aboutsummaryrefslogtreecommitdiffstats
path: root/server/resty/openssl/include/x509
diff options
context:
space:
mode:
authorFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-03-01 13:03:12 +0100
committerFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-03-01 13:03:12 +0100
commit97d7de9af2cb6cc3bbbcae18ada738ace7771903 (patch)
treea7c6221348272e82406bba446b6b00b1d1b8e608 /server/resty/openssl/include/x509
parentbf25efd6d3ed28266ed916c0ebe9dd3a45a4affb (diff)
portal-ng pods run under root user
- switch base image from openresty to nginx-unprivileged - remove custom lua plugin code - dynamically determine dns resolver ip during container startup Issue-ID: PORTALNG-67 Change-Id: I23fb5e684dbb98a326afb00911a1f5ae78e2536d Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Diffstat (limited to 'server/resty/openssl/include/x509')
-rw-r--r--server/resty/openssl/include/x509/altname.lua49
-rw-r--r--server/resty/openssl/include/x509/crl.lua86
-rw-r--r--server/resty/openssl/include/x509/csr.lua88
-rw-r--r--server/resty/openssl/include/x509/extension.lua44
-rw-r--r--server/resty/openssl/include/x509/init.lua138
-rw-r--r--server/resty/openssl/include/x509/name.lua21
-rw-r--r--server/resty/openssl/include/x509/revoked.lua17
7 files changed, 0 insertions, 443 deletions
diff --git a/server/resty/openssl/include/x509/altname.lua b/server/resty/openssl/include/x509/altname.lua
deleted file mode 100644
index ce1db67..0000000
--- a/server/resty/openssl/include/x509/altname.lua
+++ /dev/null
@@ -1,49 +0,0 @@
-local GEN_OTHERNAME = 0
-local GEN_EMAIL = 1
-local GEN_DNS = 2
-local GEN_X400 = 3
-local GEN_DIRNAME = 4
-local GEN_EDIPARTY = 5
-local GEN_URI = 6
-local GEN_IPADD = 7
-local GEN_RID = 8
-
-local default_types = {
- OtherName = GEN_OTHERNAME, -- otherName
- RFC822Name = GEN_EMAIL, -- email
- RFC822 = GEN_EMAIL,
- Email = GEN_EMAIL,
- DNSName = GEN_DNS, -- dns
- DNS = GEN_DNS,
- X400 = GEN_X400, -- x400
- DirName = GEN_DIRNAME, -- dirName
- EdiParty = GEN_EDIPARTY, -- EdiParty
- UniformResourceIdentifier = GEN_URI, -- uri
- URI = GEN_URI,
- IPAddress = GEN_IPADD, -- ipaddr
- IP = GEN_IPADD,
- RID = GEN_RID, -- rid
-}
-
-local literals = {
- [GEN_OTHERNAME] = "OtherName",
- [GEN_EMAIL] = "email",
- [GEN_DNS] = "DNS",
- [GEN_X400] = "X400",
- [GEN_DIRNAME] = "DirName",
- [GEN_EDIPARTY] = "EdiParty",
- [GEN_URI] = "URI",
- [GEN_IPADD] = "IP",
- [GEN_RID] = "RID",
-}
-
-local types = {}
-for t, gid in pairs(default_types) do
- types[t:lower()] = gid
- types[t] = gid
-end
-
-return {
- types = types,
- literals = literals,
-} \ No newline at end of file
diff --git a/server/resty/openssl/include/x509/crl.lua b/server/resty/openssl/include/x509/crl.lua
deleted file mode 100644
index 7870cd3..0000000
--- a/server/resty/openssl/include/x509/crl.lua
+++ /dev/null
@@ -1,86 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.evp"
-require "resty.openssl.include.objects"
-require "resty.openssl.include.x509"
-require "resty.openssl.include.stack"
-
-local asn1_macro = require "resty.openssl.include.asn1"
-
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
-local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110
-
-asn1_macro.declare_asn1_functions("X509_CRL", asn1_macro.has_new_ex)
-
-ffi.cdef [[
- X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
- int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
- int X509_CRL_set_version(X509_CRL *x, long version);
-
- int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
- X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
- int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
- void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
-
- int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
- int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-
- int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
- int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-
