static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, int utf8)
{
int arttype;
size_t len;
int nid;
const char* data;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "type");
arttype = openssl_get_asn1type(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "value");
if(lua_isuserdata(L, -1))
{
ASN1_STRING* value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string");
data = ASN1_STRING_data(value);
len = ASN1_STRING_length(value);
}else
data = luaL_checklstring(L, idx, &len);
lua_pop(L, 1);
return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len);
}
static int openssl_xext_object(lua_State* L)
{
X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
ASN1_OBJECT* obj;
if(lua_isnone(L, 2)){
obj = X509_EXTENSION_get_object(x);
PUSH_OBJECT(OBJ_nid2obj(obj->nid), "openssl.asn1_object");
return 1;
} else {
int nid = openssl_get_nid(L, 2);
int ret;
obj = OBJ_nid2obj(nid);
ret = X509_EXTENSION_set_object(x, obj);
return openssl_pushresult(L, ret);
}
};
static int openssl_xname_add_entry(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int nid = openssl_get_nid(L, 2);
size_t size;
const char*value = luaL_checklstring(L, 3, &size);
int utf8 = lua_isnoneornil(L, 4) ? 1 : lua_toboolean(L, 4);
int ret;
if (nid==NID_undef) {
lua_pushfstring(L, "(%s) is not a valid object identity", lua_tostring(L,2));
luaL_argerror(L, 2, lua_tostring(L, -1));
}
ret = X509_NAME_add_entry_by_NID(xn, nid, utf8 ? MBSTRING_UTF8 : MBSTRING_ASC, (unsigned char*)value, (int)size,-1, 0);
if (ret!=1)
{
luaL_error(L, "%s=%s can't add to X509 name", lua_tostring(L,2),value);
};
return openssl_pushresult(L, ret);
};
static int openssl_xname_get_text(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int nid = openssl_get_nid(L, 2);
int lastpos = luaL_optint(L, 3, -1);
X509_NAME_ENTRY *e;
ASN1_STRING *s;
if (nid == NID_undef)
return 0;
lastpos = X509_NAME_get_index_by_NID(xn, nid, lastpos);
if (lastpos == -1)
return 0;
e = X509_NAME_get_entry(xn, lastpos);
s = X509_NAME_ENTRY_get_data(e);
lua_pushlstring(L, (const char *)ASN1_STRING_data(s), ASN1_STRING_length(s));
lua_pushinteger(L, lastpos);
return 2;
};
static int openssl_xattr_object(lua_State*L)
{
X509_ATTRIBUTE* attr = CHECK_OBJECT(1, X509_ATTRIBUTE, "openssl.x509_attribute");
if (lua_isnone(L, 2))
{
ASN1_OBJECT* obj = X509_ATTRIBUTE_get0_object(attr);
openssl_push_asn1object(L, obj);
return 1;
}
else
{
int nid = openssl_get_nid(L, 2);
ASN1_OBJECT* obj;
int ret;
luaL_argcheck(L, nid != NID_undef, 2, "invalid asn1_object identity");
obj = OBJ_nid2obj(nid);
ret = X509_ATTRIBUTE_set1_object(attr, obj);
return openssl_pushresult(L, ret);
}
}
static int openssl_ts_req_policy_id(lua_State*L)
{
TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req");
if (lua_isnone(L, 2))
{
ASN1_OBJECT* obj = TS_REQ_get_policy_id(req);
openssl_push_asn1object(L, obj);
ASN1_OBJECT_free(obj);
return 1;
}
else
{
int nid = openssl_get_nid(L, 2);
ASN1_OBJECT* obj;
int ret;
luaL_argcheck(L, nid != NID_undef, 2, "must be asn1_object object identified");
obj = OBJ_nid2obj(nid);
ret = TS_REQ_set_policy_id(req, obj);
return openssl_pushresult(L, ret);
}
}
static int openssl_new_xname(lua_State*L, X509_NAME* xname, int idx, int utf8)
{
int i, n;
luaL_checktable(L, idx);
luaL_argcheck(L, lua_istable(L, idx) && lua_rawlen(L, idx) > 0, idx,
"must be not empty table as array");
n = lua_rawlen(L, idx);
for (i = 0; i < n; i++)
{
lua_rawgeti(L, idx, i + 1);
lua_pushnil(L);
while (lua_next(L, -2) != 0)
{
size_t size;
const char *value;
int ret;
int nid = openssl_get_nid(L, -2);
value = luaL_checklstring(L, -1, &size);
if (nid == NID_undef)
{
lua_pushfstring(L, "node at %d which key (%s) is not a valid object identity",
i + 1, lua_tostring(L, -2));
luaL_argerror(L, idx, lua_tostring(L, -1));
}
ret = X509_NAME_add_entry_by_NID(xname, nid, utf8 ? MBSTRING_UTF8 : MBSTRING_ASC, (unsigned char*)value, (int)size, -1, 0);
if (ret != 1)
{
lua_pushfstring(L, "node at %d which %s=%s can't add to X509 name",
i + 1, lua_tostring(L, -2), value);
luaL_argerror(L, idx, lua_tostring(L, -1));
}
lua_pop(L, 1);
}
}
return 0;
}
static X509_EXTENSION* openssl_new_xextension(lua_State*L, X509_EXTENSION** x, int idx, int utf8)
{
int nid;
ASN1_OCTET_STRING* value;
int critical = 0;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
if (nid==NID_undef) {
lua_pushfstring(L, "%s is not valid object id",lua_tostring(L, -1));
luaL_argerror(L, idx, lua_tostring(L,-1));
}
lua_getfield(L, idx, "value");
value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string");
lua_pop(L, 1);
lua_getfield(L, idx, "critical");
critical = lua_isnil(L,-1) ? 0 : lua_toboolean(L, -1);
lua_pop(L, 1);
return X509_EXTENSION_create_by_NID(x, nid, critical, ASN1_STRING_dup(value));
}
static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, const char* eprefix)
