static int openssl_xattr_totable(lua_State*L, X509_ATTRIBUTE *attr, int utf8)
{
lua_newtable(L);
openssl_push_asn1object(L, attr->object);
lua_setfield(L, -2, "object");
AUXILIAR_SET(L, -1, "single", attr->single, boolean);
if (attr->single)
{
openssl_push_asn1type(L, attr->value.single);
lua_setfield(L, -2, "value");
}
else
{
int i;
lua_newtable(L);
for (i = 0; i < sk_ASN1_TYPE_num(attr->value.set); i++)
{
ASN1_TYPE* t = sk_ASN1_TYPE_value(attr->value.set, i);
openssl_push_asn1type(L, t);
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "value");
}
return 1;
}
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME * subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
openssl_push_x509_algor(L, csr->sig_alg);
lua_setfield(L, -2, "sig_alg");
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_REQ_INFO* ri = csr->req_info;
int i, c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
openssl_push_asn1object(L, ri->pubkey->algor->algorithm);
lua_setfield(L, -2, "algorithm");
AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
static int openssl_push_xname_entry(lua_State* L, X509_NAME_ENTRY* ne)
{
ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(ne);
lua_newtable(L);
openssl_push_asn1object(L, object);
PUSH_ASN1_STRING(L, X509_NAME_ENTRY_get_data(ne));
lua_settable(L, -3);
return 1;
}
static int openssl_xattr_totable(lua_State*L, X509_ATTRIBUTE *attr)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
lua_newtable(L);
openssl_push_asn1object(L, attr->object);
lua_setfield(L, -2, "object");
AUXILIAR_SET(L, -1, "single", attr->single, boolean);
if (attr->single)
{
openssl_push_asn1type(L, attr->value.single);
lua_setfield(L, -2, "value");
}
else
{
int i;
lua_newtable(L);
for (i = 0; i < sk_ASN1_TYPE_num(attr->value.set); i++)
{
ASN1_TYPE* t = sk_ASN1_TYPE_value(attr->value.set, i);
openssl_push_asn1type(L, t);
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "value");
}
return 1;
#else
int i;
lua_newtable(L);
openssl_push_asn1object(L, X509_ATTRIBUTE_get0_object(attr));
lua_setfield(L, -2, "object");
lua_newtable(L);
for (i = 0; i < X509_ATTRIBUTE_count(attr); i++)
{
ASN1_TYPE* t = X509_ATTRIBUTE_get0_type(attr, i);
openssl_push_asn1type(L, t);
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "set");
return 1;
#endif
}
int openssl_push_x509_algor(lua_State*L, const X509_ALGOR* alg)
{
lua_newtable(L);
openssl_push_asn1object(L, alg->algorithm);
lua_setfield(L, -2, "algorithm");
if (alg->parameter)
{
openssl_push_asn1type(L, alg->parameter);
lua_setfield(L, -2, "parameter");
}
return 1;
};
static int openssl_xext_totable(lua_State* L, X509_EXTENSION *x)
{
lua_newtable(L);
openssl_push_asn1object(L, x->object);
lua_setfield(L, -2, "object");
PUSH_ASN1_OCTET_STRING(L, x->value);
lua_setfield(L, -2, "value");
AUXILIAR_SET(L, -1, "critical", x->critical, boolean);
switch (x->object->nid)
{
case NID_subject_alt_name:
{
int i;
int n_general_names;
STACK_OF(GENERAL_NAME) *values = X509V3_EXT_d2i(x);
if (values == NULL)
break;
/* Push ret[oid] */
openssl_push_asn1object(L, x->object);
lua_newtable(L);
n_general_names = sk_GENERAL_NAME_num(values);
for (i = 0; i < n_general_names; i++)
{
GENERAL_NAME *general_name = sk_GENERAL_NAME_value(values, i);
openssl_push_general_name(L, general_name);
lua_rawseti(L, -2, i + 1);
}
lua_settable(L, -3);
}
default:
break;
}
return 1;
};
/***
get index by give asn1_object or nid
@function delete_entry
@tparam integer location which name entry to delete
@treturn[1] asn1_object object that delete name entry
@treturn[1] asn1_string value that delete name entry
@treturn[2] nil delete nothing
*/
static int openssl_xname_delete_entry(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int loc = luaL_checkint(L, 2);
X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn, loc);
if (xe)
{
openssl_push_asn1object(L, X509_NAME_ENTRY_get_object(xe));
PUSH_ASN1_STRING(L, X509_NAME_ENTRY_get_data(xe));
