librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

fix git issue on windows

This commit is contained in:
florian 2023-04-18 20:03:00 +02:00
parent 76a2ff6563
commit 881d3a00d5
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
51 changed files with 8 additions and 9873 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/bw/lua/bunkerweb/helpers.lua
View File

@ -1,3 +1,4 @@
local utils = require "bunkerweb.utils"
local cjson = require "cjson"
local helpers = {}

1
src/bw/lua/bunkerweb/utils.lua
View File

@ -9,7 +9,6 @@ local cjson = require "cjson"
local logger = clogger:new("UTILS")
local datastore = cdatastore:new()
local cachestore = ccachestore:new()
local utils = {}

7
src/deps/clone.sh
View File

@ -267,7 +267,14 @@ fi
# lua-resty-openssl v0.8.21
echo " Downloading lua-resty-openssl"
dopatch="no"
if [ ! -d "deps/src/lua-resty-openssl" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/fffonion/lua-resty-openssl.git" "15bc59b97feb5acf25fbdd9426cf73870cf7c838"
if [ "$dopatch" == "yes" ] ; then
do_and_check_cmd rm -r deps/src/lua-resty-openssl/t
fi
# ModSecurity v3.0.9
echo " Downloading ModSecurity"

132
src/deps/src/lua-resty-openssl/t/fips.t
View File

@ -1,132 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
my $fips = $ENV{'TEST_NGINX_FIPS'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.fips = "$fips" ~= ""
}
};
run_tests();
__DATA__
=== TEST 1: FIPS mode can be turned on and off
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not _G.fips then
ngx.say("false\ntrue\nfalse")
ngx.exit(200)
end
local openssl = require("resty.openssl")
if require("resty.openssl.version").BORINGSSL then
if openssl.get_fips_mode() then
ngx.say("false\ntrue\nfalse")
else
ngx.say("BORINGSSL should have fips turned on but actually not")
end
ngx.exit(200)
end
ngx.say(openssl.get_fips_mode())
myassert(openssl.set_fips_mode(true))
ngx.say(openssl.get_fips_mode())
myassert(openssl.set_fips_mode(false))
ngx.say(openssl.get_fips_mode())
}
}
--- request
GET /t
--- response_body
false
true
false
--- no_error_log
[error]
=== TEST 2: CIPHER, MD and PKEY provider is directed to fips
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not _G.fips or not require("resty.openssl.version").OPENSSL_3X then
ngx.say("fips\nfips\nfips")
ngx.exit(200)
end
local openssl = require("resty.openssl")
myassert(openssl.set_fips_mode(true))
ngx.say(myassert(require("resty.openssl.cipher").new("aes256")):get_provider_name())
ngx.say(myassert(require("resty.openssl.digest").new("sha256")):get_provider_name())
ngx.say(myassert(require("resty.openssl.pkey").new({ type = "EC" })):get_provider_name())
}
}
--- request
GET /t
--- response_body
fips
fips
fips
--- no_error_log
[error]
=== TEST 3: Non-FIPS compliant algorithms are not allowed
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
-- BORINGSSL doesn't seem to remove non-fips compliant algorithms?
if not _G.fips or require("resty.openssl.version").BORINGSSL then
ngx.say("true\ntrue")
ngx.say("invalid cipher type \"chacha20\": unsupported")
ngx.say("invalid digest type \"md5\": unsupported")
ngx.exit(200)
end
local ok, err
if require("resty.openssl.version").OPENSSL_3X then
ok, err = require("resty.openssl.cipher").new("chacha20")
else
ok, err = require("resty.openssl.cipher").new("seed")
end
ngx.say(not not ok)
local ok, err = require("resty.openssl.digest").new("md5")
ngx.say(not not ok)
local openssl = require("resty.openssl")
myassert(openssl.set_fips_mode(true))
if require("resty.openssl.version").OPENSSL_3X then
ok, err = require("resty.openssl.cipher").new("chacha20")
else
ok, err = require("resty.openssl.cipher").new("seed")
end
ngx.say(err)
local ok, err = require("resty.openssl.digest").new("md5")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like
true
true
.*invalid cipher type.+(?:unsupported|disabled for fips).*
.*invalid digest type "md5".+(?:unsupported|disabled for fips).*
--- no_error_log
[error]

29
src/deps/src/lua-resty-openssl/t/fixtures/Github.pem
View File

@ -1,29 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFBjCCBK2gAwIBAgIQDovzdw2S0Zbwu2H5PEFmvjAKBggqhkjOPQQDAjBnMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xPzA9BgNVBAMTNkRp
Z2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIFRMUyBIeWJyaWQgRUNDIFNIQTI1NiAyMDIw
IENBMTAeFw0yMTAzMjUwMDAwMDBaFw0yMjAzMzAyMzU5NTlaMGYxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAASt9vd1sdNJVApdEHG93CUGSyIcoiNOn6H+
udCMvTm8DCPHz5GmkFrYRasDE77BI3q5xMidR/aW4Ll2a1A2ZvcNo4IDOjCCAzYw
HwYDVR0jBBgwFoAUUGGmoNI1xBEqII0fD6xC8M0pz0swHQYDVR0OBBYEFCexfp+7
JplQ2PPDU1v+MRawux5yMCUGA1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRo
dWIuY29tMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwgbEGA1UdHwSBqTCBpjBRoE+gTYZLaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZVRMU0h5YnJpZEVDQ1NIQTI1NjIwMjBD
QTEuY3JsMFGgT6BNhktodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRI
aWdoQXNzdXJhbmNlVExTSHlicmlkRUNDU0hBMjU2MjAyMENBMS5jcmwwPgYDVR0g
BDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMIGSBggrBgEFBQcBAQSBhTCBgjAkBggrBgEFBQcwAYYYaHR0cDov
L29jc3AuZGlnaWNlcnQuY29tMFoGCCsGAQUFBzAChk5odHRwOi8vY2FjZXJ0cy5k
aWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlVExTSHlicmlkRUNDU0hB
MjU2MjAyMENBMS5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYE
gfMA8QB2ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABeGq/vRoA
AAQDAEcwRQIhAJ7miER//DRFnDJNn6uUhgau3WMt4vVfY5dGigulOdjXAiBIVCfR
xjK1v4F31+sVaKzyyO7JAa0fzDQM7skQckSYWQB3ACJFRQdZVSRWlj+hL/H3bYbg
IyZjrcBLf13Gg1xu4g8CAAABeGq/vTkAAAQDAEgwRgIhAJgAEkoJQRivBlwo7x67
3oVsf1ip096WshZqmRCuL/JpAiEA3cX4rb3waLDLq4C48NSoUmcw56PwO/m2uwnQ
prb+yh0wCgYIKoZIzj0EAwIDRwAwRAIgK+Kv7G+/KkWkNZg3PcQFp866Z7G6soxo
a4etSZ+SRlYCIBSiXS20Wc+yjD111nPzvQUCfsP4+DKZ3K+2GKsERD6d
-----END CERTIFICATE-----

21
src/deps/src/lua-resty-openssl/t/fixtures/GlobalSign.pem
View File

@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

26
src/deps/src/lua-resty-openssl/t/fixtures/GlobalSign_sub.pem
View File

@ -1,26 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEWjCCA0KgAwIBAgIOR8MQAMBL+oomVLdB7CswDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjAzMTYw
MDAwMDBaFw0yNDAzMTYwMDAwMDBaMFQxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMSowKAYDVQQDEyFHbG9iYWxTaWduIFBlcnNvbmFsU2ln
biAzIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm4HxK
0o9gvqhlIWVajpj75hIkZariW6PUj+njWoA5YRqmopnzUc99nUzj9Lj7Go8eqe9F
9tT76IeS2MdOAn1bata0FTGQXUZYO72E4YL18SE5ERRLlOjt1TenE4JbRFodris3
+NUh9qNOFhyii7zf/nNQMTWDQ3hH5z4qcAemahgS26Ep8VihD70pPleC9Jcy/RVM
k+RjqBEzur3dWHPD21wRk3gS29Gs2499Tj59DlLH+RoXSsRjHcJk+fDHzC2zyY4M
jNJHgw/RWfhmJqxPDrNvF3jiDchMDrkY/o7oywpJCfVaTZ3ScEd4GnhIsBJi26ci
OYfjXmq+vPGumJBTAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU4ir34VYTni+RxwhiCZ7AIV++blMwHwYD
VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswPQYIKwYBBQUHAQEEMTAvMC0G
CCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LmNy
bDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cu
Z2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQEFBQADggEBAAMt
Z5FskwVr28wgh70YcB0TepVojuiDQwDHilW0dfFnM+tkzwyHKcU7Q36EojXCrMz1
SXw2TD8n+BC3dkJdmYf7zPKen5HguBaraPUzcxgZuJCfZmA1fW1+hrJ9sVLp9nBX
J3H2g4XDIl1yj/MozwfWfKE04fJZyk7yuAknoFgwK+EGOXnXnjMWldAoPLS0AyFE
aM1HU57OUMWPRwJ5Ts/CKf50Nz9ntgGTGVHvyfDvexHEEMGF1Vc9KAs+Z0jPXFom
H6wJlHvDM0nVtIbvdkGxVzxEQASkXUdh7qPxR4WpGJn5vMpIi74NglkCp5pPuDJ6
i7GsIy4xEeMwq4nuOh8=
-----END CERTIFICATE-----

BIN
src/deps/src/lua-resty-openssl/t/fixtures/TrustAsiaEVTLSProCAG2.crl
View File

Binary file not shown.

BIN
src/deps/src/lua-resty-openssl/t/fixtures/badssl.com-client.p12
View File

Binary file not shown.

18
src/deps/src/lua-resty-openssl/t/fixtures/boringssl_fips.patch
View File

@ -1,18 +0,0 @@
# Fix FIPS build (from BoringSSL commit 4ca15d5dcbe6e8051a4654df7c971ea8307abfe0).
#
# The modulewrapper is not a part of the FIPS module, so it can be patched without
# concern about breaking the FIPS validation.
--- boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ boringssl/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -12,9 +12,11 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <string>
#include <vector>
#include <assert.h>
+#include <errno.h>
#include <string.h>
#include <sys/uio.h>
#include <unistd.h>

8
src/deps/src/lua-resty-openssl/t/fixtures/ec_key_encrypted.pem
View File

@ -1,8 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,74AB7E7042FC695A7F267BB416AC24E1
zNvboWr/ayt4McuSl9h3oirnS7DK5JU5OSGvh3Seyt9E1oVd3SUg4Mcp4BpZP8gv
Ei4K6+p3CTDrQfE0mrjIph3C1LKTzQeLdGIvgTjjKVpu91aogU3K3rgcuqKN/zla
+sQOAedKEtLiop4J6rIGmKvo9JZonbMsEZnZnXGbz3k=
-----END EC PRIVATE KEY-----

18
src/deps/src/lua-resty-openssl/t/fixtures/no_revoked.crl
View File

@ -1,18 +0,0 @@
-----BEGIN X509 CRL-----
MIICyTCBsgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEpMCcGA1UE
ChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT
UkcgUm9vdCBYMRcNMjIwNTE4MDAwMDAwWhcNMjMwNDE3MjM1OTU5WqAvMC0wHwYD
VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wCgYDVR0UBAMCAWYwDQYJKoZI
hvcNAQELBQADggIBAC2us3ieEcU7NTFjPyXEi/5aOID7IlPBK7ugS7IJrasTyEdH
fAMcuoEGHaLoyLqpIKc7U/KIfqysn6l4Mu32aWFB/Ck5qiVufHXFjXIuNo4/drlm
kPUjhgX0YcMkrWdbLFbF/mi5R7fCTbCP1ihqiw2AKB2jFShTAcybJpVRY7velN/D
EI8ITJsHnGNOx5XZV7HgO1SbXrba7YGMD0YA+NiXc8VaoDlZdoKh8q/gk8y5vnvL
UmtsHpdF1zFwDxYdpFLCrV9z8OcPWjguX6bYMWtnN5JPHrlUQrupCIN55ur8ttoq
+9mQ/3Y2OFl1qF6UtHxSDHAI5vA8dBlZxQWSWXKGFPGPssNdB7CUJlZeLWPICWU9
yANMxG+5ANeXW65GfPexj2DujwDlC46Wdnlvbft+2Bc0SYR72By/1QB3tmgBB//j
QuJtAIzvRluvdnoIGRHPGVse0Qk4FC2BK04q8HBRw3UbxV1MDYIFCN9hlC625Q1s
VjrqzGMPAwXYXNa/9hFQkdjKycrdsGvIXZa08sqqx4hY4CpjEeUQoka0XkTUmp7Q
GDSXFxe4qxQObnU+LAMQ0cEcVb0TNnTC0PCeoSV82n3jRL9QYMe6lvU4pgFMddXz
jna557uivEENf58Oh0SH5jux5gSlre177jQvvsfn8FeFXsLijw0tCbfupna/
-----END X509 CRL-----

16
src/deps/src/lua-resty-openssl/t/fixtures/openssl_fips.cnf
View File

@ -1,16 +0,0 @@
config_diagnostics = 1
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
fips = fips_sect
default = default_sect
[default_sect]
activate = 1
# need fipsinstall to populate below section
# [fips_sect]

27
src/deps/src/lua-resty-openssl/t/fixtures/rsa-pkcs1-priv.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxpgb1ESW7DpRvUHd56f1WArwhETylcxu0X02mAnuRgug6pFU
LobnVTuYdajuvRDdZGUYJHQuGB2Su5FiKGdDBXnuOPa/zQ6BoSz+z9Yqj8Mri0UI
THXKLNqPO7/V69wbtFFus//gVozDTmv8Ws1J4lc+GYyfuVL6o8aLyGDhhrB8HoLk
lYLFchkCsjt8rQ2U2fAtwWNoxlIgw707tpwR5zLe58b/aM71OOMPZlERc4VPmZTk
GgYHWFJCWxnp0TQ5CIjGyigewG55Mp8XqSf5cSel/pc3rmrHVq4vrw5cLcxhJNkI
UQfN9x6NvkLCBWwOLBx+HAEiLeOqIDIILObrpwIDAQABAoIBABQ0rcAvKlvmoyJq
bTWAtUm78zTB/xyWrD/MSZ22hPPDgx/aoYIKX8cgRSbThVbfPGdWkdpDp9z0RVWo
OSB7QSpxeXd6Q5GNhErt1Q84byQpa2jEIVAGPAfMRP6DSjSxNHBoSKcvxZeIwuZb
vlVOxdGtprfawvWMJ8w6C0bb9JZLeHjdLK/O49Nxj4YrUBk+ZvkKa8EQnq/apLMz
9RMZiFQ1pvR9Ojfw4O4u0pqW80Iu8alDBxMkvzEUEhuzafrMKToX5GG65Y9/nhDl
iIsENEvNY1Nk2WXPMe/VR5LVGBLtXlJ+KIj09KjuJyy5PEkwXxHobyRHEMtQ8SBs
C1SE/sECgYEA+Sf1IyhyPfWg3CuGdwiYuwn9CVnZxqQWLwwk+EdIXpNDbHhfeN1Z
ZC1/bttz45O4At5KtKAHLeRETuphtgwJ6ZHdNy5K6h4GV0s4ZtBHS8pu95+BAApN
pGRPzZ4u4GDTkTCbHRd+A2UY1EnpGe6Owq/+Cbu67jnPJOP0pegmGzkCgYEAzAya
v9pEwcDBIrKE3ida46mBAnxBT81pr8Pa5t5pON3DtjsHv3lfa01u9ga8F0GKgMif
tet9dFWtFHdrC8HbrpcHwta1dVlDNzr1TSjbyl5TW9/suSbHTQ/iUmXFazbhHVu6
p4jgV6DPgqxjI56YLcIqZIf2xDeVgGwbwv7d3d8CgYEAtcIpeTFrTbnfVF5IJJPX
3zJlLiomzVssd7vTSG+v4pZpbDrP4vsO2B68xOFAxHchmK4TL3tCYX8ROcSP7V8Q
6BwplbSmn+2xUIMmLRKpwCd4Fhp838ukYlVvRh+sMLFSBavArFNT8SQSHeOhMfKu
oGYE25LgxiLT8yR8d39INTkCgYEAilnxgyvnesfLLE+Gr2pXwg1oH9tIHWfVxQsz
HV6oUZpr3N9hfX46KHM0TTR7y/jwhCmDwMGPKpX86OefeTVUUqis5nrWRl7jqEsd
j9eoTyptstm9lDyq3aFrfxrqJKvtLw7HHFk+Y6vxh1SDU99wp3YDcG6P7rMRdyXW
HPzaSlkCgYBums2fZgP96/wyburnMhP/86ndLyVB2YbLwXMz+oGlm+XssAawulrM
6mxpV63T+/UmEiszCEf3ZOUr1+zkSTe/CMZk5Vev1pYEzfpQ2AnpOsvPw+WGQbWL
95dYCSGZKjXQ/UV+zDisZiDzjLRkZ7WfPJsPZ8z1P3nZ2t+8IRNO/Q==
-----END RSA PRIVATE KEY-----

