diff options
Diffstat (limited to 'server/resty/openssl/x509/revoked.lua')
| -rw-r--r-- | server/resty/openssl/x509/revoked.lua | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/server/resty/openssl/x509/revoked.lua b/server/resty/openssl/x509/revoked.lua deleted file mode 100644 index 9762200..0000000 --- a/server/resty/openssl/x509/revoked.lua +++ /dev/null @@ -1,108 +0,0 @@ -local ffi = require "ffi" -local C = ffi.C -local ffi_gc = ffi.gc - -require "resty.openssl.include.x509.crl" -require "resty.openssl.include.x509.revoked" -local bn_lib = require("resty.openssl.bn") -local format_error = require("resty.openssl.err").format_error - -local _M = {} -local mt = { __index = _M } - -local x509_revoked_ptr_ct = ffi.typeof('X509_REVOKED*') - -local NID_crl_reason = C.OBJ_txt2nid("CRLReason") -assert(NID_crl_reason > 0) - ---- Creates new instance of X509_REVOKED data --- @tparam bn|number sn Serial number as number or bn instance --- @tparam number time Revocation time --- @tparam number reason Revocation reason --- @treturn table instance of the module or nil --- @treturn[opt] string Returns optional error message in case of error -function _M.new(sn, time, reason) - --- only convert to bn if it is number - if type(sn) == "number"then - sn = bn_lib.new(sn) - end - if not bn_lib.istype(sn) then - return nil, "x509.revoked.new: sn should be number or a bn instance" - end - - if type(time) ~= "number" then - return nil, "x509.revoked.new: expect a number at #2" - end - if type(reason) ~= "number" then - return nil, "x509.revoked.new: expect a number at #3" - end - - local ctx = C.X509_REVOKED_new() - ffi_gc(ctx, C.X509_REVOKED_free) - - -- serial number - local sn_asn1 = C.BN_to_ASN1_INTEGER(sn.ctx, nil) - if sn_asn1 == nil then - return nil, "x509.revoked.new: BN_to_ASN1_INTEGER() failed" - end - ffi_gc(sn_asn1, C.ASN1_INTEGER_free) - - if C.X509_REVOKED_set_serialNumber(ctx, sn_asn1) == 0 then - return nil, format_error("x509.revoked.new: X509_REVOKED_set_serialNumber()") - end - - -- time - time = C.ASN1_TIME_set(nil, time) - if time == nil then - return nil, format_error("x509.revoked.new: ASN1_TIME_set()") - end - ffi_gc(time, C.ASN1_STRING_free) - - if C.X509_REVOKED_set_revocationDate(ctx, time) == 0 then - return nil, format_error("x509.revoked.new: X509_REVOKED_set_revocationDate()") - end - - -- reason - local reason_asn1 = C.ASN1_ENUMERATED_new() - if reason_asn1 == nil then - return nil, "x509.revoked.new: ASN1_ENUMERATED_new() failed" - end - ffi_gc(reason_asn1, C.ASN1_ENUMERATED_free) - - local reason_ext = C.X509_EXTENSION_new() - if reason_ext == nil then - return nil, "x509.revoked.new: X509_EXTENSION_new() failed" - end - ffi_gc(reason_ext, C.X509_EXTENSION_free) - - if C.ASN1_ENUMERATED_set(reason_asn1, reason) == 0 then - return nil, format_error("x509.revoked.new: ASN1_ENUMERATED_set()") - end - - if C.X509_EXTENSION_set_data(reason_ext, reason_asn1) == 0 then - return nil, format_error("x509.revoked.new: X509_EXTENSION_set_data()") - end - - if C.X509_EXTENSION_set_object(reason_ext, C.OBJ_nid2obj(NID_crl_reason)) == 0 then - return nil, format_error("x509.revoked.new: X509_EXTENSION_set_object()") - end - - if C.X509_REVOKED_add_ext(ctx, reason_ext, 0) == 0 then - return nil, format_error("x509.revoked.new: X509_EXTENSION_set_object()") - end - - local self = setmetatable({ - ctx = ctx, - }, mt) - - return self, nil -end - ---- Type check --- @tparam table Instance of revoked module --- @treturn boolean true if instance is instance of revoked module false otherwise -function _M.istype(l) - return l and l.ctx and ffi.istype(x509_revoked_ptr_ct, l.ctx) -end - -return _M |