- int X509_CRL_print(BIO *bio, X509_CRL *crl);
-
- int X509_CRL_get0_by_serial(X509_CRL *crl,
- X509_REVOKED **ret, ASN1_INTEGER *serial);
- int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
-
- //STACK_OF(X509_REVOKED)
- OPENSSL_STACK *X509_CRL_get_REVOKED(X509_CRL *crl);
-
- int X509_CRL_get0_by_serial(X509_CRL *crl,
- X509_REVOKED **ret, ASN1_INTEGER *serial);
-]]
-
-if OPENSSL_11_OR_LATER then
- ffi.cdef [[
- int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
- int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
- /*const*/ ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
- /*const*/ ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
- long X509_CRL_get_version(const X509_CRL *crl);
-
- X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-
- int X509_CRL_get_signature_nid(const X509_CRL *crl);
- ]]
-end
-if OPENSSL_10 or BORINGSSL_110 then
- -- in openssl 1.0.x some getters are direct accessor to struct members (defiend by macros)
- ffi.cdef [[
- typedef struct X509_crl_info_st {
- ASN1_INTEGER *version;
- X509_ALGOR *sig_alg;
- X509_NAME *issuer;
- ASN1_TIME *lastUpdate;
- ASN1_TIME *nextUpdate;
- // STACK_OF(X509_REVOKED)
- OPENSSL_STACK *revoked;
- // STACK_OF(X509_EXTENSION)
- OPENSSL_STACK /* [0] */ *extensions;
- ASN1_ENCODING enc;
- } X509_CRL_INFO;
-
- // Note: this struct is trimmed
- struct X509_crl_st {
- /* actual signature */
- X509_CRL_INFO *crl;
- // trimmed
- } /* X509_CRL */ ;
-
- int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
- int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
- ]]
-end
diff --git a/server/resty/openssl/include/x509/csr.lua b/server/resty/openssl/include/x509/csr.lua
deleted file mode 100644
index 44c4801..0000000
--- a/server/resty/openssl/include/x509/csr.lua
+++ /dev/null
@@ -1,88 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.evp"
-require "resty.openssl.include.objects"
-require "resty.openssl.include.x509"
-require "resty.openssl.include.stack"
-
-local asn1_macro = require "resty.openssl.include.asn1"
-
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110
-
-asn1_macro.declare_asn1_functions("X509_REQ", asn1_macro.has_new_ex)
-
-ffi.cdef [[
- int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
-
- EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
- int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-
- int X509_REQ_set_version(X509_REQ *x, long version);
-
- int X509_REQ_get_attr_count(const X509_REQ *req);
-
- int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
- X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
- int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
-
- int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
- void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
- int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
- X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-
- int *X509_REQ_get_extension_nids(void);
-
- int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
- int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-
- int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
-
- // STACK_OF(X509_EXTENSION)
- OPENSSL_STACK *X509_REQ_get_extensions(X509_REQ *req);
- // STACK_OF(X509_EXTENSION)
- int X509_REQ_add_extensions(X509_REQ *req, OPENSSL_STACK *exts);
-
- int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
-]]
-
-if OPENSSL_11_OR_LATER then
- ffi.cdef [[
- X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
- long X509_REQ_get_version(const X509_REQ *req);
-
- int X509_REQ_get_signature_nid(const X509_REQ *crl);
- ]]
-end
-if OPENSSL_10 or BORINGSSL_110 then
- ffi.cdef [[
- typedef struct X509_req_info_st {
- ASN1_ENCODING enc;
- ASN1_INTEGER *version;
- X509_NAME *subject;
- /*X509_PUBKEY*/ void *pubkey;
- /* d=2 hl=2 l= 0 cons: cont: 00 */
- /*STACK_OF(X509_ATTRIBUTE)*/ OPENSSL_STACK *attributes; /* [ 0 ] */
- } X509_REQ_INFO;
-
- // Note: this struct is trimmed
- typedef struct X509_req_st {
