feat(x509.extension) add ability to convert to other data type

Author: fffonion

lib/resty/openssl/x509/altname.lua

@@ -180,9 +180,8 @@ _M.count = mt.__len
 
 -- for use of test only
 function _M:_tostring()
-  local all = self:all()
   local values = {}
-  for k, v in pairs(all) do
+  for k, v in pairs(self) do
     table.insert(values, k .. "=" .. v)
   end
   table.sort(values)

lib/resty/openssl/x509/extension.lua

@@ -2,10 +2,12 @@ local ffi = require "ffi"
 local C = ffi.C
 local ffi_gc = ffi.gc
 local ffi_new = ffi.new
+local ffi_cast = ffi.cast
 
 require "resty.openssl.include.x509"
 require "resty.openssl.include.x509.extension"
 local objects_lib = require "resty.openssl.objects"
+local stack_lib = require("resty.openssl.stack")
 local util = require "resty.openssl.util"
 local format_error = require("resty.openssl.err").format_error
 
@@ -103,6 +105,35 @@ function _M.from_data(any, nid, crit)
   return self, nil
 end
 
+local NID_subject_alt_name = C.OBJ_sn2nid("subjectAltName")
+assert(NID_subject_alt_name ~= 0)
+
+function _M.to_data(extension, nid)
+  if not _M.istype(extension) then
+    return nil, "x509.extension.dup: expect a x509.extension ctx at #1"
+  elseif type(nid) ~= "number" then
+    return nil, "x509.extension.to_data: expect a table at #2"
+  end
+
+  local void_ptr = C.X509V3_EXT_d2i(extension.ctx)
+  if void_ptr == nil then
+    return nil, format_error("x509.extension:to_data: X509V3_EXT_d2i")
+  end
+
+  if nid == NID_subject_alt_name then
+    -- Note: here we only free the stack itself not elements
+    -- since there seems no way to increase ref count for a GENERAL_NAME
+    -- we left the elements referenced by the new-dup'ed stack
+    ffi_gc(void_ptr, stack_lib.gc_of("GENERAL_NAME"))
+    local got = ffi_cast("GENERAL_NAMES*", void_ptr)
+    local lib = require("resty.openssl.x509.altname")
+    -- the internal ptr is returned, ie we need to copy it
+    return lib.dup(got)
+  end
+
+  return nil, string.format("x509.extension:to_data: don't know how to convert to NID %d", nid)
+end
+
 function _M:get_object()
   -- retruns the internal pointer
   local asn1 = C.X509_EXTENSION_get_object(self.ctx)

scripts/type_x509.py

@@ -120,7 +120,7 @@
     "type": "x509.altname",
     "dup": True,
     "extension": "subjectAltName",
-    "sample_printable": 'DNS=www.github.com',
+    "sample_printable": 'DNS=github.com/DNS=www.github.com',
     "get_converter": '''
   -- Note: here we only free the stack itself not elements
   -- since there seems no way to increase ref count for a GENERAL_NAME

t/openssl/x509.t

@@ -803,7 +803,7 @@ SwIDAQAB
 --- request
     GET /t
 --- response_body eval
-"DNS=www.github.com"
+"DNS=github.com/DNS=www.github.com"
 --- no_error_log
 [error]
 

t/openssl/x509/extension.t

@@ -195,3 +195,26 @@ DNS:test.com, DNS:test2.com
 '
 --- no_error_log
 [error]
+
+=== TEST 8: Convert extension to data
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local altname = require("resty.openssl.x509.altname").new()
+            altname:add("DNS", "test.com")
+            altname:add("DNS", "test2.com")
+            local extension = require("resty.openssl.x509.extension")
+            local c = myassert(extension.from_data(altname, 85, false))
+
+            local alt2 = myassert(extension.to_data(c, 85))
+            ngx.say(alt2:_tostring())
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+'DNS=test.com/DNS=test2.com
+'
+--- no_error_log
+[error]