X509_NAME_ENTRY_free(xe);
return 2;
}
else
lua_pushnil(L);
return 1;
};
static int openssl_push_xname_entry(lua_State* L, X509_NAME_ENTRY* ne, int obj)
{
ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(ne);
ASN1_STRING* value = X509_NAME_ENTRY_get_data(ne);
lua_newtable(L);
if(obj)
{
openssl_push_asn1object(L, object);
PUSH_ASN1_STRING(L, value);
}
else
{
lua_pushstring(L, OBJ_nid2sn(OBJ_obj2nid(object)));
lua_pushlstring(L, (const char*)ASN1_STRING_get0_data(value), ASN1_STRING_length(value));
}
lua_settable(L, -3);
return 1;
}
static int openssl_xattr_object(lua_State*L)
{
X509_ATTRIBUTE* attr = CHECK_OBJECT(1, X509_ATTRIBUTE, "openssl.x509_attribute");
if (lua_isnone(L, 2))
{
ASN1_OBJECT* obj = X509_ATTRIBUTE_get0_object(attr);
openssl_push_asn1object(L, obj);
return 1;
}
else
{
int nid = openssl_get_nid(L, 2);
ASN1_OBJECT* obj;
int ret;
luaL_argcheck(L, nid != NID_undef, 2, "invalid asn1_object identity");
obj = OBJ_nid2obj(nid);
ret = X509_ATTRIBUTE_set1_object(attr, obj);
return openssl_pushresult(L, ret);
}
}
static int openssl_ts_req_policy_id(lua_State*L)
{
TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req");
if (lua_isnone(L, 2))
{
ASN1_OBJECT* obj = TS_REQ_get_policy_id(req);
openssl_push_asn1object(L, obj);
ASN1_OBJECT_free(obj);
return 1;
}
else
{
int nid = openssl_get_nid(L, 2);
ASN1_OBJECT* obj;
int ret;
luaL_argcheck(L, nid != NID_undef, 2, "must be asn1_object object identified");
obj = OBJ_nid2obj(nid);
ret = TS_REQ_set_policy_id(req, obj);
return openssl_pushresult(L, ret);
}
}
static int openssl_xalgor_get(lua_State* L)
{
int type;
void* val;
ASN1_OBJECT *obj;
X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor");
X509_ALGOR_get0(&obj, &type, &val, alg);
if (obj != NULL)
{
openssl_push_asn1object(L, obj);
}
else
lua_pushnil(L);
if (type == V_ASN1_UNDEF)
lua_pushnil(L);
else
{
PUSH_ASN1_STRING(L, val);
}
return 2;
}
int openssl_push_general_name(lua_State*L, const GENERAL_NAME* general_name)
{
lua_newtable(L);
switch (general_name->type)
{
case GEN_OTHERNAME:
{
OTHERNAME *otherName = general_name->d.otherName;
lua_newtable(L);
openssl_push_asn1object(L, otherName->type_id);
PUSH_ASN1_STRING(L, otherName->value->value.asn1_string);
lua_settable(L, -3);
lua_setfield(L, -2, "otherName");
lua_pushstring(L, "otherName");
lua_setfield(L, -2, "type");
break;
}
case GEN_EMAIL:
PUSH_ASN1_STRING(L, general_name->d.rfc822Name);
lua_setfield(L, -2, "rfc822Name");
lua_pushstring(L, "rfc822Name");
lua_setfield(L, -2, "type");
break;
case GEN_DNS:
PUSH_ASN1_STRING(L, general_name->d.dNSName);
lua_setfield(L, -2, "dNSName");
lua_pushstring(L, "dNSName");
lua_setfield(L, -2, "type");
break;
case GEN_X400:
openssl_push_asn1type(L, general_name->d.x400Address);
lua_setfield(L, -2, "x400Address");
lua_pushstring(L, "x400Address");
lua_setfield(L, -2, "type");
break;
case GEN_DIRNAME:
{
X509_NAME* xn = general_name->d.directoryName;
openssl_push_xname_asobject(L, xn);
lua_setfield(L, -2, "directoryName");
lua_pushstring(L, "directoryName");
lua_setfield(L, -2, "type");
}
break;
case GEN_URI:
PUSH_ASN1_STRING(L, general_name->d.uniformResourceIdentifier);
lua_setfield(L, -2, "uniformResourceIdentifier");
lua_pushstring(L, "uniformResourceIdentifier");
lua_setfield(L, -2, "type");
break;
case GEN_IPADD:
lua_newtable(L);
PUSH_ASN1_OCTET_STRING(L, general_name->d.iPAddress);
lua_setfield(L, -2, "iPAddress");
lua_pushstring(L, "iPAddress");
lua_setfield(L, -2, "type");
break;
case GEN_EDIPARTY:
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->nameAssigner);
lua_setfield(L, -2, "nameAssigner");
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->partyName);
lua_setfield(L, -2, "partyName");
lua_setfield(L, -2, "ediPartyName");
lua_pushstring(L, "ediPartyName");
lua_setfield(L, -2, "type");
break;
case GEN_RID:
lua_newtable(L);
openssl_push_asn1object(L, general_name->d.registeredID);
lua_setfield(L, -2, "registeredID");