- X509_REQ_INFO *req_info;
- X509_ALGOR *sig_alg;
- // trimmed
- //ASN1_BIT_STRING *signature;
- //int references;
- } X509_REQ;
- ]]
-end
-
-if OPENSSL_3X then
- ffi.cdef [[
- int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
- const char *propq);
- ]]
-end
diff --git a/server/resty/openssl/include/x509/extension.lua b/server/resty/openssl/include/x509/extension.lua
deleted file mode 100644
index 14b231e..0000000
--- a/server/resty/openssl/include/x509/extension.lua
+++ /dev/null
@@ -1,44 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.x509v3"
-require "resty.openssl.include.x509"
-local asn1_macro = require "resty.openssl.include.asn1"
-local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
-
-asn1_macro.declare_asn1_functions("X509_EXTENSION")
-
-if OPENSSL_3X then
- ffi.cdef [[
- struct v3_ext_ctx {
- int flags;
- X509 *issuer_cert;
- X509 *subject_cert;
- X509_REQ *subject_req;
- X509_CRL *crl;
- /*X509V3_CONF_METHOD*/ void *db_meth;
- void *db;
- EVP_PKEY *issuer_pkey;
- };
-
- int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
- ]]
-
-else
- ffi.cdef [[
- struct v3_ext_ctx {
- int flags;
- X509 *issuer_cert;
- X509 *subject_cert;
- X509_REQ *subject_req;
- X509_CRL *crl;
- /*X509V3_CONF_METHOD*/ void *db_meth;
- void *db;
- };
- ]]
-end
-
-ffi.cdef [[
- int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
- int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
-]] \ No newline at end of file
diff --git a/server/resty/openssl/include/x509/init.lua b/server/resty/openssl/include/x509/init.lua
deleted file mode 100644
index ec104ef..0000000
--- a/server/resty/openssl/include/x509/init.lua
+++ /dev/null
@@ -1,138 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.bio"
-require "resty.openssl.include.pem"
-require "resty.openssl.include.stack"
-local asn1_macro = require "resty.openssl.include.asn1"
-
-local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
-local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
-local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110
-
-asn1_macro.declare_asn1_functions("X509", asn1_macro.has_new_ex)
-
-ffi.cdef [[
- int i2d_X509_bio(BIO *bp, X509 *x509);
- X509 *d2i_X509_bio(BIO *bp, X509 **x509);
-
- // STACK_OF(X509)
- OPENSSL_STACK *X509_chain_up_ref(OPENSSL_STACK *chain);
-
- int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
- int X509_verify(X509 *a, EVP_PKEY *r);
-
- ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
-
- int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
- X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
- int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
- void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
-
- int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
- int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
- ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
- ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
- X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
- X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
- int nid, int crit,
- ASN1_OCTET_STRING *data);
-
- // needed by pkey
- EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
- EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
- int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
- int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-
- EVP_PKEY *X509_get_pubkey(X509 *x);
- int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
- int X509_set_version(X509 *x, long version);
- int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-
- X509_NAME *X509_get_subject_name(const X509 *a);
- int X509_set_subject_name(X509 *x, X509_NAME *name);
- X509_NAME *X509_get_issuer_name(const X509 *a);
- int X509_set_issuer_name(X509 *x, X509_NAME *name);
-
- int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len);
- int X509_digest(const X509 *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-
