Skip to content

Commit

Permalink
feat(x509.extension) add ability to convert to other data type
Browse files Browse the repository at this point in the history
  • Loading branch information
fffonion committed Aug 26, 2020
1 parent baefcb0 commit 15a5c7f
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 4 deletions.
3 changes: 1 addition & 2 deletions lib/resty/openssl/x509/altname.lua
Original file line number Diff line number Diff line change
Expand Up @@ -180,9 +180,8 @@ _M.count = mt.__len

-- for use of test only
function _M:_tostring()
local all = self:all()
local values = {}
for k, v in pairs(all) do
for k, v in pairs(self) do
table.insert(values, k .. "=" .. v)
end
table.sort(values)
Expand Down
31 changes: 31 additions & 0 deletions lib/resty/openssl/x509/extension.lua
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@ local ffi = require "ffi"
local C = ffi.C
local ffi_gc = ffi.gc
local ffi_new = ffi.new
local ffi_cast = ffi.cast

require "resty.openssl.include.x509"
require "resty.openssl.include.x509.extension"
local objects_lib = require "resty.openssl.objects"
local stack_lib = require("resty.openssl.stack")
local util = require "resty.openssl.util"
local format_error = require("resty.openssl.err").format_error

Expand Down Expand Up @@ -103,6 +105,35 @@ function _M.from_data(any, nid, crit)
return self, nil
end

local NID_subject_alt_name = C.OBJ_sn2nid("subjectAltName")
assert(NID_subject_alt_name ~= 0)

function _M.to_data(extension, nid)
if not _M.istype(extension) then
return nil, "x509.extension.dup: expect a x509.extension ctx at #1"
elseif type(nid) ~= "number" then
return nil, "x509.extension.to_data: expect a table at #2"
end

local void_ptr = C.X509V3_EXT_d2i(extension.ctx)
if void_ptr == nil then
return nil, format_error("x509.extension:to_data: X509V3_EXT_d2i")
end

if nid == NID_subject_alt_name then
-- Note: here we only free the stack itself not elements
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
ffi_gc(void_ptr, stack_lib.gc_of("GENERAL_NAME"))
local got = ffi_cast("GENERAL_NAMES*", void_ptr)
local lib = require("resty.openssl.x509.altname")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
end

return nil, string.format("x509.extension:to_data: don't know how to convert to NID %d", nid)
end

function _M:get_object()
-- retruns the internal pointer
local asn1 = C.X509_EXTENSION_get_object(self.ctx)
Expand Down
2 changes: 1 addition & 1 deletion scripts/type_x509.py
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@
"type": "x509.altname",
"dup": True,
"extension": "subjectAltName",
"sample_printable": 'DNS=www.github.com',
"sample_printable": 'DNS=github.com/DNS=www.github.com',
"get_converter": '''
-- Note: here we only free the stack itself not elements
-- since there seems no way to increase ref count for a GENERAL_NAME
Expand Down
2 changes: 1 addition & 1 deletion t/openssl/x509.t
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,7 @@ SwIDAQAB
--- request
GET /t
--- response_body eval
"DNS=www.github.com"
"DNS=github.com/DNS=www.github.com"
--- no_error_log
[error]

Expand Down
23 changes: 23 additions & 0 deletions t/openssl/x509/extension.t
Original file line number Diff line number Diff line change
Expand Up @@ -195,3 +195,26 @@ DNS:test.com, DNS:test2.com
'
--- no_error_log
[error]

=== TEST 8: Convert extension to data
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname").new()
altname:add("DNS", "test.com")
altname:add("DNS", "test2.com")
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.from_data(altname, 85, false))
local alt2 = myassert(extension.to_data(c, 85))
ngx.say(alt2:_tostring())
}
}
--- request
GET /t
--- response_body_like eval
'DNS=test.com/DNS=test2.com
'
--- no_error_log
[error]

0 comments on commit 15a5c7f

Please sign in to comment.