static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, int utf8) { int arttype; size_t len; int nid; const char* data; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); lua_getfield(L, idx, "type"); arttype = openssl_get_asn1type(L, -1); lua_pop(L, 1); lua_getfield(L, idx, "value"); if(lua_isuserdata(L, -1)) { ASN1_STRING* value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string"); data = ASN1_STRING_data(value); len = ASN1_STRING_length(value); }else data = luaL_checklstring(L, idx, &len); lua_pop(L, 1); return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len); }
static int openssl_xext_object(lua_State* L) { X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension"); ASN1_OBJECT* obj; if(lua_isnone(L, 2)){ obj = X509_EXTENSION_get_object(x); PUSH_OBJECT(OBJ_nid2obj(obj->nid), "openssl.asn1_object"); return 1; } else { int nid = openssl_get_nid(L, 2); int ret; obj = OBJ_nid2obj(nid); ret = X509_EXTENSION_set_object(x, obj); return openssl_pushresult(L, ret); } };
static int openssl_xname_add_entry(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int nid = openssl_get_nid(L, 2); size_t size; const char*value = luaL_checklstring(L, 3, &size); int utf8 = lua_isnoneornil(L, 4) ? 1 : lua_toboolean(L, 4); int ret; if (nid==NID_undef) { lua_pushfstring(L, "(%s) is not a valid object identity", lua_tostring(L,2)); luaL_argerror(L, 2, lua_tostring(L, -1)); } ret = X509_NAME_add_entry_by_NID(xn, nid, utf8 ? MBSTRING_UTF8 : MBSTRING_ASC, (unsigned char*)value, (int)size,-1, 0); if (ret!=1) { luaL_error(L, "%s=%s can't add to X509 name", lua_tostring(L,2),value); }; return openssl_pushresult(L, ret); };
static int openssl_xname_get_text(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int nid = openssl_get_nid(L, 2); int lastpos = luaL_optint(L, 3, -1); X509_NAME_ENTRY *e; ASN1_STRING *s; if (nid == NID_undef) return 0; lastpos = X509_NAME_get_index_by_NID(xn, nid, lastpos); if (lastpos == -1) return 0; e = X509_NAME_get_entry(xn, lastpos); s = X509_NAME_ENTRY_get_data(e); lua_pushlstring(L, (const char *)ASN1_STRING_data(s), ASN1_STRING_length(s)); lua_pushinteger(L, lastpos); return 2; };
static int openssl_xattr_object(lua_State*L) { X509_ATTRIBUTE* attr = CHECK_OBJECT(1, X509_ATTRIBUTE, "openssl.x509_attribute"); if (lua_isnone(L, 2)) { ASN1_OBJECT* obj = X509_ATTRIBUTE_get0_object(attr); openssl_push_asn1object(L, obj); return 1; } else { int nid = openssl_get_nid(L, 2); ASN1_OBJECT* obj; int ret; luaL_argcheck(L, nid != NID_undef, 2, "invalid asn1_object identity"); obj = OBJ_nid2obj(nid); ret = X509_ATTRIBUTE_set1_object(attr, obj); return openssl_pushresult(L, ret); } }
static int openssl_ts_req_policy_id(lua_State*L) { TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req"); if (lua_isnone(L, 2)) { ASN1_OBJECT* obj = TS_REQ_get_policy_id(req); openssl_push_asn1object(L, obj); ASN1_OBJECT_free(obj); return 1; } else { int nid = openssl_get_nid(L, 2); ASN1_OBJECT* obj; int ret; luaL_argcheck(L, nid != NID_undef, 2, "must be asn1_object object identified"); obj = OBJ_nid2obj(nid); ret = TS_REQ_set_policy_id(req, obj); return openssl_pushresult(L, ret); } }
static int openssl_new_xname(lua_State*L, X509_NAME* xname, int idx, int utf8) { int i, n; luaL_checktable(L, idx); luaL_argcheck(L, lua_istable(L, idx) && lua_rawlen(L, idx) > 0, idx, "must be not empty table as array"); n = lua_rawlen(L, idx); for (i = 0; i < n; i++) { lua_rawgeti(L, idx, i + 1); lua_pushnil(L); while (lua_next(L, -2) != 0) { size_t size; const char *value; int ret; int nid = openssl_get_nid(L, -2); value = luaL_checklstring(L, -1, &size); if (nid == NID_undef) { lua_pushfstring(L, "node at %d which key (%s) is not a valid object identity", i + 1, lua_tostring(L, -2)); luaL_argerror(L, idx, lua_tostring(L, -1)); } ret = X509_NAME_add_entry_by_NID(xname, nid, utf8 ? MBSTRING_UTF8 : MBSTRING_ASC, (unsigned char*)value, (int)size, -1, 0); if (ret != 1) { lua_pushfstring(L, "node at %d which %s=%s can't add to X509 name", i + 1, lua_tostring(L, -2), value); luaL_argerror(L, idx, lua_tostring(L, -1)); } lua_pop(L, 1); } } return 0; }
static X509_EXTENSION* openssl_new_xextension(lua_State*L, X509_EXTENSION** x, int idx, int utf8) { int nid; ASN1_OCTET_STRING* value; int critical = 0; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); if (nid==NID_undef) { lua_pushfstring(L, "%s is not valid object id",lua_tostring(L, -1)); luaL_argerror(L, idx, lua_tostring(L,-1)); } lua_getfield(L, idx, "value"); value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string"); lua_pop(L, 1); lua_getfield(L, idx, "critical"); critical = lua_isnil(L,-1) ? 0 : lua_toboolean(L, -1); lua_pop(L, 1); return X509_EXTENSION_create_by_NID(x, nid, critical, ASN1_STRING_dup(value)); }