8
src/deps/src/lua-resty-openssl/t/fixtures/rsa-pkcs1-pub.key
View File

@ -1,8 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAxpgb1ESW7DpRvUHd56f1WArwhETylcxu0X02mAnuRgug6pFULobn
VTuYdajuvRDdZGUYJHQuGB2Su5FiKGdDBXnuOPa/zQ6BoSz+z9Yqj8Mri0UITHXK
LNqPO7/V69wbtFFus//gVozDTmv8Ws1J4lc+GYyfuVL6o8aLyGDhhrB8HoLklYLF
chkCsjt8rQ2U2fAtwWNoxlIgw707tpwR5zLe58b/aM71OOMPZlERc4VPmZTkGgYH
WFJCWxnp0TQ5CIjGyigewG55Mp8XqSf5cSel/pc3rmrHVq4vrw5cLcxhJNkIUQfN
9x6NvkLCBWwOLBx+HAEiLeOqIDIILObrpwIDAQAB
-----END RSA PUBLIC KEY-----

19
src/deps/src/lua-resty-openssl/t/fixtures/test.crt
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIUJ+FXF8zL+pdK8Nl68Eq0aQlZKNMwDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwIdGVzdC5jb20wHhcNMjAxMjE1MTAwNjIyWhcNMzAxMjEz
MTAwNjIyWjATMREwDwYDVQQDDAh0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMEQQC0nyiHOekSs6sTwLBrdiWYvDWC5OQylQZY2pWsBYtWH
3rkkt98rRNC3cxLSPwH+AAJrJCnRl4ZIxUrtNF8zPW/NexAaarKMLq8LHnVD+cf5
uLzK9xZNt5s8aTQOF8TuHH2Zq/jdfJ9MnAJf1noZ4Oz5IZqOtgJ+1oCDZJc4ZlL1
KO5tfDsWZOsRdow6F7wlK1xtCfcakcncL7Yh4xbZYQXnNSliGZF0/+SIqYIGhv2f
EBng0yOW6FrXtrxhj/7TplAd2v5ziCsdcqqA+YFu4e6PzFybNErUgNZ8ZsokmP56
uU13oKYLIsEf11EmKEX1bwvEvvu+T/V/IB38YV8CAwEAAaNTMFEwHQYDVR0OBBYE
FM8D9Qnrg9JPEN5lkpDpkz44TOh8MB8GA1UdIwQYMBaAFM8D9Qnrg9JPEN5lkpDp
kz44TOh8MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI/ODar1
fVkJ50rLToICvp2zZkLSsZlL13Gy4+FUUl0sctSRbXF6yPZGa3u6/HeF5AWnrFNX
eZUVuJgyYa2gmz0K+HGbSrbNFb4Cpnhe7Y722SpSDEj3ybOI3EBeRT3WcwpSsGKa
Kfx8NY08J440cn3oNAbZ9XrZOHhyvjkCEr9+ieg1MvMtNg5NbTpHj6Riuvuvvs3s
CaOJ1dN5a59hHHvt76lb6Ah3cwJ98CRAObp1bElgL//Tl9faAHAFIpGopvq41Jnn
rBd/GtvM6J/LHznZ9eOvMq+uBMyAhzpmi6Ih4SGnwN/i8StRbNvpIUIq2rO6IvCZ
61xzxPhcY6bB2KI=
-----END CERTIFICATE-----

19
src/deps/src/lua-resty-openssl/t/fixtures/test.csr
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDFTCCAf0CAQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
FDASBgNVBAcTC0xvcyBBbmdlbGVzMRQwEgYDVQQKEwtTU0wgU3VwcG9ydDEUMBIG
A1UECxMLU1NMIFN1cHBvcnQxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GDCNL5NhDX2JVU
QKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUzKoTt5yLdVIM/
HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgDcdbcQ5wsPVOi
FHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyfgGS4+XQSsUdw
NWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1f3rlwf8H5HIV
H3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJEcwIDAQABoFYw
VAYJKoZIhvcNAQkOMUcwRTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUE
DDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAgBSVMeTB9pfgZCllMPBFffeduMePyDA1SzLYjSFkh660sFFiwGAV
MTnnYFHH3k6ueRVal3gzxZJ6ehr+ms1/CRO8rlY+B6geMCbGCbCvcAET0n505aYH
v8vlvqrdSx8Ur/9sisbynCkdk2qgc3rbnDbsAAonZIXf+blacaYTZdGUxso6qtY6
6mhI+ulqmkDk3Quc02ityvuGEbN8UuUGxc+kg0aIqMWWNKUGpTq/aRWpC7kuCUFZ
fmvPwnMhzgKBPzOXwyauVxAV0Mm/1uwPu9GNVQDgewy4Rjbm5bNwIjce3W1tVMWT
FR+x0BtV+D2A62fJWB2Yv9oERJbZQnvLqw==
-----END CERTIFICATE REQUEST-----

28
src/deps/src/lua-resty-openssl/t/fixtures/test.key
View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBEEAtJ8ohznpE
rOrE8Cwa3YlmLw1guTkMpUGWNqVrAWLVh965JLffK0TQt3MS0j8B/gACayQp0ZeG
SMVK7TRfMz1vzXsQGmqyjC6vCx51Q/nH+bi8yvcWTbebPGk0DhfE7hx9mav43Xyf
TJwCX9Z6GeDs+SGajrYCftaAg2SXOGZS9SjubXw7FmTrEXaMOhe8JStcbQn3GpHJ
3C+2IeMW2WEF5zUpYhmRdP/kiKmCBob9nxAZ4NMjluha17a8YY/+06ZQHdr+c4gr
HXKqgPmBbuHuj8xcmzRK1IDWfGbKJJj+erlNd6CmCyLBH9dRJihF9W8LxL77vk/1
fyAd/GFfAgMBAAECggEAG+N4Ec3MoiOMf/0mkLpM9LiJz4v+d7lp50y787IDJTj3
CPdukfoe4YsDjs7hPZfHaEdDwxWtDKltJQXAEjm/tfzV5B+fpkzamt4rJDgL906R
d3S4XfVHyh4B5tfMLqvWfSkUToRzVijQhsZvRtyHQ+4XEsROOWBiJGwkGj5guoM3
4ItEJOXece+4pV0M1KPb3aTqGLw/Iow1IV9k+HCKrxwsBK0xpoEYfvK6N6PsmcRK
iPS53D6bCS74HidgXvhPN8hdVvJ+s8rvXDdVF3Ajw/LhrdeYrRjZUtRpB43Z8uLn
raMMOid4Q9EEsZNcWG2UO6BHyDibkOzQmPIv0/JIgQKBgQDo1Cmd3ialMZkn9bSX
DUNxMZlTk49Abns2rKojRxApU3h3aVuViXPIs3yz0cUPzURGHOOHQwU5cFjMVsxx
GffZjNq+ViR1Il0UhxBlYlcRZOou4RSi6VnN8HRjNeBNrzGxo/C+9/U00/APT/z5
OBloEoWy22SqTJtQCKspQ60knwKBgQDURvpcMlJE6UBhIy3Q3/7+HUc/AsCj5dMY
OafioeuKO+fRcNBaith3bUF3aRplf2jD/pQ/nLvD4+q0tvaEY06jpiVwm5PXGdUy
acIcs56ch1BiczP5pkSpEpaG0ap4btW86UU3K+at0iAJqfm9aR8DSOugl+D+EC16
RDRKn4TLQQKBgQDA4vPPW7m8ZYiyuDXyZgSXhDW4LakiAeWF+CnDrB3RfttwYhKD
oioP/dKzzndpje6f/1LoPjfXzCFkuAwLLy5MRwr5YLg3ak6esP5+X6guOuJgEAxe
ot/JYwmpH3tCIIAU4PKT4yx7pZFdvjCf7z/tHlsxP9z30RtihKv4NZ79lQKBgBOL
XW2zrGNv3l+TL5q1pPKcm3yvsjDk7iSi2lRBeEBH97YO3wAXHIsSYh6ubKG/s1Oo
UtnwglEs4OU2m0fhJNJob7YIfPonBLwZhKfD2eyrgLkvxi9MIbI3ZeiP0VQ5UDCO
gbLstdZ3LD/3iGjqDtLsmdU1Zp+9uZIySWY9faqBAoGAa3DJYcGpBQWDlNbojcgv
VUNukUrxDQOLR6AbPcYF8EdrSgtkuDQJfb94HpR55u6o+l9SiD2t9uEl/rLqrp1+
jOTte0IERqrerKp43G/AHZduw0ks4PPxglZUAQ1/HSTUTUvACoHFB9egElj3zNIX
fFBB0c+kqU2aLFq342F0ONU=
-----END PRIVATE KEY-----

194
src/deps/src/lua-resty-openssl/t/openssl.t
View File

@ -1,194 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
my $fips = $ENV{'TEST_NGINX_FIPS'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;$pwd/../lua-resty-hmac/lib/?.lua;$pwd/../lua-resty-string/lib/?.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.fips = "$fips" ~= ""
}
};
run_tests();
__DATA__
=== TEST 1: Load ffi openssl library
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local openssl = require("resty.openssl")
openssl.load_modules()
ngx.say(string.format("%x", openssl.version.version_num))
}
}
--- request
GET /t
--- response_body_like
\d{6}[0-9a-f][0f]
--- no_error_log
[error]
=== TEST 2: Luaossl compat pattern
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local openssl = require("resty.openssl")
openssl.luaossl_compat()
local pkey = require("resty.openssl.pkey")
local pok, perr = pcall(pkey.new, "not a key")
ngx.say(pok)
ngx.say(perr)
}
}
--- request
GET /t
--- response_body_like
false
.+pkey.new.+
--- no_error_log
[error]
=== TEST 3: List cipher algorithms
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL then
ngx.say("[\"AES\"]")
ngx.say("[\"AES-256-GCM @ default\"]")
ngx.exit(0)
end
local openssl = require("resty.openssl")
ngx.say(require("cjson").encode(openssl.list_cipher_algorithms()))
if not version.OPENSSL_3X then
ngx.say("[\"AES-256-GCM @ default\"]")
ngx.exit(0)
end
ngx.say(require("cjson").encode(openssl.list_cipher_algorithms()))
}
}
--- request
GET /t
--- response_body_like
\[.+AES.+\]
\[.+AES-256-GCM @ default.+\]
--- no_error_log
[error]
=== TEST 4: List digest algorithms
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL then
ngx.say("[\"SHA\"]")
ngx.say("[\"SHA2-256 @ default\"]")
ngx.exit(0)
end
local openssl = require("resty.openssl")
ngx.say(require("cjson").encode(openssl.list_digest_algorithms()))
if not version.OPENSSL_3X then
ngx.say("[\"SHA2-256 @ default\"]")
ngx.exit(0)
end
ngx.say(require("cjson").encode(openssl.list_digest_algorithms()))
}
}
--- request
GET /t
--- response_body_like
\[.+SHA.+\]
\[.+SHA2-256 @ default.+\]
--- no_error_log
[error]
=== TEST 5: List mac algorithms
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if not version.OPENSSL_3X then
ngx.say("[\"HMAC @ default\"]")
ngx.exit(0)
end
local openssl = require("resty.openssl")
ngx.say(require("cjson").encode(openssl.list_mac_algorithms()))
}
}
--- request
GET /t
--- response_body_like
\[.+HMAC @ default.+\]
--- no_error_log
[error]
=== TEST 6: List kdf algorithms
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if not version.OPENSSL_3X then
ngx.say("[\"HKDF @ default\"]")
ngx.exit(0)
end
local openssl = require("resty.openssl")
ngx.say(require("cjson").encode(openssl.list_kdf_algorithms()))
}
}
--- request
GET /t
--- response_body_like
\[.+HKDF @ default.+\]
--- no_error_log
[error]
=== TEST 7: List SSL cipher
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.OPENSSL_10 or (version.OPENSSL_11 and not version.OPENSSL_111) then
ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
ngx.say("ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA")
ngx.exit(0)
end
local version = require("resty.openssl.version")
local openssl = require("resty.openssl")
ngx.say(openssl.list_ssl_ciphers())
ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA"))
ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA", nil, "TLSv1.2"))
ngx.say(openssl.list_ssl_ciphers("ECDHE-ECDSA-AES128-SHA", nil, "TLSv1.3"))
}
}
--- request
GET /t
--- response_body_like
.+:.+
.*ECDHE-ECDSA-AES128-SHA
.*ECDHE-ECDSA-AES128-SHA
.*ECDHE-ECDSA-AES128-SHA
--- no_error_log
[error]

