static int openssl_revoked_info(lua_State* L)
{
X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked");
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L, -2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L, -2, "revocationDate");
if (revoked->extensions)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, revoked->extensions);
lua_rawset(L, -3);
}
return 1;
};
static int openssl_revoked_revocationDate(lua_State* L)
{
X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_pushinteger(L, (LUA_INTEGER)ASN1_GetTimeT(revoked->revocationDate));
return 2;
}
static LUA_FUNCTION(openssl_crl_get)
{
X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int i = 0;
X509_REVOKED *revoked = NULL;
if (lua_isinteger(L, 2))
{
i = lua_tointeger(L, 2);
luaL_argcheck(L, (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)), 2, "Out of range");
revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
}
else
{
ASN1_STRING *sn = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_integer");
int cnt = sk_X509_REVOKED_num(crl->crl->revoked);
for (i = 0; i < cnt; i++)
{
X509_REVOKED *rev = sk_X509_REVOKED_value(crl->crl->revoked, i);
if (ASN1_STRING_cmp(rev->serialNumber, sn) == 0)
{
revoked = rev;
break;
}
}
}
if (revoked)
{
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "code", revoked->reason, number);
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "code", ASN1_ENUMERATED_get(reason), number);
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L, -2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L, -2, "revocationDate");
if (crl->crl->extensions)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, crl->crl->extensions);
lua_rawset(L, -3);
}
}
else
lua_pushnil(L);
return 1;
}
static LUA_FUNCTION(openssl_crl_updateTime)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
ASN1_TIME *ltm, *ntm;
ltm = X509_CRL_get_lastUpdate(crl);
ntm = X509_CRL_get_nextUpdate(crl);
PUSH_ASN1_TIME(L, ltm);
PUSH_ASN1_TIME(L, ntm);
return 2;
}
else
{
ASN1_TIME *ltm, *ntm;
int ret = 0;
time_t last, next;
if (lua_gettop(L) == 2)
{
time(&last);
next = last + luaL_checkint(L, 2);
}
else
{
last = luaL_checkint(L, 2);
next = last + luaL_checkint(L, 3);
luaL_argcheck(L, next > last, 3, "value must after #2");
}
ltm = ASN1_TIME_new();
ASN1_TIME_set(ltm, last);
ntm = ASN1_TIME_new();
ASN1_TIME_set(ntm, next);
ret = X509_CRL_set_lastUpdate(crl, ltm);
if (ret == 1)
ret = X509_CRL_set_nextUpdate(crl, ntm);
ASN1_TIME_free(ltm);
ASN1_TIME_free(ntm);
openssl_pushresult(L, ret);
return 1;
}
}
static int openssl_revoked2table(lua_State*L, X509_REVOKED *revoked)
{
int reason = openssl_x509_revoked_get_reason(revoked);
lua_newtable(L);
AUXILIAR_SET(L, -1, "code", reason, number);
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(reason), string);
PUSH_ASN1_INTEGER(L, X509_REVOKED_get0_serialNumber(revoked));
lua_setfield(L, -2, "serialNumber");
PUSH_ASN1_TIME(L, X509_REVOKED_get0_revocationDate(revoked));
lua_setfield(L, -2, "revocationDate");
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, X509_REVOKED_get0_extensions(revoked));
lua_rawset(L, -3);
return 1;
}
static LUA_FUNCTION(openssl_crl_nextUpdate)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
ASN1_TIME *tm = X509_CRL_get_nextUpdate(crl);
PUSH_ASN1_TIME(L, tm);
return 1;
}
else
{
int ret;
time_t time = luaL_checkint(L, 2);
ASN1_TIME *tm = ASN1_TIME_new();
ASN1_TIME_set(tm, time);
ret = X509_CRL_set_nextUpdate(crl, tm);
ASN1_TIME_free(tm);
return openssl_pushresult(L, ret);
}
}
static LUA_FUNCTION(openssl_crl_get)
{
X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int i = luaL_checkint(L, 2);
if (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked))
{
X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L, -2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L, -2, "revocationDate");
if (crl->crl->extensions)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, crl->crl->extensions);
lua_rawset(L, -3);
}
return 1;
}
else
lua_pushnil(L);
return 1;
}
static LUA_FUNCTION(openssl_crl_parse)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
int n, i;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer);
/* hash as used in CA directories to lookup cert by subject name */
{
char buf[32];
snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl)));
AUXILIAR_SET(L, -1, "hash", buf, string);
}
{
const EVP_MD *digest = EVP_get_digestbyname("sha1");
unsigned char md[EVP_MAX_MD_SIZE];
int n = sizeof(md);
if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n))
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string);
AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n);
lua_setfield(L, -2, "fingerprint");
}
}
openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
lua_setfield(L, -2, "issuer");
PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl));
lua_setfield(L, -2, "lastUpdate");
PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl));
lua_setfield(L, -2, "nextUpdate");
openssl_push_x509_algor(L, crl->crl->sig_alg);
lua_setfield(L, -2, "sig_alg");
PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL));
lua_setfield(L, -2, "crl_number");
PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L, -2, "extensions");
n = sk_X509_REVOKED_num(crl->crl->revoked);
lua_newtable(L);
for (i = 0; i < n; i++)
{
X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L,-2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L,-2, "revocationDate");
PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "revoked");
return 1;
}