prosody
54e36a8677bc
util/x509.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

util/x509.lua @ 9907:54e36a8677bc

util.x509: Add function that extracts usable names from a certificate
author Kim Alvefur <zash@zash.se>
date Fri, 04 Jan 2019 10:20:51 +0100
parent 8555:4f0f5b49bb03
child 10255:8e8d3b3a55da
comparison
equal deleted inserted replaced
9906:d0b58bdd6c86 9907:54e36a8677bc
18 -- [LDAP] - http://tools.ietf.org/html/rfc4519 18 -- [LDAP] - http://tools.ietf.org/html/rfc4519
19 -- [PKIX] - http://tools.ietf.org/html/rfc5280 19 -- [PKIX] - http://tools.ietf.org/html/rfc5280
20 20
21 local nameprep = require "util.encodings".stringprep.nameprep; 21 local nameprep = require "util.encodings".stringprep.nameprep;
22 local idna_to_ascii = require "util.encodings".idna.to_ascii; 22 local idna_to_ascii = require "util.encodings".idna.to_ascii;
23 local idna_to_unicode = require "util.encodings".idna.to_unicode;
23 local base64 = require "util.encodings".base64; 24 local base64 = require "util.encodings".base64;
24 local log = require "util.logger".init("x509"); 25 local log = require "util.logger".init("x509");
25 local s_format = string.format; 26 local s_format = string.format;
26 27
27 local _ENV = nil; 28 local _ENV = nil;
214 215
215 -- If all else fails, well, why should we be any different? 216 -- If all else fails, well, why should we be any different?
216 return false 217 return false
217 end 218 end
218 219
220 -- TODO Support other SANs
221 local function get_identities(cert) --> set of names
222 if cert.setencode then
223 cert:setencode("utf8");
224 end
225
226 local names = {};
227
228 local ext = cert:extensions();
229 local sans = ext[oid_subjectaltname];
230 if sans and sans["dNSName"] then
231 for i = 1, #sans["dNSName"] do
232 names[ idna_to_unicode(sans["dNSName"][i]) ] = true;
233 end
234 end
235
236 local subject = cert:subject();
237 for i = 1, #subject do
238 local dn = subject[i];
239 if dn.oid == oid_commonname and nameprep(dn.value) then
240 names[dn.value] = true;
241 end
242 end
243 return names;
244 end
245
219 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n".. 246 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
220 "([0-9A-Za-z+/=\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-"; 247 "([0-9A-Za-z+/=\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
221 248
222 local function pem2der(pem) 249 local function pem2der(pem)
223 local typ, data = pem:match(pat); 250 local typ, data = pem:match(pat);
235 return s_format(envelope, typ, data:gsub(wrap, '%0\n', (#data-1)/64), typ); 262 return s_format(envelope, typ, data:gsub(wrap, '%0\n', (#data-1)/64), typ);
236 end 263 end
237 264
238 return { 265 return {
239 verify_identity = verify_identity; 266 verify_identity = verify_identity;
267 get_identities = get_identities;
240 pem2der = pem2der; 268 pem2der = pem2der;
241 der2pem = der2pem; 269 der2pem = der2pem;
242 }; 270 };