141
src/deps/src/lua-resty-openssl/t/openssl/asn1.t
View File

@ -1,141 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
run_tests();
__DATA__
=== TEST 1: asn1_to_unix utctime
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local ffi = require("ffi")
local asn1 = require("resty.openssl.asn1")
local a = ffi.C.ASN1_STRING_type_new(23) -- V_ASN1_UTCTIME
ffi.gc(a, ffi.C.ASN1_STRING_free)
local s = "200115123456Z"
ffi.C.ASN1_STRING_set(a, s, #s)
ngx.print(assert(asn1.asn1_to_unix(a)))
}
}
--- request
GET /t
--- response_body eval
"1579091696"
--- no_error_log
[error]
=== TEST 2: asn1_to_unix utctime, offset
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local ffi = require("ffi")
local asn1 = require("resty.openssl.asn1")
local a = ffi.C.ASN1_STRING_type_new(23) -- V_ASN1_UTCTIME
ffi.gc(a, ffi.C.ASN1_STRING_free)
local s = "200115123456+0102"
ffi.C.ASN1_STRING_set(a, s, #s)
ngx.print(assert(asn1.asn1_to_unix(a)))
}
}
--- request
GET /t
--- response_body eval
"1579095416"
--- no_error_log
[error]
=== TEST 3: asn1_to_unix generalized time
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local ffi = require("ffi")
local asn1 = require("resty.openssl.asn1")
local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_GENERALIZEDTIME
ffi.gc(a, ffi.C.ASN1_STRING_free)
local s = "22200115123456Z"
ffi.C.ASN1_STRING_set(a, s, #s)
ngx.print(assert(asn1.asn1_to_unix(a)))
}
}
--- request
GET /t
--- response_body eval
"7890438896"
--- no_error_log
[error]
=== TEST 4: asn1_to_unix generalized time, offset
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local ffi = require("ffi")
local asn1 = require("resty.openssl.asn1")
local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_GENERALIZEDTIME
ffi.gc(a, ffi.C.ASN1_STRING_free)
local s = "22200115123456-0123"
ffi.C.ASN1_STRING_set(a, s, #s)
ngx.print(assert(asn1.asn1_to_unix(a)))
}
}
--- request
GET /t
--- response_body eval
"7890433916"
--- no_error_log
[error]
=== TEST 5: asn1_to_unix error on bad format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local ffi = require("ffi")
local asn1 = require("resty.openssl.asn1")
local a = ffi.C.ASN1_STRING_type_new(24) -- V_ASN1_UTCTIME
ffi.gc(a, ffi.C.ASN1_STRING_free)
for _, s in pairs({
"201315123456Z",
"200132123456Z",
"200115243456Z",
"200115123461Z",
}) do
ffi.C.ASN1_STRING_set(a, s, #s)
local _, err = asn1.asn1_to_unix(a)
if err == nil then
ngx.say(s, " should fail but didn't")
end
end
}
}
--- request
GET /t
--- response_body eval
""
--- no_error_log
[error]

232
src/deps/src/lua-resty-openssl/t/openssl/aux/jwk.t
View File

@ -1,232 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
no_long_string();
run_tests();
__DATA__
=== TEST 1: Loads JWK RSA key
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local jwk = require("cjson").encode({
kty = "RSA",
n = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
e = "AQAB",
d = "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q",
p = "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0",
q = "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8",
dp = "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE",
dq = "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk",
qi = "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"
})
local privkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
local privkey, err = require("resty.openssl.pkey").new(jwk, {
format = "JWK",
})
if err then
ngx.log(ngx.ERR, err)
return
end
-- errors
local _, err = require("resty.openssl.pkey").new('asdasd', {
format = "JWK",
})
ngx.say(err)
local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
kty = "RSA",
n = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
}), {
format = "JWK",
})
ngx.say(err)
-- pubkey only
jwk = require("cjson").encode({
kty = "RSA",
n = "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
e = "AQAB",
})
local pubkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
local s, err = pubkey:encrypt("23333")
if err then
ngx.log(ngx.ERR, err)
return
end
local s, err = privkey:decrypt(s)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(s)
}
}
--- request
GET /t
--- response_body eval
'pkey.new:load_key: error decoding JSON from JWK: Expected value but found invalid token at character 1
pkey.new:load_key: failed to construct RSA key from JWK: at least "n" and "e" parameter is required
23333
'
--- no_error_log
[error]
=== TEST 2: Loads JWK EC key
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local jwk = require("cjson").encode({
kty = "EC",
crv = "P-256",
x = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
y = "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
d = "0g5vAEKzugrXaRbgKG0Tj2qJ5lMP4Bezds1_sTybkfk"
})
local privkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
local privkey, err = require("resty.openssl.pkey").new(jwk, {
format = "JWK",
})
if err then
ngx.log(ngx.ERR, err)
return
end
-- errors
local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
kty = "EC",
crv = "P-256",
x = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
}), {
format = "JWK",
})
ngx.say(err)
-- pubkey only
jwk = require("cjson").encode({
kty = "EC",
crv = "P-256",
x = "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
y = "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
})
local pubkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
local d = require("resty.openssl.digest").new("sha256")
d:update("23333")
local s, err = privkey:sign(d)
if err then
ngx.log(ngx.ERR, err)
return
end
local ok, err = pubkey:verify(s, d)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(ok)
}
}
--- request
GET /t
--- response_body eval
'pkey.new:load_key: failed to construct EC key from JWK: at least "x" and "y" parameter is required
true
'
--- no_error_log
[error]
=== TEST 3: Loads JWK Ed25519 key
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_111_OR_LATER then
ngx.say('pkey.new:load_key: failed to construct OKP key from JWK: at least "x" or "d" parameter is required')
ngx.exit(0)
end
local jwk = require("cjson").encode({
kty = "OKP",
crv = "Ed25519",
x = "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
d = "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
})
local privkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
local privkey, err = require("resty.openssl.pkey").new(jwk, {
format = "JWK",
})
if err then
ngx.log(ngx.ERR, err)
return
end
-- errors
local _, err = require("resty.openssl.pkey").new(require("cjson").encode({
kty = "OKP",
crv = "Ed25519",
}), {
format = "JWK",
})
ngx.say(err)
-- pubkey only
jwk = require("cjson").encode({
kty = "OKP",
crv = "Ed25519",
x = "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo",
})
local pubkey, err = require("resty.openssl.pkey").new(jwk)
if err then
ngx.log(ngx.ERR, err)
return
end
}
}
--- request
GET /t
--- response_body eval
'pkey.new:load_key: failed to construct OKP key from JWK: at least "x" or "d" parameter is required
'
--- no_error_log
[error]

623
src/deps/src/lua-resty-openssl/t/openssl/bn.t
View File

@ -1,623 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
run_tests();
__DATA__
=== TEST 1: New BIGNUM instance correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn, err = require("resty.openssl.bn").new()
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn:to_binary()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(ngx.encode_base64(b))
}
}
--- request
GET /t
--- response_body eval
""
--- error_log
bn:to_binary failed
=== TEST 2: New BIGNUM instance from number
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn, err = require("resty.openssl.bn").new(0x5b25)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn:to_binary()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(ngx.encode_base64(b))
}
}
--- request
GET /t
--- response_body eval
"WyU="
--- no_error_log
[error]
=== TEST 3: Duplicate the ctx
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
require('ffi').cdef('typedef struct bignum_st BIGNUM; void BN_free(BIGNUM *a);')
local bn, err = require("resty.openssl.bn").new(0x5b25)
if err then
ngx.log(ngx.ERR, err)
return
end
local bn2, err = require("resty.openssl.bn").dup(bn.ctx)
if err then
ngx.log(ngx.ERR, err)
return
end
bn = nil
collectgarbage("collect")
local b, err = bn2:to_binary()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(ngx.encode_base64(b))
}
}
--- request
GET /t
--- response_body eval
"WyU="
--- no_error_log
[error]
=== TEST 4: from_binary, to_binary
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local d = ngx.decode_base64('WyU=')
local bn, err = require("resty.openssl.bn").from_binary(d)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn:to_binary()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(ngx.encode_base64(b))
if not require("resty.openssl.version").OPENSSL_11_OR_LATER then
ngx.print("AAAAAAAAAABbJQ=="); ngx.exit(0)
end
local b, err = bn:to_binary(10)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(ngx.encode_base64(b))
}
}
--- request
GET /t
--- response_body eval
"WyU=AAAAAAAAAABbJQ=="
--- no_error_log
[error]
=== TEST 5: from_hex, to_hex
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn, err = require("resty.openssl.bn").from_hex("5B25")
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn:to_hex()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(b)
}
}
--- request
GET /t
--- response_body_like eval
"5[Bb]25"
--- no_error_log
[error]
=== TEST 6: from_dec, to_dec
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn, err = require("resty.openssl.bn").from_dec("23333")
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn:to_dec()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.print(b)
}
}
--- request
GET /t
--- response_body eval
"23333"
--- no_error_log
[error]
=== TEST 7: to_number
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local b, err = bn.new(23333)
if err then
ngx.log(ngx.ERR, err)
return
end
local n, err = b:to_number()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(n),type(n))
b, err = bn.from_dec('184467440737095516161844674407370955161618446744073709551616')
if err then
ngx.log(ngx.ERR, err)
return
end
local n, err = b:to_number()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(n),type(n))
}
}
--- request
GET /t
--- response_body eval
"23333number
1.844674407371e+19number
"
--- no_error_log
[error]
=== TEST 8: unary minus
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn, err = require("resty.openssl.bn").new(23333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = (-bn):to_dec()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(b)
local b, err = (-(-bn)):to_dec()
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(b)
}
}
--- request
GET /t
--- response_body eval
"-23333
23333
"
--- no_error_log
[error]
=== TEST 9: metamethods checks arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local a, err = require("resty.openssl.bn").new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = require("resty.openssl.bn").new(2478652)
if err then
ngx.log(ngx.ERR, err)
return
end
local pok, perr = pcall(function() return a + "233" end)
ngx.say(perr)
local pok, perr = pcall(function() return "233" - a end)
ngx.say(perr)
}
}
--- request
GET /t
--- response_body_like eval
".+cannot add a string to bignum
.+cannot substract a string to bignum
"
--- no_error_log
[error]
=== TEST 10: add, sub, mul, div mod
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn.new(2478652)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a+b))
ngx.say(tostring(a-b))
ngx.say(tostring(a*b))
ngx.say(tostring(a/b))
ngx.say(tostring(a%b))
ngx.say(tostring(a*2478652))
ngx.say(tostring(23578164761333*b))
ngx.say(tostring(bn.mul(23578164761333, b)))
ngx.say(tostring(a:mul(b)))
ngx.say(tostring(23578164761333*2478652))
}
}
--- request
GET /t
--- response_body eval
"23578167239985
23578162282681
58442065242007563116
9512495
4593
58442065242007563116
58442065242007563116
58442065242007563116
58442065242007563116
5.8442065242008e\+19
"
--- no_error_log
[error]
=== TEST 11: sqr, exp
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn.new(97)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a:sqr()))
ngx.say(tostring(a:exp(2)))
ngx.say(tostring(a:pow(2)))
ngx.say(tostring(b:exp(b)))
ngx.say(tostring(bn.sqr(a)))
ngx.say(tostring(bn.sqr(23578164761333)))
ngx.say(tostring(bn.exp(a, 2)))
ngx.say(tostring(bn.exp(23578164761333, 2)))
}
}
--- request
GET /t
--- response_body eval
"555929853512565244851936889
555929853512565244851936889
555929853512565244851936889
5210245939718361468048211048414496022534389576033913164940029913016568215580398296261072019231723279851007241838011659882766685337218633992220688288491655299087016195985205218347711578485744737
555929853512565244851936889
555929853512565244851936889
555929853512565244851936889
555929853512565244851936889
"
--- no_error_log
[error]
=== TEST 12: gcd
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn.new(97)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a:gcd(b)))
ngx.say(tostring(bn.gcd(a, b)))
ngx.say(tostring(bn.gcd(a, 97)))
ngx.say(tostring(bn.gcd(23578164761333, b)))
}
}
--- request
GET /t
--- response_body eval
"1
1
1
1
"
--- no_error_log
[error]
=== TEST 13: lshift, rshift
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a:lshift(2)))
ngx.say(tostring(a:rshift(2)))
}
}
--- request
GET /t
--- response_body eval
"94312659045332
5894541190333
"
--- no_error_log
[error]
=== TEST 14: comparasion
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn.new(97)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a == b))
ngx.say(tostring(a ~= b))
ngx.say(tostring(a >= b))
ngx.say(tostring(a > b))
ngx.say(tostring(a < b))
ngx.say(tostring(a <= b))
ngx.say("")
ngx.say(tostring(a == a))
ngx.say(tostring(a ~= a))
ngx.say(tostring(a >= a))
ngx.say(tostring(a > a))
ngx.say(tostring(a < a))
ngx.say(tostring(a <= a))
}
}
--- request
GET /t
--- response_body eval
"false
true
true
true
false
false
true
false
true
false
false
true
"
--- no_error_log
[error]
=== TEST 15: is_one, is_zero, is_odd, is_word
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
ngx.say(tostring(bn.new(0):is_zero()))
ngx.say(tostring(bn.new(1):is_zero()))
ngx.say(tostring(bn.new(0):is_one()))
ngx.say(tostring(bn.new(1):is_one()))
ngx.say(tostring(bn.new(0):is_odd()))
ngx.say(tostring(bn.new(1):is_odd()))
ngx.say(tostring(bn.new(0):is_word(0)))
ngx.say(tostring(bn.new(1):is_word(0)))
}
}
--- request
GET /t
--- response_body eval
"true
false
false
true
false
true
true
false
"
--- no_error_log
[error]
=== TEST 16: is_prime
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
ngx.say(tostring(bn.new(2):is_prime()))
ngx.say(tostring(bn.new(15):is_prime()))
ngx.say(tostring(bn
.from_hex('00d3277434ff7e3d410b3453a5cddc13e834fbdc19f38c580bc05b68dfa179afa4b6e6d34fe2bde9d90390046a86306bd022d4ed8187ccaa21808e189e7b803fd918b7782078f3be6bc8683d71d7d46cb134bc2a74dbe410d2bb068e45af95deef546f6970b83f9386e504b6fbefee6ae804fbf544e6b7cf82aacfff9472c6af07')
:is_prime()))
}
}
--- request
GET /t
--- response_body eval
"true
false
true
"
--- no_error_log
[error]
=== TEST 17: mod_add, mod_sub, mod_mul, mul_exp, mul_sqr mod
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.new(23578164761333)
if err then
ngx.log(ngx.ERR, err)
return
end
local b, err = bn.new(2478652)
if err then
ngx.log(ngx.ERR, err)
return
end
local m, err = bn.new(65537)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(a:mod_add(b, m)))
ngx.say(tostring(a:mod_sub(b, m)))
ngx.say(tostring(a:mod_mul(b, m)))
ngx.say(tostring(a:mod_exp(b, m)))
ngx.say(tostring(a:mod_sqr(b, m)))
ngx.say(tostring(a:mod_exp(b, 65537)))
ngx.say(tostring(bn.mod_exp(a, 2478652, m)))
}
}
--- request
GET /t
--- response_body eval
"49755
7726
27398
28353
1266433
28353
28353
"
--- no_error_log
[error]
=== TEST 18: generate_prime
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local bn = require("resty.openssl.bn")
local a, err = bn.generate_prime(10, false)
if err then
ngx.log(ngx.ERR, err)
return
end
if not a:is_prime() then
ngx.log(ngx.ERR, "not prime")
return
end
local a, err = bn.generate_prime(10, true)
if err then
ngx.log(ngx.ERR, err)
return
end
if not a:is_prime() then
ngx.log(ngx.ERR, "not prime")
return
end
ngx.say("ok")
}
}
--- request
GET /t
--- response_body eval
"ok
"
--- no_error_log
[error]