{
int arttype;
size_t len;
int nid;
const char* data;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
if (nid == NID_undef)
{
if (eprefix)
{
luaL_error(L, "%s field object is invalid value", eprefix);
}
else
luaL_argcheck(L, nid != NID_undef, idx, "field object is invalid value");
}
lua_pop(L, 1);
lua_getfield(L, idx, "type");
arttype = luaL_checkint(L, -1);
if (arttype == V_ASN1_UNDEF || arttype == 0)
{
if (eprefix)
{
luaL_error(L, "%s field type is not invalid value", eprefix);
}
else
luaL_argcheck(L, nid != NID_undef, idx, "field type is not invalid value");
}
lua_pop(L, 1);
lua_getfield(L, idx, "value");
if (lua_isstring(L, -1))
{
data = lua_tolstring(L, -1, &len);
}
else if (auxiliar_isgroup(L, "openssl.asn1group", -1))
{
ASN1_STRING* value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group");
if (ASN1_STRING_type(value) != arttype)
{
if (eprefix)
luaL_error(L, "%s field value not match type", eprefix);
else
luaL_argcheck(L, ASN1_STRING_type(value) == arttype, idx, "field value not match type");
}
data = (const char *)ASN1_STRING_data(value);
len = ASN1_STRING_length(value);
}
else
{
if (eprefix)
{
luaL_error(L, "%s filed value only accept string or asn1_string", eprefix);
}
else
luaL_argerror(L, idx, "filed value only accept string or asn1_string");
}
lua_pop(L, 1);
return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len);
}
static int openssl_xext_support(lua_State*L)
{
static const int supported_nids[] =
{
NID_netscape_cert_type, /* 71 */
NID_key_usage, /* 83 */
NID_subject_alt_name, /* 85 */
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
NID_policy_mappings, /* 747 */
NID_inhibit_any_policy /* 748 */
};
if (lua_isnoneornil(L, 1))
{
int count = sizeof(supported_nids) / sizeof(int);
int i, nid;
lua_newtable(L);
for (i = 0; i < count; i++)
{
nid = supported_nids[i];
lua_newtable(L);
lua_pushstring(L, OBJ_nid2ln(nid));
lua_setfield(L, -2, "lname");
lua_pushstring(L, OBJ_nid2sn(nid));
lua_setfield(L, -2, "sname");
lua_pushinteger(L, nid);
lua_setfield(L, -2, "nid");
lua_rawseti(L, -2, i + 1);
};
return 1;
}
else if (auxiliar_isclass(L, "openssl.x509_extension", 1))
{
X509_EXTENSION* ext = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
int ret = X509_supported_extension(ext);
lua_pushboolean(L, ret);
return 1;
}
else
{
int i;
int ex_nid = openssl_get_nid(L, 1);
if (ex_nid == NID_undef)
return 0;
for (i = 0; i < sizeof(supported_nids) / sizeof(int); i++)
{
if (supported_nids[i] == ex_nid)
break;
}
lua_pushboolean(L, i < sizeof(supported_nids) / sizeof(int));
return 1;
}
}
static X509_EXTENSION* openssl_new_xextension(lua_State*L, int idx, int v3)
{
int nid;
int critical = 0;
ASN1_OCTET_STRING* value = NULL;
X509_EXTENSION* y = NULL;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "critical");
critical = lua_isnil(L, -1) ? 0 : lua_toboolean(L, -1);
lua_pop(L, 1);
if (nid == NID_undef)
{
lua_pushfstring(L, "%s is not valid object id", lua_tostring(L, -1));
luaL_argerror(L, idx, lua_tostring(L, -1));
}
lua_getfield(L, idx, "value");
luaL_argcheck(L, lua_isstring(L, -1) || auxiliar_isgroup(L, "openssl.asn1group", -1),
1, "field value must be string or openssl.asn1group object");
if (lua_isstring(L, -1))
{
size_t size;
const char* data = lua_tolstring(L, -1, &size);
if (v3)
{
const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(nid);
if (method)
{
void *ext_struc = NULL;
STACK_OF(CONF_VALUE) *nval = X509V3_parse_list(data);
/* Now get internal extension representation based on type */
if (method->v2i && nval)
{
if (sk_CONF_VALUE_num(nval) > 0)
{
ext_struc = method->v2i(method, NULL, nval);
}
}
else if (method->s2i)
{
ext_struc = method->s2i(method, NULL, data);
}
if (nval)
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
if (ext_struc)
{
unsigned char *ext_der = NULL;
int ext_len;
/* Convert internal representation to DER */
if (method->it)
{
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
if (ext_len < 0)
{
ext_der = NULL;
}
}
else
{
ext_len = method->i2d(ext_struc, NULL);
ext_der = OPENSSL_malloc(ext_len);
if (ext_der)
{
unsigned char* p = ext_der;
method->i2d(ext_struc, &p);
}
}
if (ext_der)
{
value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(value, ext_der, ext_len);
}
else
value = NULL;
if (method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else method->ext_free(ext_struc);
}
}
}
else
{
value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(value, data, size);
}
if (value)
{
y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value);
ASN1_STRING_free(value);
return y;
}
else
{
luaL_error(L, "don't support object(%s) with value (%s)", OBJ_nid2ln(nid), data);
return NULL;
}
}
else
{
value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group");
y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value);
lua_pop(L, 1);
return y;
}
}
