feat(x509) export pubkey

Author: fffonion

README.md

@@ -23,7 +23,7 @@ Description
 supports OpenSSL `1.1.1`, `1.1.0` and `1.0.2` series.
 
 The API is kept as same [luaossl](https://github.com/wahern/luaossl) while only a small sets
-of OpenSSL API implemented.
+of OpenSSL APIs are currently implemented.
 
 
 [Back to TOC](#table-of-contents)
@@ -163,7 +163,8 @@ Module to expose BIGNUM structure. This module is not exposed through `resty.ope
 
 ### bn.new
 
-**syntax**: *b, err = bn.new(bn_instance or number?)*
+**syntax**: *b, err = bn.new(bn_cdata?)*
+**syntax**: *b, err = bn.new(number?)*
 
 Creates a BIGNUM instance. The first argument can be `BIGNUM *` cdata object, or a Lua number,
 or `nil` to creates a empty instance.
@@ -189,8 +190,8 @@ Module to interact with message digest.
 
 **syntax**: *d, err = digest.new(digest_name)*
 
-Creates a digest instance. The `digest_name` is a valid digest algorithm name. To view
-a list of digest algorithms implemented, use `openssl list -digest-algorithms`
+Creates a digest instance.`digest_name` is a string of digest algorithm name. To view
+a list of digest algorithms implemented, use `openssl list -digest-algorithms`.
 
 ### digest:update
 

lib/resty/openssl/bn.lua

@@ -40,6 +40,8 @@ ffi.cdef(
 ]]
 )
 
+local bn_ptr_ct = ffi.typeof('BIGNUM*')
+
 function _M.new(bn)
   local _bn
   if bn == nil or type(bn) == 'number'then
@@ -52,6 +54,11 @@ function _M.new(bn)
       end
     end
   elseif type(bn) == 'cdata' then
+    if ffi.istype(bn_ptr_ct, bn) then
+      ctx = bn
+    else
+      return nil, "expect a BIGNUM* cdata at #1"
+    end
     _bn = bn
   else
     return nil, "unexpected initializer passed in (got " .. type(bn) .. ")"
@@ -60,13 +67,17 @@ function _M.new(bn)
   return setmetatable( { bn = _bn }, mt), nil
 end
 
+function _M.istype(l)
+  return l.ctx and ffi.istype(bn_ptr_ct, l.ctx)
+end
+
 function _M:toBinary()
   local length = (C.BN_num_bits(self.bn)+7)/8
   length = floor(length)
   local buf = ffi_new('unsigned char[?]', length)
   local sz = C.BN_bn2bin(self.bn, buf)
   if sz == 0 then
-    return nil, format_error("bn.toBinary")
+    return nil, format_error("bn:toBinary")
   end
   buf = ffi_str(buf, length)
   return buf, nil

lib/resty/openssl/pkey.lua

@@ -13,6 +13,7 @@ require "resty.openssl.ec"
 local bn_lib = require "resty.openssl.bn"
 require "resty.openssl.bio"
 require "resty.openssl.pem"
+require "resty.openssl.objects"
 local util = require "resty.openssl.util"
 require "resty.openssl.x509"
 local format_error = require("resty.openssl.err").format_error
@@ -188,39 +189,41 @@ local PEM_write_bio_PrivateKey_args = { null, null, 0, null, null }
 local PEM_write_bio_PUBKEY_args = {}
 
 local function tostring(self, fmt)
-  local method
+  local method, args
   if fmt == 'private' or fmt == 'PrivateKey' then
     method = 'PEM_write_bio_PrivateKey'
+    args = PEM_write_bio_PrivateKey_args
   elseif not fmt or fmt == 'public' or fmt == 'PublicKey' then
     method = 'PEM_write_bio_PUBKEY'
+    args = PEM_write_bio_PUBKEY_args
   else
     return nil, "can only export private or public key, not " .. fmt
   end
 