static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, const char* eprefix) { int arttype; size_t len; int nid; const char* data; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); if (nid == NID_undef) { if (eprefix) { luaL_error(L, "%s field object is invalid value", eprefix); } else luaL_argcheck(L, nid != NID_undef, idx, "field object is invalid value"); } lua_pop(L, 1); lua_getfield(L, idx, "type"); arttype = luaL_checkint(L, -1); if (arttype == V_ASN1_UNDEF || arttype == 0) { if (eprefix) { luaL_error(L, "%s field type is not invalid value", eprefix); } else luaL_argcheck(L, nid != NID_undef, idx, "field type is not invalid value"); } lua_pop(L, 1); lua_getfield(L, idx, "value"); if (lua_isstring(L, -1)) { data = lua_tolstring(L, -1, &len); } else if (auxiliar_isgroup(L, "openssl.asn1group", -1)) { ASN1_STRING* value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group"); if (ASN1_STRING_type(value) != arttype) { if (eprefix) luaL_error(L, "%s field value not match type", eprefix); else luaL_argcheck(L, ASN1_STRING_type(value) == arttype, idx, "field value not match type"); } data = (const char *)ASN1_STRING_data(value); len = ASN1_STRING_length(value); } else { if (eprefix) { luaL_error(L, "%s filed value only accept string or asn1_string", eprefix); } else luaL_argerror(L, idx, "filed value only accept string or asn1_string"); } lua_pop(L, 1); return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len); }
static int openssl_xext_support(lua_State*L) { static const int supported_nids[] = { NID_netscape_cert_type, /* 71 */ NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ #ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ #endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ NID_policy_mappings, /* 747 */ NID_inhibit_any_policy /* 748 */ }; if (lua_isnoneornil(L, 1)) { int count = sizeof(supported_nids) / sizeof(int); int i, nid; lua_newtable(L); for (i = 0; i < count; i++) { nid = supported_nids[i]; lua_newtable(L); lua_pushstring(L, OBJ_nid2ln(nid)); lua_setfield(L, -2, "lname"); lua_pushstring(L, OBJ_nid2sn(nid)); lua_setfield(L, -2, "sname"); lua_pushinteger(L, nid); lua_setfield(L, -2, "nid"); lua_rawseti(L, -2, i + 1); }; return 1; } else if (auxiliar_isclass(L, "openssl.x509_extension", 1)) { X509_EXTENSION* ext = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension"); int ret = X509_supported_extension(ext); lua_pushboolean(L, ret); return 1; } else { int i; int ex_nid = openssl_get_nid(L, 1); if (ex_nid == NID_undef) return 0; for (i = 0; i < sizeof(supported_nids) / sizeof(int); i++) { if (supported_nids[i] == ex_nid) break; } lua_pushboolean(L, i < sizeof(supported_nids) / sizeof(int)); return 1; } }
static X509_EXTENSION* openssl_new_xextension(lua_State*L, int idx, int v3) { int nid; int critical = 0; ASN1_OCTET_STRING* value = NULL; X509_EXTENSION* y = NULL; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); lua_getfield(L, idx, "critical"); critical = lua_isnil(L, -1) ? 0 : lua_toboolean(L, -1); lua_pop(L, 1); if (nid == NID_undef) { lua_pushfstring(L, "%s is not valid object id", lua_tostring(L, -1)); luaL_argerror(L, idx, lua_tostring(L, -1)); } lua_getfield(L, idx, "value"); luaL_argcheck(L, lua_isstring(L, -1) || auxiliar_isgroup(L, "openssl.asn1group", -1), 1, "field value must be string or openssl.asn1group object"); if (lua_isstring(L, -1)) { size_t size; const char* data = lua_tolstring(L, -1, &size); if (v3) { const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(nid); if (method) { void *ext_struc = NULL; STACK_OF(CONF_VALUE) *nval = X509V3_parse_list(data); /* Now get internal extension representation based on type */ if (method->v2i && nval) { if (sk_CONF_VALUE_num(nval) > 0) { ext_struc = method->v2i(method, NULL, nval); } } else if (method->s2i) { ext_struc = method->s2i(method, NULL, data); } if (nval) sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); if (ext_struc) { unsigned char *ext_der = NULL; int ext_len; /* Convert internal representation to DER */ if (method->it) { ext_der = NULL; ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) { ext_der = NULL; } } else { ext_len = method->i2d(ext_struc, NULL); ext_der = OPENSSL_malloc(ext_len); if (ext_der) { unsigned char* p = ext_der; method->i2d(ext_struc, &p); } } if (ext_der) { value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(value, ext_der, ext_len); } else value = NULL; if (method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); else method->ext_free(ext_struc); } } } else { value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(value, data, size); } if (value) { y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value); ASN1_STRING_free(value); return y; } else { luaL_error(L, "don't support object(%s) with value (%s)", OBJ_nid2ln(nid), data); return NULL; } } else { value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group"); y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value); lua_pop(L, 1); return y; } }