517
src/deps/src/lua-resty-openssl/t/openssl/cipher.t
View File

@ -1,517 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Creates cipher correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
is_encrypt = true,
}))
ngx.print(ngx.encode_base64(myassert(cipher:final('1'))))
}
}
--- request
GET /t
--- response_body eval
"VhGyRCcMvlAgUjTYrqiWpg=="
--- no_error_log
[error]
=== TEST 2: Rejects unknown cipher
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher, err = require("resty.openssl.cipher").new("aes257")
ngx.print(err)
}
}
--- request
GET /t
--- response_body_like eval
"cipher.new: invalid cipher type \"aes257\".*"
--- no_error_log
[error]
=== TEST 3: Unintialized ctx throw errors
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local s, err = cipher:update("1")
ngx.say(err)
local _, err = cipher:final("1")
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
"cipher:update: cipher not initalized, call cipher:init first
cipher:update: cipher not initalized, call cipher:init first
"
--- no_error_log
[error]
=== TEST 4: Encrypt
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local s = myassert(cipher:encrypt(string.rep("0", 32), string.rep("0", 16), '1'))
ngx.print(ngx.encode_base64(s))
}
}
--- request
GET /t
--- response_body eval
"VhGyRCcMvlAgUjTYrqiWpg=="
--- no_error_log
[error]
=== TEST 5: Encrypt no padding
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local s, err = cipher:encrypt(string.rep("0", 32), string.rep("0", 16), '1', true)
ngx.say(s)
-- 1.x: data not multiple of block length
-- 3.0: wrong final block length
ngx.say(err)
local s = myassert(cipher:encrypt(string.rep("0", 32), string.rep("0", 16),
'1' .. string.rep(string.char(15), 15), true))
ngx.print(ngx.encode_base64(s))
}
}
--- request
GET /t
--- response_body_like eval
"nil
.+(?:data not multiple of block length|wrong final block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH)
VhGyRCcMvlAgUjTYrqiWpg=="
--- no_error_log
[error]
=== TEST 6: Decrypt
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local s = myassert(cipher:decrypt(string.rep("0", 32), string.rep("0", 16),
ngx.decode_base64("VhGyRCcMvlAgUjTYrqiWpg==")))
ngx.print(s)
}
}
--- request
GET /t
--- response_body eval
"1"
--- no_error_log
[error]
=== TEST 7: Decrypt no padding
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local s = myassert(cipher:decrypt(string.rep("0", 32), string.rep("0", 16),
ngx.decode_base64("VhGyRCcMvlAgUjTYrqiWpg=="), true))
ngx.print(s)
}
}
--- request
GET /t
--- response_body eval
"1\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}\x{0f}"
--- no_error_log
[error]
=== TEST 8: Encrypt streaming
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
is_encrypt = true,
}))
local sample = 'abcdefghi'
local count = 5
for i=1,count,1 do
local s = myassert(cipher:update(sample))
if s ~= "" then
ngx.say(ngx.encode_base64(s))
else
ngx.say("nothing")
end
end
local s = myassert(cipher:final(sample))
ngx.say("final")
ngx.say(ngx.encode_base64(s))
}
}
--- request
GET /t
--- response_body eval
"nothing
SEk81GpcHC9KoZfN14RrNg==
nothing
L2dVbLMhEigy917CJBXz7g==
nothing
final
dtpklHxY9IbgmSw84+2XMr0Vy/S1392+rvu0A3GW1Wo=
"
--- no_error_log
[error]
=== TEST 9: Decrypt streaming
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
is_encrypt = false,
}))
local input = ngx.decode_base64('SEk81GpcHC9KoZfN14RrNg==') ..
ngx.decode_base64('L2dVbLMhEigy917CJBXz7g==') ..
ngx.decode_base64('dtpklHxY9IbgmSw84+2XMr0Vy/S1392+rvu0A3GW1Wo=')
local count = 5 + 1
local len = (#input - #input % count) / count
for i=0,#input-len,len do
local s = myassert(cipher:update(string.sub(input, i+1, i+len)))
if s ~= "" then
ngx.say(s)
else
ngx.say("nothing")
end
end
-- this should throw error since we end in the middle
local s, err = cipher:final()
ngx.say(err)
ngx.say(s)
-- feed the last chunk of input
local s = myassert(cipher:final(string.sub(input, #input -#input % count + 1, #input)))
ngx.say("final")
ngx.say(s)
}
}
--- request
GET /t
--- response_body_like eval
"nothing
abcdefghiabcdefg
nothing
hiabcdefghiabcde
fghiabcdefghiabc
nothing
.+(wrong final block length|WRONG_FINAL_BLOCK_LENGTH)
nil
final
defghi
"
--- no_error_log
[error]
=== TEST 10: Derive key and iv
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
function string.tohex(str)
return (str:gsub('.', function (c)
return string.format('%02X', string.byte(c))
end))
end
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-- openssl enc -aes-256-cbc -pass pass:xxx -S 797979 -P -md md5
local key, iv = cipher:derive("xxx", "yyy", 1, "md5")
ngx.say(key:tohex())
ngx.say(iv:tohex())
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-ecb"))
-- openssl enc -aes-256-ecb -pass pass:xxx -S 797979 -P -md md5
local key, iv = cipher:derive("xxx", "yyy", 1, "md5")
ngx.say(key:tohex())
ngx.say(iv:tohex() == "" and "no iv")
}
}
--- request
GET /t
--- response_body eval
"1F94CD004791ECFD50955451ACDA89D2CF1B4BCC6A378E4FC5C5861BDED17F61
FE91AF7782EDB48F32775BB2B72DD5ED
1F94CD004791ECFD50955451ACDA89D2CF1B4BCC6A378E4FC5C5861BDED17F61
no iv
"
--- no_error_log
[error]
=== TEST 11: Derive key and iv: salt, count and md is optional
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
function string.tohex(str)
return (str:gsub('.', function (c)
return string.format('%02X', string.byte(c))
end))
end
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
-- openssl enc -aes-256-cbc -pass pass:xxx -nosalt -P -md sha1
local key, iv = cipher:derive("xxx")
ngx.say(key:tohex())
ngx.say(iv:tohex())
}
}
--- request
GET /t
--- response_body eval
"B60D121B438A380C343D5EC3C2037564B82FFEF3542808AB5694FA93C3179140
20578C4FEF1AEE907B1DC95C776F8160
"
--- no_error_log
[error]
=== TEST 12: AEAD modes
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local myassert = require("helper").myassert
local key = string.rep("0", 32)
local iv = string.rep("0", 12)
local aad = "an aad"
local cipher = require("resty.openssl.cipher")
local enc = myassert(cipher.new("aes-256-gcm"))
local d = myassert(enc:encrypt(key, iv, "secret", false, aad))
local tag = myassert(enc:get_aead_tag())
local dec = myassert(cipher.new("aes-256-gcm"))
local s = myassert(dec:decrypt(key, iv, d, false, aad, tag))
ngx.say(s)
local dec = myassert(cipher.new("aes-256-gcm"))
local r, err = dec:decrypt(key, iv, d, false, nil, tag)
ngx.say(r)
local dec = myassert(cipher.new("aes-256-gcm"))
local r, err = dec:decrypt(key, iv, d, false, aad, nil)
ngx.say(r)
}
}
--- request
GET /t
--- response_body eval
"secret
nil
nil
"
--- no_error_log
[error]
=== TEST 13: Returns provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("default")
ngx.exit(0)
end
local cipher = require("resty.openssl.cipher")
local c = myassert(cipher.new("aes256"))
ngx.say(myassert(c:get_provider_name()))
}
}
--- request
GET /t
--- response_body
default
--- no_error_log
[error]
=== TEST 14: Returns gettable, settable params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("-ivlen-\n-padding-")
ngx.exit(0)
end
local cipher = require("resty.openssl.cipher")
local c = myassert(cipher.new("aes256"))
ngx.say(require("cjson").encode(myassert(c:gettable_params())))
ngx.say(require("cjson").encode(myassert(c:settable_params())))
}
}
--- request
GET /t
--- response_body_like
.+ivlen.+
.+padding.+
--- no_error_log
[error]
=== TEST 15: Get params, set params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("secret\nsecret\nnil")
ngx.exit(0)
end
local myassert = require("helper").myassert
local key = string.rep("0", 32)
local iv = string.rep("0", 12)
local aad = "an aad"
local cipher = require("resty.openssl.cipher")
local enc = myassert(cipher.new("aes-256-gcm"))
local d = myassert(enc:encrypt(key, iv, "secret", false, aad))
local tag = myassert(enc:get_param("tag", 16))
local dec = myassert(cipher.new("aes-256-gcm"))
local s = myassert(dec:decrypt(key, iv, d, false, aad, tag))
ngx.say(s)
local dec = myassert(cipher.new("aes-256-gcm"))
myassert(dec:init(key, iv))
myassert(dec:set_params({tag = tag}))
myassert(dec:update_aead_aad(aad))
local r, err = dec:final(d)
ngx.say(r)
local dec = myassert(cipher.new("aes-256-gcm"))
myassert(dec:init(key, iv))
myassert(dec:set_params({tag = "wrong tag"}))
myassert(dec:update_aead_aad(aad))
local r, err = dec:final(d)
ngx.say(r)
}
}
--- request
GET /t
--- response_body eval
"secret
secret
nil
"
--- no_error_log
[error]
=== TEST 16: Update with segements larger than 1024
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cipher = myassert(require("resty.openssl.cipher").new("aes-256-cbc"))
local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
is_encrypt = true,
}))
local count = 3
for i=1,count,1 do
local s = myassert(cipher:update(string.rep(tostring(i), 1024)))
if s ~= "" then
ngx.say(ngx.encode_base64(string.sub(s, -16)))
else
ngx.say("nothing")
end
end
local s = myassert(cipher:final(string.rep("a", 1024)))
ngx.say("final")
ngx.say(ngx.encode_base64(string.sub(s, -16)))
local ok = myassert(cipher:init(string.rep("0", 32), string.rep("0", 16), {
is_encrypt = true,
}))
local s = myassert(cipher:final(string.rep("1", 1024) ..
string.rep("2", 1024) ..
string.rep("3", 1024) ..
string.rep("a", 1024)))
ngx.say(ngx.encode_base64(string.sub(s, -16))) -- should be same as above
}
}
--- request
GET /t
--- response_body eval
"XZElJKMyKzuvbYNf4Y0hAw==
59Cw1+C6hHpfqsOn7PZ2Gw==
t6oGLYvnjihoi+7tPfyK/A==
final
QcpC0TXDxiOln2ENZ0aGDA==
QcpC0TXDxiOln2ENZ0aGDA==
"
--- no_error_log
[error]

96
src/deps/src/lua-resty-openssl/t/openssl/ctx.t
View File

@ -1,96 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Can create a ctx in ngx.ctx
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.exit(0)
end
local ctx = require("resty.openssl.ctx")
myassert(ctx.new(true))
}
}
--- request
GET /t
--- no_error_log
[error]
=== TEST 2: Can create a ctx in global namespace
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.exit(0)
end
local ctx = require("resty.openssl.ctx")
myassert(ctx.new())
}
}
--- request
GET /t
--- no_error_log
[error]
=== TEST 3: Can free ctx in ngx.ctx
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.exit(0)
end
local ctx = require("resty.openssl.ctx")
myassert(ctx.new(true))
myassert(ctx.free(true))
}
}
--- request
GET /t
--- no_error_log
[error]
=== TEST 4: Can free ctx in global namespace
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.exit(0)
end
local ctx = require("resty.openssl.ctx")
myassert(ctx.new())
myassert(ctx.free())
}
}
--- request
GET /t
--- no_error_log
[error]

180
src/deps/src/lua-resty-openssl/t/openssl/digest.t
View File

@ -1,180 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Calculate digest correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local digest = myassert(require("resty.openssl.digest").new("sha256"))
myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
ngx.print(ngx.encode_base64(myassert(digest:final())))
}
}
--- request
GET /t
--- response_body eval
"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
--- no_error_log
[error]
=== TEST 2: Update accepts vardiac args
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local digest = myassert(require("resty.openssl.digest").new("sha256"))
myassert(digest:update("🦢", "🦢🦢", "🦢🦢", "🦢"))
ngx.print(ngx.encode_base64(myassert(digest:final())))
}
}
--- request
GET /t
--- response_body eval
"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
--- no_error_log
[error]
=== TEST 3: Final accepts optional arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local digest = myassert(require("resty.openssl.digest").new("sha256"))
myassert(digest:update("🦢", "🦢🦢", "🦢🦢"))
ngx.print(ngx.encode_base64(myassert(digest:final("🦢"))))
}
}
--- request
GET /t
--- response_body eval
"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s="
--- no_error_log
[error]
=== TEST 4: Rejects unknown hash
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local digest, err = require("resty.openssl.digest").new("sha257")
ngx.print(err)
}
}
--- request
GET /t
--- response_body_like eval
"digest.new: invalid digest type \"sha257\".*"
--- no_error_log
[error]
=== TEST 5: Can be reused
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local digest = myassert(require("resty.openssl.digest").new("sha256"))
myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
ngx.say(ngx.encode_base64(myassert(digest:final())))
myassert(digest:reset())
myassert(digest:update("🦢🦢🦢🦢🦢🦢"))
ngx.say(ngx.encode_base64(myassert(digest:final())))
}
}
--- request
GET /t
--- response_body eval
"2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s=
2iuYqSWdAyVAtQxL/p+AOl2kqp83fN4k+da6ngAt8+s=
"
--- no_error_log
[error]
=== TEST 6: Returns provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("default")
ngx.exit(0)
end
local digest = require("resty.openssl.digest")
local d = myassert(digest.new("sha256"))
ngx.say(myassert(d:get_provider_name()))
}
}
--- request
GET /t
--- response_body
default
--- no_error_log
[error]
=== TEST 7: Returns gettable, settable params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("{}\n-ssl3-ms-")
ngx.exit(0)
end
local digest = require("resty.openssl.digest")
local d = myassert(digest.new("md5-sha1"))
ngx.say(require("cjson").encode(myassert(d:gettable_params())))
ngx.say(require("cjson").encode(myassert(d:settable_params())))
}
}
--- request
GET /t
--- response_body_like
{}
.+ssl3-ms.+
--- no_error_log
[error]
=== TEST 8: Get params, set params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
-- no good example to test
ngx.say("skipped")
}
}
--- request
GET /t
--- response_body eval
"skipped
"
--- no_error_log
[error]

39
src/deps/src/lua-resty-openssl/t/openssl/err.t
View File

@ -1,39 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
run_tests();
__DATA__
=== TEST 1: Don't cry if there's no error
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local format_error = require("resty.openssl.err").format_error
ngx.print(format_error("fake function"))
}
}
--- request
GET /t
--- response_body eval
"fake function failed"
--- no_error_log
[error]

