediPartyName");
lua_pushstring(L, "ediPartyName");
lua_setfield(L, -2, "type");
break;
case GEN_RID:
lua_newtable(L);
openssl_push_asn1object(L, general_name->d.registeredID);
lua_setfield(L, -2, "registeredID");
lua_pushstring(L, "registeredID");
lua_setfield(L, -2, "type");
break;
default:
lua_pushstring(L, "unsupport");
lua_setfield(L, -2, "type");
}
return 1;
};
static LUA_FUNCTION(openssl_crl_parse)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
int n, i;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer);
/* hash as used in CA directories to lookup cert by subject name */
{
char buf[32];
snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl)));
AUXILIAR_SET(L, -1, "hash", buf, string);
}
{
const EVP_MD *digest = EVP_get_digestbyname("sha1");
unsigned char md[EVP_MAX_MD_SIZE];
int n = sizeof(md);
if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n))
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string);
AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n);
lua_setfield(L, -2, "fingerprint");
}
}
openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
lua_setfield(L, -2, "issuer");
PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl));
lua_setfield(L, -2, "lastUpdate");
PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl));
lua_setfield(L, -2, "nextUpdate");
openssl_push_x509_algor(L, crl->crl->sig_alg);
lua_setfield(L, -2, "sig_alg");
PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL));
lua_setfield(L, -2, "crl_number");
PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L, -2, "extensions");
n = sk_X509_REVOKED_num(crl->crl->revoked);
lua_newtable(L);
for (i = 0; i < n; i++)
{
X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L,-2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L,-2, "revocationDate");
PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "revoked");
return 1;
}
/***
parse x509_req object as table
@function parse
@tparam[opt=true] shortname default will use short object name
@treturn table result
*/
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME *subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
{
const ASN1_BIT_STRING *sig = NULL;
const X509_ALGOR *alg = NULL;
X509_REQ_get0_signature(csr, &sig, &alg);
openssl_push_asn1(L, sig, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
alg = X509_ALGOR_dup((X509_ALGOR *)alg);
PUSH_OBJECT(alg, "openssl.x509_algor");
lua_setfield(L, -2, "sig_alg");
}
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr);
ASN1_OBJECT *oalg = NULL;
int c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
int i;
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub))
{
openssl_push_asn1object(L, oalg);
lua_setfield(L, -2, "algorithm");
}
AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
