feat(x509) add get_signature_digest_name

README.md

@@ -142,7 +142,7 @@ Table of Contents
     + [x509:get_\*, x509:set_\*](#x509get_-x509set_)
     + [x509:get_lifetime](#x509get_lifetime)
     + [x509:set_lifetime](#x509set_lifetime)
-    + [x509:get_signature_name, x509:get_signature_nid](#x509get_signature_name-x509get_signature_nid)
+    + [x509:get_signature_name, x509:get_signature_nid, x509:get_signature_digest_name](#x509get_signature_name-x509get_signature_nid-x509get_signature_digest_name)
     + [x509:get_extension](#x509get_extension)
     + [x509:add_extension](#x509add_extension)
     + [x509:set_extension](#x509set_extension)
@@ -159,7 +159,7 @@ Table of Contents
     + [csr.istype](#csristype)
     + [csr:check_private_key](#csrcheck_private_key)
     + [csr:get_\*, csr:set_\*](#csrget_-csrset_)
-    + [csr:get_signature_name, csr:get_signature_nid](#csrget_signature_name-csrget_signature_nid)
+    + [csr:get_signature_name, csr:get_signature_nid, csr:get_signature_digest_name](#csrget_signature_name-csrget_signature_nid-csrget_signature_digest_name)
     + [csr:get_extension](#csrget_extension)
     + [csr:add_extension](#csradd_extension)
     + [csr:set_extension](#csrset_extension)
@@ -173,7 +173,7 @@ Table of Contents
     + [crl.new](#crlnew)
     + [crl.istype](#crlistype)
     + [crl:get_\*, crl:set_\*](#crlget_-crlset_)
-    + [crl:get_signature_name, crl:get_signature_nid](#crlget_signature_name-crlget_signature_nid)
+    + [crl:get_signature_name, crl:get_signature_nid, crl:get_signature_digest_name](#crlget_signature_name-crlget_signature_nid-crlget_signature_digest_name)
     + [crl:get_by_serial](#crlget_by_serial)
     + [crl:get_extension](#crlget_extension)
     + [crl:add_extension](#crladd_extension)
@@ -2413,14 +2413,19 @@ plus `x509:set_not_after`.
 
 [Back to TOC](#table-of-contents)
 
-### x509:get_signature_name, x509:get_signature_nid
+### x509:get_signature_name, x509:get_signature_nid, x509:get_signature_digest_name
 
 **syntax**: *sn, err = x509:get_signature_name()*
 
 **syntax**: *nid, err = x509:get_signature_nid()*
 
+**syntax**: *sn, err = x509:get_signature_digest_name()*
+
 Return the [NID] or the short name (SN) of the signature of the certificate.
 
+`x509:get_signature_digest_name` returns the short name of the digest algorithm
+used to sign the certificate.
+
 [Back to TOC](#table-of-contents)
 
 ### x509:get_extension
@@ -2649,14 +2654,19 @@ with naming convension with other functions.
 
 [Back to TOC](#table-of-contents)
 
-### csr:get_signature_name, csr:get_signature_nid
+### csr:get_signature_name, csr:get_signature_nid, csr:get_signature_digest_name
 
 **syntax**: *sn, err = csr:get_signature_name()*
 
 **syntax**: *nid, err = csr:get_signature_nid()*
 
+**syntax**: *sn, err = csr:get_signature_digest_name()*
+
 Return the [NID] or the short name (SN) of the signature of the certificate request.
 
+`csr:get_signature_digest_name` returns the short name of the digest algorithm
+used to sign the certificate.
+
 [Back to TOC](#table-of-contents)
 
 ### csr:get_extension
@@ -2842,14 +2852,19 @@ and thus used by [crl:get_extension](#crlget_extension) and [crl:set_extension](
 
 [Back to TOC](#table-of-contents)
 
-### crl:get_signature_name, crl:get_signature_nid
+### crl:get_signature_name, crl:get_signature_nid, crl:get_signature_digest_name
 
 **syntax**: *sn, err = crl:get_signature_name()*
 
 **syntax**: *nid, err = crl:get_signature_nid()*
 
+**syntax**: *sn, err = crl:get_signature_digest_name()*
+
 Return the [NID] or the short name (SN) of the signature of the CRL.
 