169
src/deps/src/lua-resty-openssl/t/openssl/helper.lua
View File

@ -1,169 +0,0 @@
local pkey = require "resty.openssl.pkey"
local x509 = require "resty.openssl.x509"
local name = require "resty.openssl.x509.name"
local extension = require "resty.openssl.x509.extension"
local bn = require "resty.openssl.bn"
local digest = require "resty.openssl.digest"
local BORINGSSL = require "resty.openssl.version".BORINGSSL
local OPENSSL_3X = require "resty.openssl.version".OPENSSL_3X
local function create_self_signed(key_opts, names, is_ca, signing_key, issuing_name)
local key = pkey.new(key_opts or {
type = 'RSA',
bits = 1024,
})
local cert = x509.new()
cert:set_pubkey(key)
cert:set_version(3)
local now = os.time()
cert:set_not_before(now)
cert:set_not_after(now + 86400)
local nm = name.new()
for k, v in pairs(names or {}) do
assert(nm:add(k, v))
end
assert(cert:set_subject_name(nm))
assert(cert:set_issuer_name(issuing_name or nm))
assert(cert:set_basic_constraints { CA = is_ca })
assert(cert:set_basic_constraints_critical(true))
if not is_ca then
assert(cert:add_extension(extension.new("extendedKeyUsage",
"serverAuth,clientAuth")))
assert(cert:add_extension(assert(extension.new("subjectKeyIdentifier", "hash", {
subject = cert,
}))))
end
local dgst
if BORINGSSL then
dgst = digest.new("SHA256")
end
assert(cert:sign(signing_key or key, dgst))
return cert, key
end
local function to_hex(bin)
local hex, err = bn.from_binary(bin):to_hex()
if err then
error(err)
end
return hex:upper()
end
local function myassert(...)
local ret = {...}
local err = ret[#ret]
if #ret > 1 and err then
ngx.log(ngx.ERR, tostring(err))
ngx.exit(0)
end
return ...
end
-- https://github.com/openresty/lua-cjson/blob/461c7ef23a49062d4b1bf0e1afb3be294d007861/tests/sort_json.lua
-- NOTE: This will only work for simple tests. It doesn't parse strings so if
-- you put any symbols like {?[], inside of a string literal then it will break
-- The point of this function is to test basic structures, and not test JSON
-- strings
local function sort_callback(str)
local inside = str:sub(2, -2)
local parts = {}
local buffer = ""
local pos = 1
while true do
if pos > #inside then
break
end
local append
local parens = inside:match("^%b{}", pos)
if parens then
pos = pos + #parens
append = sort_callback(parens)
else
local array = inside:match("^%b[]", pos)
if array then
pos = pos + #array
append = array
else
local front = inside:sub(pos, pos)
pos = pos + 1
if front == "," then
table.insert(parts, buffer)
buffer = ""
else
append = front
end
end
end
if append then
buffer = buffer .. append
end
end
if buffer ~= "" then
table.insert(parts, buffer)
end
table.sort(parts)
return "{" .. table.concat(parts, ",") .. "}"
end
local function sort_json(str)
return (str:gsub("%b{}", sort_callback))
end
local function encode_sorted_json(tbl)
return sort_json(require("cjson").encode(tbl))
end
local function create_cert_chain(depth, key_opts)
local last_key, last_cn
local certs, keys = {}, {}
for i=1, depth do
local cn, issuer
if last_key then
cn = "lua-resty-openssl Test Cert leaf " .. i - 1
issuer = name.new()
assert(issuer:add("CN", last_cn))
else
cn = "lua-resty-openssl Test Cert Root CA"
end
last_cn = cn
local crt, key = create_self_signed(key_opts,
{ CN = cn }, i < depth, last_key, issuer)
certs[i] = crt
keys[i] = key
last_key = key
end
return certs, keys
end
return {
create_self_signed = create_self_signed,
to_hex = to_hex,
myassert = myassert,
encode_sorted_json = encode_sorted_json,
create_cert_chain = create_cert_chain,
}

118
src/deps/src/lua-resty-openssl/t/openssl/hmac.t
View File

@ -1,118 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Calculate hmac correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
ngx.print(ngx.encode_base64(myassert(hmac:final())))
}
}
--- request
GET /t
--- response_body eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 2: Update accepts vardiac args
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
hmac:update("🦢", "🦢🦢", "🦢🦢", "🦢")
ngx.print(ngx.encode_base64(hmac:final()))
}
}
--- request
GET /t
--- response_body eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 3: Final accepts optional arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
myassert(hmac:update("🦢", "🦢🦢", "🦢🦢"))
ngx.print(ngx.encode_base64(myassert(hmac:final("🦢"))))
}
}
--- request
GET /t
--- response_body eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 4: Rejects unknown hash
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local hmac, err = require("resty.openssl.hmac").new("goose", "sha257")
ngx.print(err)
}
}
--- request
GET /t
--- response_body_like eval
"hmac.new:.+(?:invalid|unsupported).*"
--- no_error_log
[error]
=== TEST 5: Can be reused
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local hmac = myassert(require("resty.openssl.hmac").new("goose", "sha256"))
myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
ngx.say(ngx.encode_base64(myassert(hmac:final())))
myassert(hmac:reset())
myassert(hmac:update("🦢🦢🦢🦢🦢🦢"))
ngx.say(ngx.encode_base64(myassert(hmac:final())))
}
}
--- request
GET /t
--- response_body eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=
kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=
"
--- no_error_log
[error]

457
src/deps/src/lua-resty-openssl/t/openssl/kdf.t
View File

@ -1,457 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: kdf: invalid args are checked
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local kdf = require("resty.openssl.kdf")
local key, err = kdf.derive({
})
ngx.say(err)
local key, err = kdf.derive({
type = "no",
})
ngx.say(err)
local key, err = kdf.derive({
type = kdf.PBKDF2,
})
ngx.say(err)
local key, err = kdf.derive({
type = kdf.PBKDF2,
outlen = 16,
pass = 123,
})
ngx.say(err)
local key, err = kdf.derive({
type = 19823718236128631,
outlen = 16,
pass = "123",
})
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"kdf.derive: \"type\" must be set
kdf.derive: expect a number as \"type\"
kdf.derive: \"outlen\" must be set
kdf.derive: except a string as \"pass\"
kdf.derive: unknown type 19823718236128632
"
--- no_error_log
[error]
=== TEST 2: PBKDF2
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.PBKDF2,
outlen = 16,
pass = "1234567",
pbkdf2_iter = 1000,
md = "md5",
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"cDRFLQ7NWt\\+AP4i0TdBzog=="
--- no_error_log
[error]
=== TEST 3: PBKDF2, optional args
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.PBKDF2,
outlen = 16,
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"HkN6HHnXW\\+YekRQdriCv/A=="
--- no_error_log
[error]
=== TEST 4: HKDF
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
ngx.print("aqRd+gO5Ok3YneDEormTcg==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.HKDF,
outlen = 16,
md = "md5",
salt = "salt",
hkdf_key = "secret",
hkdf_info = "some info",
hkdf_mode = kdf.HKDEF_MODE_EXTRACT_AND_EXPAND,
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body eval
"aqRd+gO5Ok3YneDEormTcg=="
--- no_error_log
[error]
=== TEST 5: HKDF, optional arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
ngx.say("aggdq4eoqRiP0Z3GbpxCjg==")
ngx.say("W/tSxFnNsHIYwXa13eybYhW9W3Y=")
ngx.exit(0)
end
local version_num = version.version_num
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.HKDF,
outlen = 16,
salt = "salt",
hkdf_key = "secret",
hkdf_info = "info",
}))
ngx.say(ngx.encode_base64(key))
if not version.OPENSSL_111_or_LATER then
ngx.say("W/tSxFnNsHIYwXa13eybYhW9W3Y=")
ngx.exit(0)
end
local key = myassert(kdf.derive({
type = kdf.HKDF,
outlen = 16,
salt = "salt",
hkdf_key = "secret",
hkdf_mode = kdf.HKDEF_MODE_EXTRACT_ONLY,
}))
ngx.say(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"aggdq4eoqRiP0Z3GbpxCjg==
W/tSxFnNsHIYwXa13eybYhW9W3Y=
"
--- no_error_log
[error]
=== TEST 6: TLS1-PRF
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
ngx.print("0xr8qthU+ypv2xRC90la8g==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.TLS1_PRF,
outlen = 16,
md = "md5",
tls1_prf_secret = "secret",
tls1_prf_seed = "seed",
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"0xr8qthU\\+ypv2xRC90la8g=="
--- no_error_log
[error]
=== TEST 7: TLS1-PRF, optional arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
ngx.print("XVVDK9/puTqBOsyTKt8PKQ==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.TLS1_PRF,
outlen = 16,
tls1_prf_secret = "secret",
tls1_prf_seed = "seed",
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"XVVDK9/puTqBOsyTKt8PKQ=="
--- no_error_log
[error]
=== TEST 8: scrypt
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
if version.BORINGSSL or not version.OPENSSL_11_OR_LATER then
ngx.print("9giFtxace5sESmRb8qxuOw==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local key = myassert(kdf.derive({
type = kdf.SCRYPT,
outlen = 16,
pass = "1234567",
scrypt_N = 1024,
scrypt_r = 8,
scrypt_p = 16,
}))
ngx.print(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like eval
"9giFtxace5sESmRb8qxuOw=="
--- no_error_log
[error]
=== TEST 9: EVP_KDF API: new
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say('mac.new: invalid mac type "UNKNOWNKDF": blah')
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
myassert(kdf.new("PBKDF2"))
local ok, err = kdf.new("UNKNOWNKDF")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
".+invalid mac type \"UNKNOWNKDF\".+
"
--- no_error_log
[error]
=== TEST 10: EVP_KDF API: Returns provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("default")
ngx.exit(0)
end
local cipher = require("resty.openssl.kdf")
local c = myassert(cipher.new("hkdf"))
ngx.say(myassert(c:get_provider_name()))
}
}
--- request
GET /t
--- response_body
default
--- no_error_log
[error]
=== TEST 11: EVP_KDF API: derive
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("cDRFLQ7NWt+AP4i0TdBzog==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local k = myassert(kdf.new("PBKDF2"))
local key = myassert(k:derive(16, {
pass = "1234567",
iter = 1000,
digest = "md5",
salt = "",
}))
ngx.say(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body
cDRFLQ7NWt+AP4i0TdBzog==
--- no_error_log
[error]
=== TEST 12: EVP_KDF API: Returns gettable, settable params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("-size-\n-digest-")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local k = myassert(kdf.new("PBKDF2"))
ngx.say(require("cjson").encode(myassert(k:gettable_params())))
ngx.say(require("cjson").encode(myassert(k:settable_params())))
}
}
--- request
GET /t
--- response_body_like
.+size.+
.+digest.+
--- no_error_log
[error]
=== TEST 13: EVP_KDF API: Get params, set params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("cDRFLQ7NWt+AP4i0TdBzog==\n18446744073709551615")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local k = myassert(kdf.new("PBKDF2"))
myassert(k:set_params({
iter = 1000,
digest = "md5",
salt = "",
}))
local key = myassert(k:derive(16, {
pass = "1234567",
}))
ngx.say(ngx.encode_base64(key))
-- output SIZE_MAX since it's not fixed size, need to find a better test case
ngx.say(tostring(k:get_param("size", nil, "bn")))
}
}
--- request
GET /t
--- response_body
cDRFLQ7NWt+AP4i0TdBzog==
18446744073709551615
--- no_error_log
[error]
=== TEST 14: EVP_KDF API: reset
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("-missing salt\ncDRFLQ7NWt+AP4i0TdBzog==")
ngx.exit(0)
end
local kdf = require("resty.openssl.kdf")
local k = myassert(kdf.new("PBKDF2"))
myassert(k:set_params({
iter = 1000,
digest = "md5",
salt = "",
}))
myassert(k:reset())
local ok, err = k:derive(16, {
pass = "1234567",
})
ngx.say(err)
myassert(k:set_params({
iter = 100,
digest = "md5",
salt = "",
}))
local key = myassert(k:derive(16, {
iter = 1000,
pass = "1234567",
}))
ngx.say(ngx.encode_base64(key))
}
}
--- request
GET /t
--- response_body_like
.+missing salt
cDRFLQ7NWt\+AP4i0TdBzog==
--- no_error_log
[error]

188
src/deps/src/lua-resty-openssl/t/openssl/mac.t
View File

@ -1,188 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Calculate mac correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
ngx.exit(0)
end
local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
myassert(mac:update("🦢🦢🦢🦢🦢🦢"))
ngx.print(ngx.encode_base64(myassert(mac:final())))
}
}
--- request
GET /t
--- response_body_like eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 2: Update accepts vardiac args
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
ngx.exit(0)
end
local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
mac:update("🦢", "🦢🦢", "🦢🦢", "🦢")
ngx.print(ngx.encode_base64(mac:final()))
}
}
--- request
GET /t
--- response_body_like eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 3: Final accepts optional arg
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM=")
ngx.exit(0)
end
local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
myassert(mac:update("🦢", "🦢🦢", "🦢🦢"))
ngx.print(ngx.encode_base64(myassert(mac:final("🦢"))))
}
}
--- request
GET /t
--- response_body_like eval
"kwUMjYrP0BSJb8cIJvWYoiM1Kc4mQxZOTwSiTTLRhDM="
--- no_error_log
[error]
=== TEST 4: Rejects unknown hash
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("mac.new: invalid cipher or digest type")
ngx.exit(0)
end
local mac, err = require("resty.openssl.mac").new("goose", "HMAC", nil, "sha257")
ngx.print(err)
}
}
--- request
GET /t
--- response_body_like eval
"mac.new: invalid cipher or digest type.*"
--- no_error_log
[error]
=== TEST 5: Returns provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("default")
ngx.exit(0)
end
local mac = require("resty.openssl.mac")
local m = myassert(mac.new("goose", "HMAC", nil, "sha256"))
ngx.say(myassert(m:get_provider_name()))
}
}
--- request
GET /t
--- response_body
default
--- no_error_log
[error]
=== TEST 6: Returns gettable, settable params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("-size-\n-digest-")
ngx.exit(0)
end
local mac = require("resty.openssl.mac")
local m = myassert(mac.new("goose", "HMAC", nil, "sha256"))
ngx.say(require("cjson").encode(myassert(m:gettable_params())))
ngx.say(require("cjson").encode(myassert(m:settable_params())))
}
}
--- request
GET /t
--- response_body_like
.+size.+
.+digest.+
--- no_error_log
[error]
=== TEST 7: Get params, set params
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("true\n32")
ngx.exit(0)
end
local mac = myassert(require("resty.openssl.mac").new("goose", "HMAC", nil, "sha256"))
local s1 = myassert(mac:final("🦢"))
local mac = myassert(require("resty.openssl.mac").new("notthiskey", "HMAC", nil, "sha256"))
myassert(mac:set_params({key = "goose"}))
local s2 = myassert(mac:final("🦢"))
ngx.say(s1 == s2)
ngx.say(myassert(mac:get_param("size")))
}
}
--- request
GET /t
--- response_body eval
"true
32
"
--- no_error_log
[error]

81
src/deps/src/lua-resty-openssl/t/openssl/objects.t
View File

@ -1,81 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
run_tests();
__DATA__
=== TEST 1: Convert nid to table
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local o = require("resty.openssl.objects")
ngx.print(encode_sorted_json(o.nid2table(87)))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":"2.5.29.19","ln":"X509v3 Basic Constraints","nid":87,"sn":"basicConstraints"}'
--- no_error_log
[error]
=== TEST 2: Convert txt to nid
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local o = require("resty.openssl.objects")
local t = {
ln = "X509v3 Basic Constraints",
sn = "basicConstraints",
id = "2.5.29.19"
}
local r = {}
for k, v in pairs(t) do
r[k] = o.txt2nid(v)
end
ngx.print(encode_sorted_json(r))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":87,"ln":87,"sn":87}'
--- no_error_log
[error]
=== TEST 3: Convert sigid to nid
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local o = require("resty.openssl.objects")
ngx.print(o.find_sigid_algs(795)) -- ecdsa-with-SHA384
}
}
--- request
GET /t
--- response_body eval
673
--- no_error_log
[error]

38
src/deps/src/lua-resty-openssl/t/openssl/param.t
View File

@ -1,38 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
run_tests();
__DATA__
=== TEST 1: Construct
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
ngx.say("TODO")
}
}
--- request
GET /t
--- response_body
TODO
--- no_error_log
[error]

