static LUA_FUNCTION(openssl_crl_issuer) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); if (lua_isnone(L, 2)) { return openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl)); } else if (auxiliar_isclass(L, "openssl.x509_name", 2)) { X509_NAME* xn = CHECK_OBJECT(2, X509_NAME, "openssl.x509_name"); int ret = X509_CRL_set_issuer_name(crl, xn); return openssl_pushresult(L, ret); } else if (auxiliar_isclass(L, "openssl.x509", 2)) { X509* x = CHECK_OBJECT(2, X509, "openssl.x509"); int ret = X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x)); return openssl_pushresult(L, ret); } else { luaL_argerror(L, 2, "only accept x509 or x509_name object"); } return 0; }
static LUA_FUNCTION(openssl_csr_parse) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME * subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); openssl_push_x509_algor(L, csr->sig_alg); lua_setfield(L, -2, "sig_alg"); lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_REQ_INFO* ri = csr->req_info; int i, c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); openssl_push_asn1object(L, ri->pubkey->algor->algorithm); lua_setfield(L, -2, "algorithm"); AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }
static LUA_FUNCTION(openssl_csr_subject) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); if (lua_isnone(L, 2)) { X509_NAME *xn = X509_REQ_get_subject_name(csr); if (xn) openssl_push_xname_asobject(L, xn); else lua_pushnil(L); return 1; } else { X509_NAME* xn = CHECK_OBJECT(2, X509_NAME, "openssl.x509_name"); int ret = X509_REQ_set_subject_name(csr, xn); return openssl_pushresult(L, ret); } }
int openssl_push_general_name(lua_State*L, const GENERAL_NAME* general_name) { lua_newtable(L); switch (general_name->type) { case GEN_OTHERNAME: { OTHERNAME *otherName = general_name->d.otherName; lua_newtable(L); openssl_push_asn1object(L, otherName->type_id); PUSH_ASN1_STRING(L, otherName->value->value.asn1_string); lua_settable(L, -3); lua_setfield(L, -2, "otherName"); lua_pushstring(L, "otherName"); lua_setfield(L, -2, "type"); break; } case GEN_EMAIL: PUSH_ASN1_STRING(L, general_name->d.rfc822Name); lua_setfield(L, -2, "rfc822Name"); lua_pushstring(L, "rfc822Name"); lua_setfield(L, -2, "type"); break; case GEN_DNS: PUSH_ASN1_STRING(L, general_name->d.dNSName); lua_setfield(L, -2, "dNSName"); lua_pushstring(L, "dNSName"); lua_setfield(L, -2, "type"); break; case GEN_X400: openssl_push_asn1type(L, general_name->d.x400Address); lua_setfield(L, -2, "x400Address"); lua_pushstring(L, "x400Address"); lua_setfield(L, -2, "type"); break; case GEN_DIRNAME: { X509_NAME* xn = general_name->d.directoryName; openssl_push_xname_asobject(L, xn); lua_setfield(L, -2, "directoryName"); lua_pushstring(L, "directoryName"); lua_setfield(L, -2, "type"); } break; case GEN_URI: PUSH_ASN1_STRING(L, general_name->d.uniformResourceIdentifier); lua_setfield(L, -2, "uniformResourceIdentifier"); lua_pushstring(L, "uniformResourceIdentifier"); lua_setfield(L, -2, "type"); break; case GEN_IPADD: lua_newtable(L); PUSH_ASN1_OCTET_STRING(L, general_name->d.iPAddress); lua_setfield(L, -2, "iPAddress"); lua_pushstring(L, "iPAddress"); lua_setfield(L, -2, "type"); break; case GEN_EDIPARTY: lua_newtable(L); PUSH_ASN1_STRING(L, general_name->d.ediPartyName->nameAssigner); lua_setfield(L, -2, "nameAssigner"); PUSH_ASN1_STRING(L, general_name->d.ediPartyName->partyName); lua_setfield(L, -2, "partyName"); lua_setfield(L, -2, "ediPartyName"); lua_pushstring(L, "ediPartyName"); lua_setfield(L, -2, "type"); break; case GEN_RID: lua_newtable(L); openssl_push_asn1object(L, general_name->d.registeredID); lua_setfield(L, -2, "registeredID"); lua_pushstring(L, "registeredID"); lua_setfield(L, -2, "type"); break; default: lua_pushstring(L, "unsupport"); lua_setfield(L, -2, "type"); } return 1; };
static LUA_FUNCTION(openssl_crl_parse) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); int n, i; lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer); /* hash as used in CA directories to lookup cert by subject name */ { char buf[32]; snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl))); AUXILIAR_SET(L, -1, "hash", buf, string); } { const EVP_MD *digest = EVP_get_digestbyname("sha1"); unsigned char md[EVP_MAX_MD_SIZE]; int n = sizeof(md); if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n)) { lua_newtable(L); AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string); AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n); lua_setfield(L, -2, "fingerprint"); } } openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl)); lua_setfield(L, -2, "issuer"); PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl)); lua_setfield(L, -2, "lastUpdate"); PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl)); lua_setfield(L, -2, "nextUpdate"); openssl_push_x509_algor(L, crl->crl->sig_alg); lua_setfield(L, -2, "sig_alg"); PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL)); lua_setfield(L, -2, "crl_number"); PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L, -2, "extensions"); n = sk_X509_REVOKED_num(crl->crl->revoked); lua_newtable(L); for (i = 0; i < n; i++) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L,-2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L,-2, "revocationDate"); PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L,-2, "extensions"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "revoked"); return 1; }
/*** parse x509_req object as table @function parse @tparam[opt=true] shortname default will use short object name @treturn table result */ static LUA_FUNCTION(openssl_csr_parse) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME *subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); { const ASN1_BIT_STRING *sig = NULL; const X509_ALGOR *alg = NULL; X509_REQ_get0_signature(csr, &sig, &alg); openssl_push_asn1(L, sig, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); alg = X509_ALGOR_dup((X509_ALGOR *)alg); PUSH_OBJECT(alg, "openssl.x509_algor"); lua_setfield(L, -2, "sig_alg"); } lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr); ASN1_OBJECT *oalg = NULL; int c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { int i; lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub)) { openssl_push_asn1object(L, oalg); lua_setfield(L, -2, "algorithm"); } AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }