feat(x509.altname) support iterate and decode over the stack

fffonion · fffonion · commit 083a201746e0 · 2020-01-07T21:06:55.000-08:00
diff --git a/lib/resty/openssl/include/x509/altname.lua b/lib/resty/openssl/include/x509/altname.lua
@@ -20,10 +20,19 @@ local types = {
   DirName = GEN_DIRNAME,
 }
 
+local literals = {
+  [GEN_EMAIL] = "email",
+  [GEN_DNS] = "DNS",
+  [GEN_DIRNAME] = "DirName",
+  [GEN_URI] = "URI",
+  [GEN_IPADD] = "IP",
+}
+
 for t, gid in pairs(types) do
   types[t:lower()] = gid
 end
 
 return {
   types = types,
+  literals = literals,
 }
diff --git a/lib/resty/openssl/x509/altname.lua b/lib/resty/openssl/x509/altname.lua
@@ -1,89 +1,175 @@
 local ffi = require "ffi"
 local C = ffi.C
+local ffi_gc = ffi.gc
 local ffi_cast = ffi.cast
+local ffi_str = ffi.string
 
+require "resty.openssl.include.x509"
 require "resty.openssl.include.x509v3"
-require "resty.openssl.include.asn1"
+local asn1_macro = require "resty.openssl.include.asn1"
 local stack_lib = require "resty.openssl.stack"
 local altname_macro = require "resty.openssl.include.x509.altname"
 
 local _M = {}
-local mt = { __index = _M }
+local mt
 
 local general_names_ptr_ct = ffi.typeof("GENERAL_NAMES*")
 
 local STACK = "GENERAL_NAME"
 local new = stack_lib.new_of(STACK)
 local add = stack_lib.add_of(STACK)
+local dup = stack_lib.dup_of(STACK)
 
 local types = altname_macro.types
 
+local gn_decode = function(ctx)
+  local typ = ctx.type
+  local k = altname_macro.literals[typ]
+  local v
+  if typ == types.DNS then
+    v = ffi_str(asn1_macro.ASN1_STRING_get0_data(ctx.d.dNSName))
+  elseif typ == types.URI then
+    v = ffi_str(asn1_macro.ASN1_STRING_get0_data(ctx.d.uniformResourceIdentifier))
+  elseif typ == types.RFC822Name then
+    v = ffi_str(asn1_macro.ASN1_STRING_get0_data(ctx.d.rfc822Name))
+  elseif typ == types.IP then
+    error("NYI")
+  elseif typ == types.DirName then
+    error("NYI")
+  else
+    error("unknown type" .. typ)
+  end
+  return { k, v }
+end
+
+-- shared with info_access
+_M.gn_decode = gn_decode
+
+mt = stack_lib.mt_of(STACK, gn_decode, _M)
+local mt__pairs = mt.__pairs
+mt.__pairs = function(tbl)
+  local f = mt__pairs(tbl)
+  return function()
+    local _, e = f()
+    if not e then return end
+    return unpack(e)
+  end
+end
+
 function _M.new()
-  local raw = new()
-  if raw == nil then
+  local ctx = new()
+  if ctx == nil then
     return nil, "OPENSSL_sk_new_null() failed"
   end
-  local ctx = ffi_cast("GENERAL_NAMES*", raw)
+  local cast = ffi_cast("GENERAL_NAMES*", ctx)
 
   local self = setmetatable({
     ctx = ctx,
-    raw = raw
+    cast = cast,
+    _is_dup = false,
   }, mt)
 
   return self, nil
 end
 
 function _M.istype(l)
-  return l and l.ctx and ffi.istype(general_names_ptr_ct, l.ctx)
+  return l and l.cast and ffi.istype(general_names_ptr_ct, l.cast)
 end
 
-function _M:add(typ, value)
+function _M.dup(ctx)
+  if ctx == nil or not ffi.istype(general_names_ptr_ct, ctx) then
+    return nil, "expect a GENERAL_NAMES* ctx at #1"
+  end
+  ctx = dup(ctx)
+
+  return setmetatable({
+    cast = ffi_cast("GENERAL_NAMES*", ctx),
+    ctx = ctx,
+    _is_dup = true,
+    _elem_refs = {},
+    _elem_refs_idx = 1,
+  }, mt), nil
+end
+
+local function gn_set(gn, typ, value)
   if not typ then
-    return nil, "expect a string at #1"
+    return "expect a string at #1"
   end
   typ = typ:lower()
   if type(value) ~= 'string' then
-    return nil, "except a string at #2"
+    return "except a string at #2"
   end
 
   local txt = value
-  local gen_type = types[typ]
-  if not gen_type then
-    return nil, "unknown type " .. typ
+  local gn_type = types[typ]
+  if not gn_type then
+    return "unknown type " .. typ
+  end
+
+  gn.type = gn_type
+
+  local asn1_string = C.ASN1_IA5STRING_new()
+  if asn1_string == nil then
+    C.GENERAL_NAME_free(gn)
+    return "ASN1_STRING_type_new() failed"
+  end
+
+  gn.d.ia5 = asn1_string
+
+  local code = C.ASN1_STRING_set(gn.d.ia5, txt, #txt)
+  if code ~= 1 then
+    C.GENERAL_NAME_free(gn)
+    return "ASN1_STRING_set() failed: " .. code
   end
+end
+
+-- shared with info_access
+_M.gn_set = gn_set
+
+function _M:add(typ, value)
 
   -- the stack element stays with stack
   -- we shouldn't add gc handler if it's already been
   -- pushed to stack. instead, rely on the gc handler
   -- of the stack to release all memories
-  local gen = C.GENERAL_NAME_new()
-  if gen == nil then
+  local gn = C.GENERAL_NAME_new()
+  if gn == nil then
     return nil, "GENERAL_NAME_new() failed"
   end
 
-  gen.type = gen_type
-
-  -- #define V_ASN1_IA5STRING                22
-  local asn1_string = C.ASN1_STRING_type_new(22)
-  if asn1_string == nil then
-    C.GENERAL_NAME_free(gen)
-    return nil, "ASN1_STRING_type_new() failed"
-  end
-
-  gen.d.ia5 = asn1_string
-
-  local code = C.ASN1_STRING_set(gen.d.ia5, txt, #txt)
-  if code ~= 1 then
-    C.GENERAL_NAME_free(gen)
-    return nil, "ASN1_STRING_set() failed: " .. code
+  local err = gn_set(gn, typ, value)
+  if err then
+    return err
   end
 
-  local _, err = add(self.ctx, gen)
+  local _, err = add(self.ctx, gn)
   if err then
-    C.GENERAL_NAME_free(gen)
+    C.GENERAL_NAME_free(gn)
     return nil, err
   end
+
+  -- if the stack is duplicated, the gc handler is not pop_free
+  -- handle the gc by ourselves
+  if self._is_dup then
+    ffi_gc(gn, C.GENERAL_NAME_free)
+    self._elem_refs[self._elem_refs_idx] = gn
+    self._elem_refs_idx = self._elem_refs_idx + 1
+  end
   return self
 end
 
+_M.all = function(stack)
+  local ret = {}
+  local _next = mt.__ipairs(stack)
+  while true do
+    local i, e = _next()
+    if i then
+      ret[i] = e
+    else
+      break
+    end
+  end
+  return ret
+end
+
 return _M
diff --git a/t/openssl/x509/altname.t b/t/openssl/x509/altname.t
@@ -0,0 +1,162 @@
+# vim:set ft= ts=4 sw=4 et fdm=marker:
+
+use Test::Nginx::Socket::Lua 'no_plan';
+use Cwd qw(cwd);
+
+
+my $pwd = cwd();
+
+our $HttpConfig = qq{
+    lua_package_path "$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
+};
+
+
+run_tests();
+
+__DATA__
+=== TEST 1: Creates stack properly
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname")
+            local c, err = altname.new()
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            ngx.say(#c)
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+"0
+"
+--- no_error_log
+[error]
+
+=== TEST 2: Adds elements to stack properly
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname")
+            local c, err = altname.new()
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            for i=0,2,1 do
+                local ok, err = c:add("DNS", string.format("%d.com", i))
+                if err then
+                    ngx.log(ngx.ERR, err)
+                    return
+                end
+            end
+            ngx.say(#c)
+            ngx.say(#c:all())
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+"3
+3
+"
+--- no_error_log
+[error]
+
+=== TEST 3: Element can be indexed properly
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname")
+            local c, err = altname.new()
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            for i=0,2,1 do
+                local ok, err = c:add("DNS", string.format("%d.com", i))
+                if err then
+                    ngx.log(ngx.ERR, err)
+                    return
+                end
+            end
+            for k, v in pairs(c) do
+                ngx.say(k, " ", v)
+            end
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+"DNS 0.com
+DNS 1.com
+DNS 2.com
+"
+--- no_error_log
+[error]
+
+=== TEST 4: Element is duplicated when added to stack
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname")
+            local c, err = altname.new()
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            local ok, err = c:add("DNS", "example.com")
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            cert = nil
+            collectgarbage("collect")
+            local k, v = unpack(c[1])
+            ngx.say(k, " ", v)
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+"DNS example.com
+"
+--- no_error_log
+[error]
+
+=== TEST 5: Element is duplicated when returned
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname")
+            local c, err = altname.new()
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            local ok, err = c:add("DNS", "example.com")
+            if err then
+                ngx.log(ngx.ERR, err)
+                return
+            end
+            local cc = c[1]
+            c = nil
+            collectgarbage("collect")
+            local k, v = unpack(cc)
+            ngx.say(k, " ", v)
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+"DNS example.com
+"
+--- no_error_log
+[error]