262
src/deps/src/lua-resty-openssl/t/openssl/pkcs12.t
View File

@ -1,262 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
run_tests();
__DATA__
=== TEST 1: Loads password protected pkcs12
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_3X then
local pro = require "resty.openssl.provider"
myassert(pro.load("legacy"))
end
local pkcs12 = require "resty.openssl.pkcs12"
local pp = io.open("t/fixtures/badssl.com-client.p12"):read("*a")
local r = myassert(pkcs12.decode(pp, "badssl.com"))
ngx.say(r.key:get_parameters().d:to_hex():upper())
ngx.say(r.cert:get_serial_number():to_hex():upper())
}
}
--- request
GET /t
--- response_body
55107FB7D6FD8A099E4E5CF24291CF20CBD4BB7B93A66EF8D89996A5C49EEB51405E6843CC89CD74B9C87DB9DBDE9E38923E02A32E4F6F32A59B4D6C6CDC40E0192204F135C9E9F527FD9E53F2C9E90B8D8D18E8F5DAC57D1EF95163D0DF1BBDB89850636AE870B20B5E6BF2EBD1651BE79B4E187C48F6D332D35A4C531BE3B027A64D85AD6F7EAF33ECC1B9253B196CFD20EDEFCBAC46F7C08EC966EF721D0533AB6DC785F86998B37FD25F3D60BB4E692F1636AE10BCA62065AA70FF41B5C16A165B8636FD4A40C59F6B72A4C1592A424820A0C968E23613DB48959F7BFF49D9B71A9C84CB72F08B94F586007CB5C29A3D8811F9EF2ED2FBB612DF28BB9601
2B936CE32D82CE8B01FD9A0595AC6366AA014C82
--- no_error_log
[error]
=== TEST 2: Errors on bad password
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_3X then
local pro = require "resty.openssl.provider"
myassert(pro.load("legacy"))
end
local pkcs12 = require "resty.openssl.pkcs12"
local pp = io.open("t/fixtures/badssl.com-client.p12"):read("*a")
local r, err = pkcs12.decode(pp, "wrong password")
ngx.say(r == nil)
ngx.say(err)
local r, err = pkcs12.decode(pp)
ngx.say(r == nil)
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
'true
pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
true
pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
'
--- no_error_log
[error]
=== TEST 3: Creates pkcs12
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_3X then
local pro = require "resty.openssl.provider"
myassert(pro.load("legacy"))
end
local pkcs12 = require "resty.openssl.pkcs12"
local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
local x509 = require("resty.openssl.x509")
local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
-- full house
local r = myassert(pkcs12.encode({
friendly_name = "myname",
key = key,
cert = cert,
cacerts = { ca1, ca2 }
}, "test-pkcs12"))
ngx.say(#r)
-- no name
local r = myassert(pkcs12.encode({
key = key,
cert = cert,
cacerts = { ca1, ca2 }
}, "test-pkcs12"))
ngx.say(#r)
-- no CA
local r = myassert(pkcs12.encode({
key = key,
cert = cert,
}, "test-pkcs12"))
ngx.say(#r)
-- empty password
local r = myassert(pkcs12.encode({
key = key,
cert = cert,
}))
ngx.say(#r)
}
}
--- request
GET /t
--- response_body_like eval
'\d{3,4}
\d{3,4}
\d{3,4}
\d{3,4}
'
--- no_error_log
[error]
=== TEST 4: Uses empty string password when omitted
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_3X then
local pro = require "resty.openssl.provider"
myassert(pro.load("legacy"))
end
local pkcs12 = require "resty.openssl.pkcs12"
local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
local x509 = require("resty.openssl.x509")
local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
local p12 = myassert(pkcs12.encode({
friendly_name = "myname",
key = key,
cert = cert,
cacerts = { ca1, ca2 },
}))
local r = myassert(pkcs12.decode(p12, nil))
ngx.say(#r.key:get_parameters().x:to_hex():upper())
ngx.say(r.cert:get_serial_number():to_hex():upper())
ngx.say(#r.cacerts)
ngx.say(r.friendly_name)
-- same as empty string
local r = myassert(pkcs12.decode(p12, ""))
-- password mismatch
local r, err = pkcs12.decode(p12, "extrapassword")
ngx.say(r == nil)
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
'6\d
0
2
myname
true
pkcs12.decode.+(mac verify failure|INCORRECT_PASSWORD)
'
--- no_error_log
[error]
=== TEST 5: Check cert and key mismatch
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_3X then
local pro = require "resty.openssl.provider"
myassert(pro.load("legacy"))
end
local pkcs12 = require "resty.openssl.pkcs12"
local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
local key2 = require("resty.openssl.pkey").new({ type = 'EC', curve = "prime256v1" })
local r, err = pkcs12.encode({
friendly_name = "myname",
key = key2,
cert = cert,
cacerts = { ca1, ca2 }
}, "test-pkcs12")
ngx.say(r == nil, err)
}
}
--- request
GET /t
--- response_body_like eval
'true.+(key values mismatch|KEY_VALUES_MISMATCH)
'
--- no_error_log
[error]
=== TEST 6: Creates pkcs12 with newer algorithm
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").BORINGSSL then
ngx.say("2333")
ngx.exit(0)
end
-- don't load the legacy provider for this test
-- by default nid_key is RC2 and is moved to legacy provider in 3.0
local pkcs12 = require "resty.openssl.pkcs12"
local cert, key = require("helper").create_self_signed({ type = 'EC', curve = "prime256v1" })
local x509 = require("resty.openssl.x509")
local ca1 = myassert(x509.new(io.open("t/fixtures/GlobalSign.pem"):read("*a")))
local ca2 = myassert(x509.new(io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")))
local r = myassert(pkcs12.encode({
friendly_name = "myname",
key = key,
cert = cert,
cacerts = { ca1, ca2 },
nid_key = "aes-128-cbc",
nid_cert = "aes-128-cbc",
mac_iter = 2000,
}, "test-pkcs12"))
ngx.say(#r)
}
}
--- request
GET /t
--- response_body_like eval
'\d{3,4}
'
--- no_error_log
[error]

1372
src/deps/src/lua-resty-openssl/t/openssl/pkey.t
View File

File diff suppressed because it is too large Load Diff

141
src/deps/src/lua-resty-openssl/t/openssl/provider.t
View File

@ -1,141 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
run_tests();
__DATA__
=== TEST 1: Loads default and legacy provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("true\nnil\ntrue\nfalse\nnil\ntrue")
ngx.exit(0)
end
local pro = require "resty.openssl.provider"
for _, n in ipairs({"default", "legacy"}) do
local avail, err = pro.is_available(n)
ngx.say(avail)
local p, err = pro.load(n)
ngx.say(err)
-- after load it's available
local avail, err = pro.is_available(n)
ngx.say(avail)
myassert(p:unload())
end
}
}
--- request
GET /t
--- response_body
true
nil
true
false
nil
true
--- no_error_log
[error]
=== TEST 2: Self test default and legacy provider
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("nil\ntrue\nnil\ntrue")
ngx.exit(0)
end
local pro = require "resty.openssl.provider"
for _, n in ipairs({"default", "legacy"}) do
local p, err = pro.load(n)
ngx.say(err)
-- after load it's available
local ok, err = p:self_test(n)
ngx.say(ok)
myassert(p:unload())
end
}
}
--- request
GET /t
--- response_body
nil
true
nil
true
--- no_error_log
[error]
=== TEST 3: Set default search path
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say("true\ncommon libcrypto routines::init fail")
ngx.exit(0)
end
local pro = require "resty.openssl.provider"
pro.set_default_search_path("/tmp")
local ok, err = pro.load("legacy")
ngx.say(ok == nil)
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like
true
.+(?:init fail|common libcrypto routines::reason\(524325\))
--- no_error_log
[error]
=== TEST 4: Get parameters
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if not require("resty.openssl.version").OPENSSL_3X then
ngx.say('{"buildinfo":"3.0.0-alpha7","name":"OpenSSL Default Provider","status":1,"version":"3.0.0"}')
ngx.exit(0)
end
local pro = require "resty.openssl.provider"
local p = myassert(pro.load("default"))
local a = assert(p:get_params("name", "version", "buildinfo", "status"))
ngx.say(encode_sorted_json(a))
}
}
--- request
GET /t
--- response_body_like
{"buildinfo":"3.+","name":"OpenSSL Default Provider","status":1,"version":"3.+"}
--- no_error_log
[error]

80
src/deps/src/lua-resty-openssl/t/openssl/rand.t
View File

@ -1,80 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
run_tests();
__DATA__
=== TEST 1: Geneartes random bytes
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local rand = require("resty.openssl.rand")
local b, err = rand.bytes(233)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(#b)
local b2, err = rand.bytes(233)
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(#b2)
ngx.say(b == b2)
}
}
--- request
GET /t
--- response_body eval
"233
233
false
"
--- no_error_log
[error]
=== TEST 2: Rejects invalid arguments
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local rand = require("resty.openssl.rand")
local b, err = rand.bytes()
ngx.say(err)
local b, err = rand.bytes(true)
ngx.say(err)
local b, err = rand.bytes({})
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
"rand.bytes: expect a number at #1
rand.bytes: expect a number at #1
rand.bytes: expect a number at #1
"
--- no_error_log
[error]

281
src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_client.t
View File

@ -1,281 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
repeat_each(2);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
add_block_preprocessor(sub {
my ($block) = @_;
my $name = $block->name;
my $http_config = $block->http_config;
if (defined $http_config ) {
my $new_http_config = <<_EOC_;
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
ssl_certificate $pwd/t/fixtures/test.crt;
ssl_certificate_key $pwd/t/fixtures/test.key;
lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
$http_config
_EOC_
$block->set_value("http_config", $new_http_config);
}
});
our $ClientContentBy = qq{
};
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
run_tests();
__DATA__
=== TEST 1: SSL (client) get peer certificate
--- http_config
server {
listen unix:/tmp/nginx-c1.sock ssl;
server_name test.com;
}
--- config
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-c1.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
local crt = myassert(sess:get_peer_certificate())
ngx.say(myassert(crt:get_subject_name():tostring()))
}
}
--- request
GET /t
--- response_body
CN=test.com
--- no_error_log
[error]
[emerg]
=== TEST 2: SSL (client) get peer cert chain
--- http_config
server {
listen unix:/tmp/nginx-c2.sock ssl;
server_name test.com;
}
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-c2.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
local chain = myassert(sess:get_peer_cert_chain())
ngx.say(#chain)
local crt = chain[1]
ngx.say(myassert(crt:get_subject_name():tostring()))
}
}
--- request
GET /t
--- response_body
1
CN=test.com
--- no_error_log
[error]
[emerg]
=== TEST 3: SSL (client) set cipher suites [skipped]
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
}
}
--- request
GET /t
--- skip_nginx
2: < 9.9.9
--- response_body
--- no_error_log
[error]
[emerg]
=== TEST 4: SSL (client) get ciphers
--- http_config
server {
listen unix:/tmp/nginx-c4.sock ssl;
server_name test.com;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
}
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-c4.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
ngx.say(myassert(sess:get_ciphers()))
local cipher = myassert(sess:get_cipher_name())
ngx.say(cipher)
}
}
--- request
GET /t
--- response_body_like
.*ECDHE-RSA-AES256-GCM-SHA384.*
ECDHE-RSA-AES256-GCM-SHA384
--- no_error_log
[error]
[emerg]
=== TEST 5: SSL (client) get/set timeout
--- http_config
server {
listen unix:/tmp/nginx-c5.sock ssl;
server_name test.com;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
}
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-c5.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
ngx.say(myassert(sess:get_timeout()))
myassert(sess:set_timeout(15))
ngx.say(myassert(sess:get_timeout()))
}
}
--- request
GET /t
--- response_body_like
\d+
15
--- no_error_log
[error]
[emerg]
=== TEST 6: SSL (client) set_verify and add_client_ca [skipped]
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
}
}
--- request
GET /t
--- skip_nginx
2: < 9.9.9
--- response_body
--- no_error_log
[error]
[emerg]
=== TEST 7: SSL (client) set/get/clear options
--- http_config
server {
listen unix:/tmp/nginx-c7.sock ssl;
server_name test.com;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384;
}
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-c7.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
local orig_options = myassert(sess:get_options())
ngx.say(orig_options)
ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
myassert(sess:set_options(ssl.SSL_OP_PRIORITIZE_CHACHA))
myassert(sess:set_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
myassert(sess:clear_options(ssl.SSL_OP_PRIORITIZE_CHACHA))
myassert(sess:clear_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
local new_options = myassert(sess:get_options())
if new_options ~= orig_options then
ngx.say("options not correct after clear: " ..
require("cjson").encode(myassert(sess:get_options(true))))
else
ngx.say("ok")
end
}
}
--- request
GET /t
--- response_body_like
\d+
\[".+"\]
.+SSL_OP_ALLOW_NO_DHE_KEX.+SSL_OP_NO_QUERY_MTU.+SSL_OP_PRIORITIZE_CHACHA.+
ok
--- no_error_log
[error]
[emerg]
=== TEST 8: SSL (client) set_protocols [skipped]
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
}
}
--- request
GET /t
--- skip_nginx
2: < 9.9.9
--- response_body
--- no_error_log
[error]
[emerg]

97
src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_ctx_server.t
View File

@ -1,97 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
repeat_each(2);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
add_block_preprocessor(sub {
my ($block) = @_;
my $name = $block->name;
my $http_config = $block->http_config;
if (defined $http_config ) {
my $new_http_config = <<_EOC_;
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
ssl_certificate $pwd/t/fixtures/test.crt;
ssl_certificate_key $pwd/t/fixtures/test.key;
lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
$http_config
_EOC_
$block->set_value("http_config", $new_http_config);
}
});
our $ClientContentBy = qq{
};
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
run_tests();
__DATA__
=== TEST 1: SSL (server) get peer certificate
--- http_config
server {
listen unix:/tmp/nginx-sctx1.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
local ssl_ctx = require "resty.openssl.ssl_ctx"
local sc = assert(ssl_ctx.from_request())
assert(sc:set_alpns({"h4"}))
}
}
--- config
location /t {
content_by_lua_block {
local ngx_pipe = require "ngx.pipe"
local opts = {
merge_stderr = true,
buffer_size = 256000,
}
local proc = ngx_pipe.spawn({'bash', '-c', "echo q | openssl s_client -unix /tmp/nginx-sctx1.sock -alpn h4 && sleep 0.1"}, opts)
local data, err, partial = proc:stdout_read_all()
if ngx.re.match(data, "ALPN protocol: h4") then
ngx.say("ok")
else
ngx.say(data)
end
}
}
--- request
GET /t
--- response_body
ok
--- no_error_log
[error]
[emerg]

