diff options
Diffstat (limited to 'server/resty/openssl/x509/revoked.lua')
-rw-r--r-- | server/resty/openssl/x509/revoked.lua | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/server/resty/openssl/x509/revoked.lua b/server/resty/openssl/x509/revoked.lua new file mode 100644 index 0000000..9762200 --- /dev/null +++ b/server/resty/openssl/x509/revoked.lua @@ -0,0 +1,108 @@ +local ffi = require "ffi" +local C = ffi.C +local ffi_gc = ffi.gc + +require "resty.openssl.include.x509.crl" +require "resty.openssl.include.x509.revoked" +local bn_lib = require("resty.openssl.bn") +local format_error = require("resty.openssl.err").format_error + +local _M = {} +local mt = { __index = _M } + +local x509_revoked_ptr_ct = ffi.typeof('X509_REVOKED*') + +local NID_crl_reason = C.OBJ_txt2nid("CRLReason") +assert(NID_crl_reason > 0) + +--- Creates new instance of X509_REVOKED data +-- @tparam bn|number sn Serial number as number or bn instance +-- @tparam number time Revocation time +-- @tparam number reason Revocation reason +-- @treturn table instance of the module or nil +-- @treturn[opt] string Returns optional error message in case of error +function _M.new(sn, time, reason) + --- only convert to bn if it is number + if type(sn) == "number"then + sn = bn_lib.new(sn) + end + if not bn_lib.istype(sn) then + return nil, "x509.revoked.new: sn should be number or a bn instance" + end + + if type(time) ~= "number" then + return nil, "x509.revoked.new: expect a number at #2" + end + if type(reason) ~= "number" then + return nil, "x509.revoked.new: expect a number at #3" + end + + local ctx = C.X509_REVOKED_new() + ffi_gc(ctx, C.X509_REVOKED_free) + + -- serial number + local sn_asn1 = C.BN_to_ASN1_INTEGER(sn.ctx, nil) + if sn_asn1 == nil then + return nil, "x509.revoked.new: BN_to_ASN1_INTEGER() failed" + end + ffi_gc(sn_asn1, C.ASN1_INTEGER_free) + + if C.X509_REVOKED_set_serialNumber(ctx, sn_asn1) == 0 then + return nil, format_error("x509.revoked.new: X509_REVOKED_set_serialNumber()") + end + + -- time + time = C.ASN1_TIME_set(nil, time) + if time == nil then + return nil, format_error("x509.revoked.new: ASN1_TIME_set()") + end + ffi_gc(time, C.ASN1_STRING_free) + + if C.X509_REVOKED_set_revocationDate(ctx, time) == 0 then + return nil, format_error("x509.revoked.new: X509_REVOKED_set_revocationDate()") + end + + -- reason + local reason_asn1 = C.ASN1_ENUMERATED_new() + if reason_asn1 == nil then + return nil, "x509.revoked.new: ASN1_ENUMERATED_new() failed" + end + ffi_gc(reason_asn1, C.ASN1_ENUMERATED_free) + + local reason_ext = C.X509_EXTENSION_new() + if reason_ext == nil then + return nil, "x509.revoked.new: X509_EXTENSION_new() failed" + end + ffi_gc(reason_ext, C.X509_EXTENSION_free) + + if C.ASN1_ENUMERATED_set(reason_asn1, reason) == 0 then + return nil, format_error("x509.revoked.new: ASN1_ENUMERATED_set()") + end + + if C.X509_EXTENSION_set_data(reason_ext, reason_asn1) == 0 then + return nil, format_error("x509.revoked.new: X509_EXTENSION_set_data()") + end + + if C.X509_EXTENSION_set_object(reason_ext, C.OBJ_nid2obj(NID_crl_reason)) == 0 then + return nil, format_error("x509.revoked.new: X509_EXTENSION_set_object()") + end + + if C.X509_REVOKED_add_ext(ctx, reason_ext, 0) == 0 then + return nil, format_error("x509.revoked.new: X509_EXTENSION_set_object()") + end + + local self = setmetatable({ + ctx = ctx, + }, mt) + + return self, nil +end + +--- Type check +-- @tparam table Instance of revoked module +-- @treturn boolean true if instance is instance of revoked module false otherwise +function _M.istype(l) + return l and l.ctx and ffi.istype(x509_revoked_ptr_ct, l.ctx) +end + +return _M |