+`crl:get_signature_digest_name` returns the short name of the digest algorithm
+used to sign the certificate.
+
 [Back to TOC](#table-of-contents)
 
 ### crl:get_by_serial

lib/resty/openssl/include/objects.lua

@@ -14,4 +14,6 @@ ffi.cdef [[
   int OBJ_obj2nid(const ASN1_OBJECT *o);
   const ASN1_OBJECT *OBJ_nid2obj(int n);
   int OBJ_create(const char *oid, const char *sn, const char *ln);
+
+  int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
 ]]

lib/resty/openssl/objects.lua

@@ -56,10 +56,19 @@ local function txtnid2nid(txt_nid)
   return nid
 end
 
+local function find_sigid_algs(nid)
+  local out = ffi.new("int[0]")
+  if C.OBJ_find_sigid_algs(nid, out, nil) == 0 then
+    return 0, "objects.find_sigid_algs: invalid sigid " .. nid
+  end
+  return tonumber(out[0])
+end
+
 return {
   obj2table = obj2table,
   nid2table = nid2table,
   txt2nid = txt2nid,
   txtnid2nid = txtnid2nid,
+  find_sigid_algs = find_sigid_algs,
   create = C.OBJ_create,
 }

lib/resty/openssl/x509/crl.lua

@@ -15,6 +15,7 @@ local util = require "resty.openssl.util"
 local ctx_lib = require "resty.openssl.ctx"
 local stack_lib = require "resty.openssl.stack"
 local txtnid2nid = require("resty.openssl.objects").txtnid2nid
+local find_sigid_algs = require("resty.openssl.objects").find_sigid_algs
 local format_error = require("resty.openssl.err").format_error
 local version = require("resty.openssl.version")
 local OPENSSL_10 = version.OPENSSL_10
@@ -584,6 +585,18 @@ function _M:get_signature_name()
 
   return ffi.string(C.OBJ_nid2sn(nid))
 end
+
+-- AUTO GENERATED
+function _M:get_signature_digest_name()
+  local nid = accessors.get_signature_nid(self.ctx)
+  if nid <= 0 then
+    return nil, format_error("x509.crl:get_signature_digest_name")
+  end
+
+  local nid = find_sigid_algs(nid)
+
+  return ffi.string(C.OBJ_nid2sn(nid))
+end
 -- END AUTO GENERATED CODE
 
 return _M

lib/resty/openssl/x509/csr.lua

@@ -17,6 +17,7 @@ local util = require "resty.openssl.util"
 local ctypes = require "resty.openssl.auxiliary.ctypes"
 local ctx_lib = require "resty.openssl.ctx"
 local txtnid2nid = require("resty.openssl.objects").txtnid2nid
+local find_sigid_algs = require("resty.openssl.objects").find_sigid_algs
 local format_error = require("resty.openssl.err").format_error
 local version = require("resty.openssl.version")
 local OPENSSL_10 = version.OPENSSL_10
@@ -512,6 +513,18 @@ function _M:get_signature_name()
 
   return ffi.string(C.OBJ_nid2sn(nid))
 end
+
+-- AUTO GENERATED
+function _M:get_signature_digest_name()
+  local nid = accessors.get_signature_nid(self.ctx)
+  if nid <= 0 then
+    return nil, format_error("x509.csr:get_signature_digest_name")
+  end
+
+  local nid = find_sigid_algs(nid)
+
+  return ffi.string(C.OBJ_nid2sn(nid))
+end
 -- END AUTO GENERATED CODE
 
 return _M

lib/resty/openssl/x509/init.lua

@@ -16,6 +16,7 @@ local extension_lib = require("resty.openssl.x509.extension")
 local pkey_lib = require("resty.openssl.pkey")
 local util = require "resty.openssl.util"
 local txtnid2nid = require("resty.openssl.objects").txtnid2nid
+local find_sigid_algs = require("resty.openssl.objects").find_sigid_algs
 local ctypes = require "resty.openssl.auxiliary.ctypes"
 local ctx_lib = require "resty.openssl.ctx"
 local format_error = require("resty.openssl.err").format_error
@@ -1051,6 +1052,18 @@ function _M:get_signature_name()
 