375
src/deps/src/lua-resty-openssl/t/openssl/ssl/ssl_server.t
View File

@ -1,375 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
repeat_each(2);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
add_block_preprocessor(sub {
my ($block) = @_;
my $name = $block->name;
my $http_config = $block->http_config;
if (defined $http_config ) {
my $new_http_config = <<_EOC_;
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
ssl_certificate $pwd/t/fixtures/test.crt;
ssl_certificate_key $pwd/t/fixtures/test.key;
lua_ssl_trusted_certificate $pwd/t/fixtures/test.crt;
$http_config
_EOC_
$block->set_value("http_config", $new_http_config);
}
});
our $ClientContentBy = qq{
};
no_long_string();
env_to_nginx("CI_SKIP_NGINX_C");
run_tests();
__DATA__
=== TEST 1: SSL (server) get peer certificate
--- http_config
server {
listen unix:/tmp/nginx-s1.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
myassert(sess:set_verify(ssl.SSL_VERIFY_PEER, nil))
}
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
local crt = myassert(sess:get_peer_certificate())
ngx.say(myassert(crt:get_subject_name():tostring()))
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s1.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
# valgrind be happy
proxy_ssl_session_reuse off;
proxy_ssl_certificate ../../../t/fixtures/test.crt;
proxy_ssl_certificate_key ../../../t/fixtures/test.key;
}
--- request
GET /t
--- response_body
CN=test.com
--- no_error_log
[error]
[emerg]
=== TEST 2: SSL (server) get peer cert chain
--- http_config
server {
listen unix:/tmp/nginx-s2.sock ssl;
server_name test.com;
ssl_certificate_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
myassert(sess:set_verify(ssl.SSL_VERIFY_PEER, nil))
}
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
local ciphers = myassert(sess:get_ciphers())
local chain = myassert(sess:get_peer_cert_chain())
ngx.say(#chain)
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s2.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
# valgrind be happy
proxy_ssl_session_reuse off;
proxy_ssl_certificate ../../../t/fixtures/test.crt;
proxy_ssl_certificate_key ../../../t/fixtures/test.key;
}
--- request
GET /t
--- response_body
0
--- no_error_log
[error]
[emerg]
=== TEST 3: SSL (server) set cipher suites (TLSv1.3 set_ciphersuites not tested)
--- http_config
server {
listen unix:/tmp/nginx-s3.sock ssl;
server_name test.com;
ssl_ciphers ECDHE-RSA-AES128-SHA;
ssl_certificate_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
myassert(sess:set_cipher_list("ECDHE-RSA-AES256-SHA"))
}
location /t {
content_by_lua_block {
ngx.say("ok")
}
}
}
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
local sock = ngx.socket.tcp()
myassert(sock:connect("unix:/tmp/nginx-s3.sock"))
myassert(sock:sslhandshake(nil, "test.com"))
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_socket(sock))
ngx.say(myassert(sess:get_ciphers()))
local cipher = myassert(sess:get_cipher_name())
ngx.say(cipher)
}
}
--- request
GET /t
--- response_body_like
.*ECDHE-RSA-AES256-SHA.*
ECDHE-RSA-AES256-SHA$
--- no_error_log
[error]
[emerg]
=== TEST 4: SSL (server) get ciphers
--- http_config
server {
listen unix:/tmp/nginx-s4.sock ssl;
server_name test.com;
ssl_ciphers ECDHE-RSA-AES128-SHA;
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
local ciphers = myassert(sess:get_ciphers())
ngx.say(ciphers)
local cipher = myassert(sess:get_cipher_name())
ngx.say(cipher)
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s4.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
# valgrind be happy
proxy_ssl_session_reuse off;
}
--- request
GET /t
--- response_body_like
.*ECDHE-RSA-AES128-SHA.*
ECDHE-RSA-AES128-SHA$
--- no_error_log
[error]
[emerg]
=== TEST 5: SSL (server) get/set timeout
--- http_config
server {
listen unix:/tmp/nginx-s5.sock ssl;
server_name test.com;
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
ngx.say(myassert(sess:get_timeout()))
myassert(sess:set_timeout(15))
ngx.say(myassert(sess:get_timeout()))
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s5.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
# valgrind be happy
proxy_ssl_session_reuse off;
}
--- request
GET /t
--- response_body_like
\d+
15
--- no_error_log
[error]
[emerg]
=== TEST 6: SSL (server) set_verify and add_client_ca [tested in get_peer_cert]
--- config
location /t {
default_type 'text/plain';
content_by_lua_block {
}
}
--- request
GET /t
--- skip_nginx
2: < 9.9.9
--- response_body
--- no_error_log
[error]
[emerg]
=== TEST 7: SSL (server) get/set/clear options
--- http_config
server {
listen unix:/tmp/nginx-s7.sock ssl;
server_name test.com;
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
local orig_options = myassert(sess:get_options())
ngx.say(orig_options)
ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
myassert(sess:set_options(ssl.SSL_OP_CIPHER_SERVER_PREFERENCE))
myassert(sess:set_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
ngx.say(require("cjson").encode(myassert(sess:get_options(true))))
myassert(sess:clear_options(ssl.SSL_OP_CIPHER_SERVER_PREFERENCE))
myassert(sess:clear_options(ssl.SSL_OP_ALLOW_NO_DHE_KEX, ssl.SSL_OP_NO_QUERY_MTU))
local new_options = myassert(sess:get_options())
if new_options ~= orig_options then
ngx.say("options not correct after clear: " ..
require("cjson").encode(myassert(sess:get_options(true))))
else
ngx.say("ok")
end
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s7.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
# valgrind be happy
proxy_ssl_session_reuse off;
}
--- request
GET /t
--- response_body_like
\d+
\[".+"\]
.+SSL_OP_ALLOW_NO_DHE_KEX.+SSL_OP_CIPHER_SERVER_PREFERENCE.+SSL_OP_NO_QUERY_MTU.+
ok
--- no_error_log
[error]
[emerg]
=== TEST 8: SSL (server) set_protocols [skipped; need clienthello_by]
--- http_config
server {
listen unix:/tmp/nginx-s8.sock ssl;
server_name test.com;
ssl_protocols TLSv1.3;
ssl_certificate_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
myassert(sess:set_protocols("TLSv1.2"))
}
location /t {
content_by_lua_block {
local ssl = require "resty.openssl.ssl"
local sess = myassert(ssl.from_request())
ngx.say("ok")
}
}
}
--- config
location /t {
proxy_pass https://unix:/tmp/nginx-s8.sock:;
proxy_ssl_server_name on;
proxy_ssl_name test.com;
proxy_ssl_protocols TLSv1.2;
# valgrind be happy
proxy_ssl_session_reuse off;
}
--- request
GET /t
--- response_body_like
ok
--- no_error_log
[error]
[emerg]
--- skip_nginx
2: < 9.9.9

56
src/deps/src/lua-resty-openssl/t/openssl/version.t
View File

@ -1,56 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
}
};
run_tests();
__DATA__
=== TEST 1: Prints version text properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
ngx.say(version.version_text)
}
}
--- request
GET /t
--- response_body_like
(OpenSSL \d.\d.\d.+|BoringSSL)
--- no_error_log
[error]
=== TEST 2: Prints version text using version()
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local version = require("resty.openssl.version")
ngx.say(version.version(version.VERSION))
ngx.say(version.version(version.CFLAGS))
}
}
--- request
GET /t
--- response_body_like
(OpenSSL \d.\d.\d.+|BoringSSL)
compiler:.+
--- no_error_log
[error]

988
src/deps/src/lua-resty-openssl/t/openssl/x509.t
View File

@ -1,988 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
no_long_string();
run_tests();
__DATA__
=== TEST 1: Loads a cert
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
ngx.say("ok")
}
}
--- request
GET /t
--- response_body eval
"ok
"
--- no_error_log
[error]
=== TEST 2: Converts and loads PEM format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local pem = myassert(c:tostring("PEM"))
for _, typ in ipairs({"PEM", "*", false}) do
local c2 = myassert(require("resty.openssl.x509").new(pem, typ))
end
local c2, err = require("resty.openssl.x509").new(pem, "DER")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
--- no_error_log
[error]
=== TEST 3: Converts and loads DER format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local pem = myassert(c:tostring("DER"))
for _, typ in ipairs({"DER", "*", false}) do
local c2 = myassert(require("resty.openssl.x509").new(pem, typ))
end
local c2, err = require("resty.openssl.x509").new(pem, "PEM")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.new.+(no start line|NO_START_LINE).+"
--- no_error_log
[error]
=== TEST 4: Rejectes invalid cert
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local x509 = require("resty.openssl.x509")
local p, err = x509.new(true)
ngx.say(err)
p, err = x509.new("222")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"expect nil or a string at #1
x509.new: .*(not enough data|NOT_ENOUGH_DATA)
"
--- no_error_log
[error]
=== TEST 5: Calculates cert digest
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local dd = myassert(c:digest())
local h = string.upper(myassert(require("helper").to_hex(dd)))
ngx.say(h)
}
}
--- request
GET /t
--- response_body eval
"B1BC968BD4F49D622AA89A81F2150152A41D829C
"
--- no_error_log
[error]
=== TEST 6: Calculates pubkey digest
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local dd = myassert(c:pubkey_digest())
local h, err = string.upper(require("helper").to_hex(dd))
ngx.say(h)
}
}
--- request
GET /t
--- response_body eval
"607B661A450D97CA89502F7D04CD34A8FFFCFD4B
"
--- no_error_log
[error]
=== TEST 7: Gets extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c, err = require("resty.openssl.x509").new(f)
local ext, pos = c:get_extension("X509v3 Extended Key Usage")
ngx.say(pos)
ngx.say(tostring(ext))
}
}
--- request
GET /t
--- response_body eval
"5
TLS Web Server Authentication, TLS Web Client Authentication
"
--- no_error_log
[error]
=== TEST 8: Adds extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local c, err = require("resty.openssl.x509").new()
local ext = myassert(require("resty.openssl.x509.extension").new(
"extendedKeyUsage", "TLS Web Server Authentication"
))
local ok = myassert(c:add_extension(ext))
local ext, _ = c:get_extension("X509v3 Extended Key Usage")
ngx.say(tostring(ext))
}
}
--- request
GET /t
--- response_body eval
"TLS Web Server Authentication
"
--- no_error_log
[error]
=== TEST 9: Set extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local ext = myassert(require("resty.openssl.x509.extension").new(
"keyUsage", "Digital Signature, Key Encipherment"
))
local ok = myassert(c:set_extension(ext))
local ext, _ = c:get_extension("X509v3 Key Usage")
ngx.say(tostring(ext))
}
}
--- request
GET /t
--- response_body eval
"Digital Signature, Key Encipherment
"
--- no_error_log
[error]
=== TEST 10: Reads basic constraints
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
ngx.say(c:get_basic_constraints("ca"))
ngx.say(c:get_basic_constraints("pathlen"))
collectgarbage("collect")
}
}
--- request
GET /t
--- response_body eval
"true
0
"
--- no_error_log
[error]
=== TEST 11: Set basic constraints
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c, err = require("resty.openssl.x509").new(f)
local ok = myassert(c:set_basic_constraints({
CA = false,
pathLen = 233,
}))
ngx.say(c:get_basic_constraints("ca"))
ngx.say(c:get_basic_constraints("pathlen"))
collectgarbage("collect")
}
}
--- request
GET /t
--- response_body eval
"false
233
"
--- no_error_log
[error]
=== TEST 12: Get authority info access
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local aia = myassert(c:get_info_access())
local ffi = require "ffi"
for _, v in ipairs(aia) do
ngx.say(ffi.string(ffi.C.OBJ_nid2ln(v[1])), " - ", v[2], ":", v[3])
end
collectgarbage("collect")
}
}
--- request
GET /t
--- response_body eval
"OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
"
--- no_error_log
[error]
=== TEST 13: Set authority info access
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local aia = myassert(c:get_info_access())
myassert(aia:add("OCSP", "URI", "http://somedomain.com"))
myassert(c:set_info_access(aia))
local aia = myassert(c:get_info_access())
local ffi = require "ffi"
for _, v in ipairs(aia) do
ngx.say(ffi.string(ffi.C.OBJ_nid2ln(v[1])), " - ", v[2], ":", v[3])
end
collectgarbage("collect")
}
}
--- request
GET /t
--- response_body eval
"OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
OCSP - URI:http://somedomain.com
"
--- no_error_log
[error]
=== TEST 14: Get CRL distribution points
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local cdp = myassert(c:get_crl_distribution_points())
local ffi = require "ffi"
for _, altname in pairs(cdp) do
for k, v in pairs(altname) do
ngx.say(k, " ", v)
end
end
collectgarbage("collect")
}
}
--- request
GET /t
--- response_body eval
"URI http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
URI http://crl4.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
"
--- no_error_log
[error]
=== TEST 15: Set CRL distribution points
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
-- NYI
}
}
--- request
GET /t
--- no_error_log
[error]
=== TEST 16: Get OCSP url
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local ocsp = myassert(c:get_ocsp_url())
ngx.say(ocsp)
local ocsp = myassert(c:get_ocsp_url(true))
ngx.say(encode_sorted_json(ocsp))
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local ocsp = myassert(c:get_ocsp_url())
ngx.say(ocsp)
}
}
--- request
GET /t
--- response_body eval
'http://ocsp.digicert.com
["http:\/\/ocsp.digicert.com"]
nil
'
--- no_error_log
[error]
=== TEST 17: Get CRL url
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crl = myassert(c:get_crl_url())
ngx.say(crl)
local crl = myassert(c:get_crl_url(true))
ngx.say(encode_sorted_json(crl))
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crl = myassert(c:get_crl_url())
ngx.say(crl)
}
}
--- request
GET /t
--- response_body eval
'http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl
["http:\/\/crl3.digicert.com\/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl","http:\/\/crl4.digicert.com\/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl"]
nil
'
--- no_error_log
[error]
=== TEST 18: Get non existend extension, return nil, nil
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_subject_alt_name())
ngx.say(get)
}
}
--- request
GET /t
--- response_body eval
"nil
"
--- no_error_log
[error]
=== TEST 19: Check private key match
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed({ type = "EC", curve = "prime256v1" })
local ok, err = cert:check_private_key(key)
ngx.say(ok)
ngx.say(err)
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local ok, err = c:check_private_key(key)
ngx.say(ok)
ngx.say(err)
local key2 = require("resty.openssl.pkey").new({
type = 'EC',
curve = "prime256v1",
})
local ok, err = cert:check_private_key(key2)
ngx.say(ok)
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"true
nil
false
.+(key type mismatch|KEY_TYPE_MISMATCH)
.+(key values mismatch|KEY_VALUES_MISMATCH)
"
--- no_error_log
[error]
# START AUTO GENERATED CODE
=== TEST 20: x509:get_serial_number (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_serial_number())
get = get:to_hex():upper()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"0E8BF3770D92D196F0BB61F93C4166BE"
--- no_error_log
[error]
=== TEST 21: x509:set_serial_number (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = myassert(require("resty.openssl.bn").new(math.random(1, 2333333)))
local ok = myassert(c:set_serial_number(toset))
local get = myassert(c:get_serial_number())
get = get:to_hex():upper()
toset = toset:to_hex():upper()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 22: x509:get_not_before (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_not_before())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"1616630400"
--- no_error_log
[error]
=== TEST 23: x509:set_not_before (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = ngx.time()
local ok = myassert(c:set_not_before(toset))
local get = myassert(c:get_not_before())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 24: x509:get_not_after (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_not_after())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"1648684799"
--- no_error_log
[error]
=== TEST 25: x509:set_not_after (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = ngx.time()
local ok = myassert(c:set_not_after(toset))
local get = myassert(c:get_not_after())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 26: x509:get_pubkey (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_pubkey())
get = get:to_PEM()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErfb3dbHTSVQKXRBxvdwlBksiHKIj
Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
-----END PUBLIC KEY-----
"
--- no_error_log
[error]
=== TEST 27: x509:set_pubkey (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = myassert(require("resty.openssl.pkey").new())
local ok = myassert(c:set_pubkey(toset))
local get = myassert(c:get_pubkey())
get = get:to_PEM()
toset = toset:to_PEM()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 28: x509:get_subject_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_subject_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"C=US/CN=github.com/L=San Francisco/O=GitHub, Inc./ST=California"
--- no_error_log
[error]
=== TEST 29: x509:set_subject_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
local ok = myassert(c:set_subject_name(toset))
local get = myassert(c:get_subject_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 30: x509:get_issuer_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_issuer_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"C=US/CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1/O=DigiCert, Inc."
--- no_error_log
[error]
=== TEST 31: x509:set_issuer_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
local ok = myassert(c:set_issuer_name(toset))
local get = myassert(c:get_issuer_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 32: x509:get_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_version())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"3"
--- no_error_log
[error]
=== TEST 33: x509:set_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = ngx.time()
local ok = myassert(c:set_version(toset))
local get = myassert(c:get_version())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 34: x509:get_subject_alt_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local get = myassert(c:get_subject_alt_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"DNS=github.com/DNS=www.github.com"
--- no_error_log
[error]
=== TEST 35: x509:set_subject_alt_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local toset = myassert(require("resty.openssl.x509.altname").new():add('DNS', 'earth.galaxy'))
local ok = myassert(c:set_subject_alt_name(toset))
local get = myassert(c:get_subject_alt_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 37: x509:get/set_subject_alt_name_critical (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crit = myassert(c:get_subject_alt_name_critical())
local ok, err = myassert(c:set_subject_alt_name_critical(not crit))
ngx.say(c:get_subject_alt_name_critical() == not crit)
}
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]
=== TEST 38: x509:get/set_basic_constraints_critical (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crit = myassert(c:get_basic_constraints_critical())
local ok, err = myassert(c:set_basic_constraints_critical(not crit))
ngx.say(c:get_basic_constraints_critical() == not crit)
}
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]
=== TEST 39: x509:get/set_info_access_critical (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crit = myassert(c:get_info_access_critical())
local ok, err = myassert(c:set_info_access_critical(not crit))
ngx.say(c:get_info_access_critical() == not crit)
}
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]
=== TEST 40: x509:get/set_crl_distribution_points_critical (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local crit = myassert(c:get_crl_distribution_points_critical())
local ok, err = myassert(c:set_crl_distribution_points_critical(not crit))
ngx.say(c:get_crl_distribution_points_critical() == not crit)
}
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]
=== TEST 41: x509:get_get_signature_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local nid = myassert(c:get_signature_nid())
ngx.say(nid)
local name = myassert(c:get_signature_name())
ngx.say(name)
local name = myassert(c:get_signature_digest_name())
ngx.say(name)
}
}
--- request
GET /t
--- response_body
794
ecdsa-with-SHA256
SHA256
--- no_error_log
[error]
# END AUTO GENERATED CODE