-  local args
-  if method == 'PEM_write_bio_PrivateKey' then
-    args = PEM_write_bio_PrivateKey_args
-  else
-    args = PEM_write_bio_PUBKEY_args
-  end
-
   return util.read_using_bio(method, self.ctx, unpack(args))
 end
 
 local _M = {}
 local mt = { __index = _M, __tostring = tostring }
 
+local evp_ptr_ct = ffi.typeof('EVP_PKEY*')
 -- type
 -- bits
 -- exp
 -- curve
 function _M.new(s, ...)
-  local ctx, err, has_private
+  local ctx, err
   s = s or {}
   if type(s) == 'table' then
     ctx, err = generate_key(s)
   elseif type(s) == 'string' then
     ctx, err = load_pkey(s, ...)
+  elseif type(s) == 'cdata' then
+    if ffi.istype(evp_ptr_ct, s) then
+      ctx = s
+    else
+      return nil, "expect a EVP_PKEY* cdata at #1"
+    end
   else
     return nil, "unexpected type " .. type(s) .. " at #1"
   end
@@ -237,7 +240,6 @@ function _M.new(s, ...)
 
   local self = setmetatable({
     ctx = ctx,
-    -- has_private = has_private,
     key_size = key_size,
   }, mt)
 
@@ -246,8 +248,12 @@ function _M.new(s, ...)
   return self, nil
 end
 
+function _M.istype(l)
+  return l.ctx and ffi.istype(evp_ptr_ct, l.ctx)
+end
+
 local empty_table = {}
-local bnptr_type = ffi.typeof("const BIGNUM *[1]")
+local bn_ptrptr_ct = ffi.typeof("const BIGNUM *[1]")
 local function get_rsa_params_11(pkey)
   -- {"n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp"}
   local rsa_st = C.EVP_PKEY_get0_RSA(pkey)
@@ -258,17 +264,17 @@ local function get_rsa_params_11(pkey)
   return setmetatable(empty_table, {
     __index = function(tbl, k)
       if k == 'n' then
-        local bnptr = bnptr_type()
-        C.RSA_get0_key(rsa_st, bnptr, nil, nil)
-        return bn_lib.new(bnptr[0]), nil
+        local ptr = bn_ptrptr_ct()
+        C.RSA_get0_key(rsa_st, ptr, nil, nil)
+        return bn_lib.new(ptr[0]), nil
       elseif k == 'e' then
-        local bnptr = bnptr_type()
-        C.RSA_get0_key(rsa_st, nil, bnptr, nil)
-        return bn_lib.new(bnptr[0]), nil
+        local ptr = bn_ptrptr_ct()
+        C.RSA_get0_key(rsa_st, nil, ptr, nil)
+        return bn_lib.new(ptr[0]), nil
       elseif k == 'd' then
-        local bnptr = bnptr_type()
-        C.RSA_get0_key(rsa_st, nil, nil, bnptr)
-        return bn_lib.new(bnptr[0]), nil
+        local ptr = bn_ptrptr_ct()
+        C.RSA_get0_key(rsa_st, nil, nil, ptr)
+        return bn_lib.new(ptr[0]), nil
       end
     end
   }), nil

lib/resty/openssl/x509/init.lua

@@ -17,6 +17,7 @@ local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
 
 ffi.cdef [[
   void X509_free(X509 *a);
+  EVP_PKEY *X509_get_pubkey(X509 *x);
 
   EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
   EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
@@ -150,4 +151,14 @@ function _M:getLifetime()
   return not_before, not_after, nil
 end
 
+function _M:getPublicKey()
+  local ctx = C.X509_get_pubkey(self.ctx)
+  if ctx == nil then
+    return nil, format_error("x509:getPublicKey")
+  end
+  -- lazy load pkey to avoid circular dependency (which might makes pkey a userdata)
+  local pkey_lib = require("resty.openssl.pkey")
+  return pkey_lib.new(ctx)
+end
+
 return _M