- const char *X509_verify_cert_error_string(long n);
- int X509_verify_cert(X509_STORE_CTX *ctx);
-
- int X509_get_signature_nid(const X509 *x);
-
- unsigned char *X509_alias_get0(X509 *x, int *len);
- unsigned char *X509_keyid_get0(X509 *x, int *len);
- int X509_check_private_key(X509 *x, EVP_PKEY *k);
-]]
-
-if OPENSSL_11_OR_LATER then
- ffi.cdef [[
- int X509_up_ref(X509 *a);
-
- int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
- int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
- /*const*/ ASN1_TIME *X509_get0_notBefore(const X509 *x);
- /*const*/ ASN1_TIME *X509_get0_notAfter(const X509 *x);
- long X509_get_version(const X509 *x);
- const ASN1_INTEGER *X509_get0_serialNumber(X509 *x);
-
- X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
- ]]
-elseif OPENSSL_10 then
- ffi.cdef [[
- // STACK_OF(X509_EXTENSION)
- X509_EXTENSION *X509v3_delete_ext(OPENSSL_STACK *x, int loc);
- ]]
-end
-
-if OPENSSL_10 or BORINGSSL_110 then
- -- in openssl 1.0.x some getters are direct accessor to struct members (defiend by macros)
- ffi.cdef [[
- // crypto/x509/x509.h
- typedef struct X509_val_st {
- ASN1_TIME *notBefore;
- ASN1_TIME *notAfter;
- } X509_VAL;
-
- typedef struct X509_algor_st {
- ASN1_OBJECT *algorithm;
- ASN1_TYPE *parameter;
- } X509_ALGOR;
-
- // Note: this struct is trimmed
- typedef struct x509_cinf_st {
- /*ASN1_INTEGER*/ void *version;
- /*ASN1_INTEGER*/ void *serialNumber;
- X509_ALGOR *signature;
- X509_NAME *issuer;
- X509_VAL *validity;
- X509_NAME *subject;
- /*X509_PUBKEY*/ void *key;
- /*ASN1_BIT_STRING*/ void *issuerUID; /* [ 1 ] optional in v2 */
- /*ASN1_BIT_STRING*/ void *subjectUID; /* [ 2 ] optional in v2 */
- /*STACK_OF(X509_EXTENSION)*/ OPENSSL_STACK *extensions; /* [ 3 ] optional in v3 */
- // trimmed
- // ASN1_ENCODING enc;
- } X509_CINF;
- // Note: this struct is trimmed
- struct x509_st {
- X509_CINF *cert_info;
- // trimmed
- } X509;
-
- int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
- int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
- ASN1_INTEGER *X509_get_serialNumber(X509 *x);
- ]]
-end
-
-if BORINGSSL_110 then
- ffi.cdef [[
- ASN1_TIME *X509_get_notBefore(const X509 *x);
- ASN1_TIME *X509_get_notAfter(const X509 *x);
- ]]
-end
diff --git a/server/resty/openssl/include/x509/name.lua b/server/resty/openssl/include/x509/name.lua
deleted file mode 100644
index 2f933ae..0000000
--- a/server/resty/openssl/include/x509/name.lua
+++ /dev/null
@@ -1,21 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.asn1"
-require "resty.openssl.include.objects"
-local asn1_macro = require "resty.openssl.include.asn1"
-
-asn1_macro.declare_asn1_functions("X509_NAME")
-
-ffi.cdef [[
- int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len, int loc,
- int set);
-
- int X509_NAME_entry_count(const X509_NAME *name);
- X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
- ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
- ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
- int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
- int lastpos);
-]] \ No newline at end of file
diff --git a/server/resty/openssl/include/x509/revoked.lua b/server/resty/openssl/include/x509/revoked.lua
deleted file mode 100644
index c6539c9..0000000
--- a/server/resty/openssl/include/x509/revoked.lua
+++ /dev/null
@@ -1,17 +0,0 @@
-local ffi = require "ffi"
-
-require "resty.openssl.include.ossl_typ"
-require "resty.openssl.include.asn1"
-require "resty.openssl.include.objects"
-local asn1_macro = require "resty.openssl.include.asn1"
-
-asn1_macro.declare_asn1_functions("X509_REVOKED")
-
-ffi.cdef [[
- int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
- int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
- int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-
- const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
- const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
-]] \ No newline at end of file