lua_pushstring(L, "registeredID");
lua_setfield(L, -2, "type");
break;
default:
lua_pushstring(L, "unsupport");
lua_setfield(L, -2, "type");
}
return 1;
};
/***
parse x509_req object as table
@function parse
@tparam[opt=true] shortname default will use short object name
@treturn table result
*/
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME *subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
{
const ASN1_BIT_STRING *sig = NULL;
const X509_ALGOR *alg = NULL;
X509_REQ_get0_signature(csr, &sig, &alg);
openssl_push_asn1(L, sig, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
alg = X509_ALGOR_dup((X509_ALGOR *)alg);
PUSH_OBJECT(alg, "openssl.x509_algor");
lua_setfield(L, -2, "sig_alg");
}
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr);
ASN1_OBJECT *oalg = NULL;
int c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
int i;
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub))
{
openssl_push_asn1object(L, oalg);
lua_setfield(L, -2, "algorithm");
}
AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
int openssl_xext_totable(lua_State* L, X509_EXTENSION *x, int utf8)
{
lua_newtable(L);
openssl_push_asn1object(L, x->object);
lua_setfield(L, -2, "object");
PUSH_ASN1_OCTET_STRING(L, x->value);
lua_setfield(L,-2, "value");
AUXILIAR_SET(L, -1, "critical", x->critical, boolean);
switch (x->object->nid)
{
case NID_subject_alt_name:
{
int i;
int n_general_names;
STACK_OF(GENERAL_NAME) *values = X509V3_EXT_d2i(x);
if (values == NULL)
break;
/* Push ret[oid] */
openssl_push_asn1object(L, x->object);
lua_newtable(L);
n_general_names = sk_GENERAL_NAME_num(values);
for (i = 0; i < n_general_names; i++) {
GENERAL_NAME *general_name = sk_GENERAL_NAME_value(values, i);
switch (general_name->type) {
case GEN_OTHERNAME:
{
OTHERNAME *otherName = general_name->d.otherName;
lua_newtable(L);
openssl_push_asn1object(L, otherName->type_id);
PUSH_ASN1_STRING(L, otherName->value->value.asn1_string, utf8);
lua_settable(L, -3);
lua_setfield(L, -2, "otherName");
lua_pushstring(L, "otherName");
lua_rawseti(L, -2, i+1);
break;
}
case GEN_EMAIL:
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.rfc822Name, utf8);
lua_pushstring(L, "rfc822Name");
lua_settable(L, -3);
lua_pushstring(L, "rfc822Name");
lua_rawseti(L, -2, i+1);
break;
case GEN_DNS:
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.dNSName, utf8);
lua_setfield(L, -2, "dNSName");
lua_pushstring(L, "dNSName");
lua_rawseti(L, -2, i+1);
break;
case GEN_X400:
lua_newtable(L);
openssl_push_asn1type(L, general_name->d.x400Address);
lua_setfield(L, -2, "x400Address");
lua_pushstring(L, "x400Address");
lua_rawseti(L, -2, i+1);
break;
case GEN_DIRNAME:
{
X509_NAME* xn = general_name->d.directoryName;
lua_newtable(L);
PUSH_OBJECT(X509_NAME_dup(xn), "openssl.x509_name");
lua_setfield(L, -2, "directoryName");
lua_pushstring(L, "directoryName");
lua_rawseti(L, -2, i+1);
}
break;
case GEN_URI:
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.uniformResourceIdentifier, utf8);
lua_setfield(L, -2, "uniformResourceIdentifier");
lua_pushstring(L, "uniformResourceIdentifier");
lua_rawseti(L, -2, i+1);
break;
case GEN_IPADD:
lua_newtable(L);
PUSH_ASN1_OCTET_STRING(L, general_name->d.iPAddress);
lua_setfield(L, -2, "iPAddress");
lua_pushstring(L, "iPAddress");
lua_rawseti(L, -2, i+1);
break;
case GEN_EDIPARTY:
lua_newtable(L);
lua_newtable(L);
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->nameAssigner,utf8);
lua_setfield(L, -2, "nameAssigner");
PUSH_ASN1_STRING(L, general_name->d.ediPartyName->partyName,utf8);
lua_setfield(L, -2, "partyName");
lua_setfield(L, -2, "ediPartyName");
lua_pushstring(L, "ediPartyName");
lua_rawseti(L, -2, i+1);
break;
case GEN_RID:
lua_newtable(L);
openssl_push_asn1object(L, general_name->d.registeredID);
lua_setfield(L, -2, "registeredID");
lua_pushstring(L, "registeredID");
lua_rawseti(L, -2, i+1);
break;
}
}
lua_settable(L, -3);
}
default:
break;
}
return 1;
};