   return ffi.string(C.OBJ_nid2sn(nid))
 end
+
+-- AUTO GENERATED
+function _M:get_signature_digest_name()
+  local nid = accessors.get_signature_nid(self.ctx)
+  if nid <= 0 then
+    return nil, format_error("x509:get_signature_digest_name")
+  end
+
+  local nid = find_sigid_algs(nid)
+
+  return ffi.string(C.OBJ_nid2sn(nid))
+end
 -- END AUTO GENERATED CODE
 
 return _M

scripts/templates/x509_functions.j2

@@ -275,3 +275,15 @@ function _M:get_signature_name()
 
   return ffi.string(C.OBJ_nid2sn(nid))
 end
+
+-- AUTO GENERATED
+function _M:get_signature_digest_name()
+  local nid = accessors.get_signature_nid(self.ctx)
+  if nid <= 0 then
+    return nil, format_error("{{ modname }}:get_signature_digest_name")
+  end
+
+  local nid = find_sigid_algs(nid)
+
+  return ffi.string(C.OBJ_nid2sn(nid))
+end

scripts/templates/x509_tests.j2

@@ -105,12 +105,17 @@ true
             local name = myassert(c:get_signature_name())
 
             ngx.say(name)
+
+            local name = myassert(c:get_signature_digest_name())
+
+            ngx.say(name)
         }
     }
 --- request
     GET /t
 --- response_body
 {{ module.sample_signature_nid }}
 {{ module.sample_signature_name }}
+{{ module.sample_signature_digest_name }}
 --- no_error_log
 [error]

scripts/type_x509.py

@@ -10,6 +10,7 @@
     "sample": "Github.pem",
     "sample_signature_nid": 794,
     "sample_signature_name": "ecdsa-with-SHA256",
+    "sample_signature_digest_name": "SHA256",
     "fields":
 [
 {

scripts/type_x509_crl.py

@@ -8,6 +8,7 @@
     "sample": "TrustAsiaEVTLSProCAG2.crl",
     "sample_signature_nid": 668,
     "sample_signature_name": "RSA-SHA256",
+    "sample_signature_digest_name": "SHA256",
     "fields":
 [
 {

scripts/type_x509_req.py

@@ -6,6 +6,7 @@
     "sample": "test.csr",
     "sample_signature_nid": 65,
     "sample_signature_name": "RSA-SHA1",
+    "sample_signature_digest_name": "SHA1",
     "fields":
 [
 {

t/openssl/objects.t

@@ -62,4 +62,20 @@ __DATA__
 --- response_body_like eval
 '{"id":87,"ln":87,"sn":87}'
 --- no_error_log
+[error]
+
+=== TEST 3: Convert sigid to nid
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local o = require("resty.openssl.objects")
+            ngx.print(o.find_sigid_algs(795)) -- ecdsa-with-SHA384
+        }
+    }
+--- request
+    GET /t
+--- response_body eval
+673
+--- no_error_log
 [error]

t/openssl/x509.t

@@ -971,13 +971,18 @@ true
             local name = myassert(c:get_signature_name())
 
             ngx.say(name)
+
+            local name = myassert(c:get_signature_digest_name())
+
+            ngx.say(name)
         }
     }
 --- request
     GET /t
 --- response_body
 794
 ecdsa-with-SHA256
+SHA256
 --- no_error_log
 [error]
 # END AUTO GENERATED CODE

t/openssl/x509/crl.t

@@ -466,13 +466,18 @@ truetrue
             local name = myassert(c:get_signature_name())
 
             ngx.say(name)
+
+            local name = myassert(c:get_signature_digest_name())
+
+            ngx.say(name)
         }
     }
 --- request
     GET /t
 --- response_body
 668
 RSA-SHA256
+SHA256
 --- no_error_log
 [error]
 # END AUTO GENERATED CODE

t/openssl/x509/csr.t

@@ -606,13 +606,18 @@ true
             local name = myassert(c:get_signature_name())
 
             ngx.say(name)
+
+            local name = myassert(c:get_signature_digest_name())
+
+            ngx.say(name)
         }
     }
 --- request
     GET /t
 --- response_body
 65
 RSA-SHA1
+SHA1
 --- no_error_log
 [error]
 # END AUTO GENERATED CODE