238
src/deps/src/lua-resty-openssl/t/openssl/x509/altname.t
View File

@ -1,238 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Creates stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
ngx.say(#c)
}
}
--- request
GET /t
--- response_body eval
"0
"
--- no_error_log
[error]
=== TEST 2: Adds elements to stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
for i=0,2,1 do
local ok = myassert(c:add("DNS", string.format("%d.com", i)))
end
ngx.say(#c)
ngx.say(c:count())
}
}
--- request
GET /t
--- response_body eval
"3
3
"
--- no_error_log
[error]
=== TEST 3: Element can be indexed properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
for i=0,2,1 do
local ok = myassert(c:add("DNS", string.format("%d.com", i)))
end
for k, v in pairs(c) do
ngx.say(k, " ", v)
end
}
}
--- request
GET /t
--- response_body eval
"DNS 0.com
DNS 1.com
DNS 2.com
"
--- no_error_log
[error]
=== TEST 4: Element is duplicated when added to stack
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
local ok = myassert(c:add("DNS", "example.com"))
cert = nil
collectgarbage("collect")
local k, v = unpack(c[1])
ngx.say(k, " ", v)
}
}
--- request
GET /t
--- response_body eval
"DNS example.com
"
--- no_error_log
[error]
=== TEST 5: Element is duplicated when returned
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
local ok = myassert(c:add("DNS", "example.com"))
local cc = c[1]
c = nil
collectgarbage("collect")
if cc ~= nil then
local k, v = unpack(cc)
ngx.say(k, " ", v)
else
ngx.say("incorrectly GC'ed")
end
}
}
--- request
GET /t
--- response_body eval
"DNS example.com
"
--- no_error_log
[error]
=== TEST 6: Element is not freed when stack is duplicated
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
local ok = myassert(c:add("DNS", "example.com"))
local c2 = myassert(altname.dup(c.ctx))
c = nil
collectgarbage("collect")
ngx.say(c2:count())
local k, v = unpack(c2[1])
ngx.say(k, " ", v)
}
}
--- request
GET /t
--- response_body eval
"1
DNS example.com
"
--- no_error_log
[error]
=== TEST 7: Unsupported SANs are returned as "unsupported"
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local x509 = require("resty.openssl.x509")
local extension = require "resty.openssl.x509.extension"
local ext, err = myassert(extension.new("subjectAltName", "otherName:msUPN;UTF8:sb@sb.local,IP.1:255.255.255.255,IP.2:1111:1111:1111:1111:1111:1111:1111:1111,DNS:example.com,email:test@test.com,RID:1.2.3.4"))
local c = x509.new()
myassert(c:add_extension(ext))
local alts = myassert(c:get_subject_alt_name())
for k, v in pairs(alts) do
ngx.say(k, ":", v)
end
}
}
--- request
GET /t
--- response_body
OtherName:OtherName:<unsupported>
IP:255.255.255.255
IP:1111:1111:1111:1111:1111:1111:1111:1111
DNS:example.com
email:test@test.com
RID:RID:<unsupported>
--- no_error_log
[error]
=== TEST 8: IP addresses are validated and parsed
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname")
local c = myassert(altname.new())
myassert(c:add("IP", "1.2.3.4"))
myassert(c:add("IPAddress", "100.100.100.100"))
myassert(c:add("IP", "255.255.255.255"))
myassert(c:add("IP", "::1"))
myassert(c:add("IP", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"))
for _, v in ipairs({"1", ":::", "ffff:", "256.1.1.1"}) do
local _, err = c:add("IP", v)
if err == nil then
ngx.say("should error on " .. v)
end
end
ngx.say(c:tostring())
}
}
--- request
GET /t
--- response_body
IP=1.2.3.4/IP=100.100.100.100/IP=255.255.255.255/IP=::1/IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
--- no_error_log
[error]

173
src/deps/src/lua-resty-openssl/t/openssl/x509/chain.t
View File

@ -1,173 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Creates stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
ngx.say(#c)
}
}
--- request
GET /t
--- response_body eval
"0
"
--- no_error_log
[error]
=== TEST 2: Adds elements to stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
for i=0,2,1 do
local ok = myassert(c:add(cert))
end
ngx.say(#c)
ngx.say(#c:all())
}
}
--- request
GET /t
--- response_body eval
"3
3
"
--- no_error_log
[error]
=== TEST 3: Element can be indexed properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
for i=0,2,1 do
local ok = myassert(c:add(cert))
end
for _, cc in ipairs(c) do
ngx.say(#cc:digest())
end
}
}
--- request
GET /t
--- response_body eval
"20
20
20
"
--- no_error_log
[error]
=== TEST 4: Element is duplicated when added to stack
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
local ok = myassert(c:add(cert))
cert = nil
collectgarbage("collect")
ngx.say(#c[1]:digest())
}
}
--- request
GET /t
--- response_body eval
"20
"
--- no_error_log
[error]
=== TEST 5: Element is duplicated when returned
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
local ok = myassert(c:add(cert))
local cc = c[1]
c = nil
collectgarbage("collect")
ngx.say(#cc:digest())
}
}
--- request
GET /t
--- response_body eval
"20
"
--- no_error_log
[error]
=== TEST 6: Element is not freed when stack is duplicated
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local chain = require("resty.openssl.x509.chain")
local c = myassert(chain.new())
local ok = myassert(c:add(cert))
local c2 = myassert(chain.dup(c.ctx))
c = nil
collectgarbage("collect")
ngx.say(c2:count())
ngx.say(#c2[1]:digest())
}
}
--- request
GET /t
--- response_body eval
"1
20
"
--- no_error_log
[error]

507
src/deps/src/lua-resty-openssl/t/openssl/x509/crl.t
View File

@ -1,507 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
no_long_string();
run_tests();
__DATA__
=== TEST 1: Loads a crl
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
ngx.say("ok")
}
}
--- request
GET /t
--- response_body eval
"ok
"
--- no_error_log
[error]
=== TEST 2: Converts and loads PEM format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local pem = myassert(c:tostring("PEM"))
for _, typ in ipairs({"PEM", "*", false}) do
local c2 = myassert(require("resty.openssl.x509.crl").new(pem, typ))
end
local c2, err = require("resty.openssl.x509.crl").new(pem, "DER")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.crl.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
--- no_error_log
[error]
=== TEST 3: Converts and loads DER format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local pem = myassert(c:tostring("DER"))
for _, typ in ipairs({"DER", "*", false}) do
local c2 = myassert(require("resty.openssl.x509.crl").new(pem, typ))
end
local c2, err = require("resty.openssl.x509.crl").new(pem, "PEM")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.crl.new.+(no start line|NO_START_LINE).+"
--- no_error_log
[error]
=== TEST 4: x509.crl:add_revoked should add revoked to crl
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local revoked = myassert(require("resty.openssl.x509.revoked"))
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = ngx.time()
local r = myassert(revoked.new(1234, toset, 1))
if not revoked.istype(r) then
ngx.say("it should be instance of revoked")
return
end
local ok = myassert(c:add_revoked(r))
if ok ~= true then
ngx.say("Could not add revoked")
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 5: x509.crl:add_revoked should fail if revoked is not instance of revoked
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local revoked = myassert(require("resty.openssl.x509.revoked"))
local c = myassert(require("resty.openssl.x509.crl").new(f))
local ok, err = c:add_revoked({ctx ={}})
if ok ~= false then
ngx.say("false")
elseif err ~= "x509.crl:add_revoked: expect a revoked instance at #1" then
ngx.say("false")
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 6: x509.crl:sign should succeed
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local revoked = myassert(require("resty.openssl.x509.revoked"))
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = ngx.time()
local r = myassert(revoked.new(1234, toset, 1))
c:add_revoked(r)
local d = myassert(require("resty.openssl.digest").new("SHA256"))
local p = myassert(require("resty.openssl.pkey").new())
local ok = myassert(c:sign(p, d))
if ok == false then
ngx.say("false")
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 7: x509.crl:text
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
ngx.say(myassert(c:text()))
}
}
--- request
GET /t
--- response_body_like eval
"Certificate Revocation List.+Revoked Certificates.+"
--- no_error_log
[error]
=== TEST 8: x509.crl metamethods
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_10 then
ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n09159859CAC0C90203BB34C5A012C2A3, 1577753344\n2, 2")
ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n04D2, 1511122233")
ngx.exit(0)
end
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local s = myassert(c:index(1))
ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
s = c[1]
ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
local revoked = myassert(require("resty.openssl.x509.revoked"))
local r = myassert(revoked.new(0x04D2, 1511122233, 1))
myassert(c:add_revoked(r))
ngx.say(#c, ", ", c:count())
for _, rr in ipairs(c) do
ngx.say(rr.serial_number:upper(), ", ", rr.revocation_date)
end
}
}
--- request
GET /t
--- response_body_like eval
"09159859CAC0C90203BB34C5A012C2A3, 1577753344
09159859CAC0C90203BB34C5A012C2A3, 1577753344
2, 2
09159859CAC0C90203BB34C5A012C2A3, 1577753344
04D2, 1511122233
"
--- no_error_log
[error]
=== TEST 9: x509.crl get_by_serial
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").OPENSSL_10 then
ngx.say("09159859CAC0C90203BB34C5A012C2A3, 1577753344\n09159859CAC0C90203BB34C5A012C2A3, 1577753344\ntruetrue")
ngx.exit(0)
end
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local s = myassert(c:get_by_serial("09159859CAC0C90203BB34C5A012C2A3"))
ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
s = myassert(c:get_by_serial(require("resty.openssl.bn").from_hex("09159859CAC0C90203BB34C5A012C2A3")))
ngx.say(s.serial_number:upper(), ", ", s.revocation_date)
local nos, err = c:get_by_serial("111111")
ngx.say(nos == nil, err == nil)
}
}
--- request
GET /t
--- response_body_like eval
"09159859CAC0C90203BB34C5A012C2A3, 1577753344
09159859CAC0C90203BB34C5A012C2A3, 1577753344
truetrue
"
--- no_error_log
[error]
=== TEST 10: x509.crl doesn't error if revoked is empty (regression)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/no_revoked.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
for k, v in pairs(c) do
ngx.say(tostring(k))
end
-- above should print nothing
ngx.say(c:get_last_update())
}
}
--- request
GET /t
--- response_body_like eval
"1652832000
"
--- no_error_log
[error]
# START AUTO GENERATED CODE
=== TEST 11: x509.crl:get_issuer_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local get = myassert(c:get_issuer_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"C=CN/CN=TrustAsia EV TLS Pro CA G2/O=TrustAsia Technologies, Inc."
--- no_error_log
[error]
=== TEST 12: x509.crl:set_issuer_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
local ok = myassert(c:set_issuer_name(toset))
local get = myassert(c:get_issuer_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 13: x509.crl:get_last_update (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local get = myassert(c:get_last_update())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"1580684546"
--- no_error_log
[error]
=== TEST 14: x509.crl:set_last_update (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = ngx.time()
local ok = myassert(c:set_last_update(toset))
local get = myassert(c:get_last_update())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 15: x509.crl:get_next_update (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local get = myassert(c:get_next_update())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"1581289346"
--- no_error_log
[error]
=== TEST 16: x509.crl:set_next_update (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = ngx.time()
local ok = myassert(c:set_next_update(toset))
local get = myassert(c:get_next_update())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 17: x509.crl:get_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local get = myassert(c:get_version())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"2"
--- no_error_log
[error]
=== TEST 18: x509.crl:set_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local toset = ngx.time()
local ok = myassert(c:set_version(toset))
local get = myassert(c:get_version())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 20: x509.crl:get_get_signature_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/TrustAsiaEVTLSProCAG2.crl"):read("*a")
local c = myassert(require("resty.openssl.x509.crl").new(f))
local nid = myassert(c:get_signature_nid())
ngx.say(nid)
local name = myassert(c:get_signature_name())
ngx.say(name)
local name = myassert(c:get_signature_digest_name())
ngx.say(name)
}
}
--- request
GET /t
--- response_body
668
RSA-SHA256
SHA256
--- no_error_log
[error]
# END AUTO GENERATED CODE

56
src/deps/src/lua-resty-openssl/t/openssl/x509/csr.lua
View File

@ -1,56 +0,0 @@
local function create_csr(domain_pkey, ...)
local domains = {...}
local subject = require("resty.openssl.x509.name").new()
local _, err = subject:add("CN", domains[1])
if err then
return nil, err
end
local alt, err
if #{...} > 1 then
alt, err = require("resty.openssl.x509.altname").new()
if err then
return nil, err
end
for _, domain in pairs(domains) do
_, err = alt:add("DNS", domain)
if err then
return nil, err
end
end
end
local csr = require("resty.openssl.x509.csr").new()
local _
_, err = csr:set_subject_name(subject)
if err then
return nil, err
end
if alt then
_, err = csr:set_subject_alt_name(alt)
if err then
return nil, err
end
end
_, err = csr:set_pubkey(domain_pkey)
if err then
return nil, err
end
local d = require("resty.openssl.digest").new("SHA256")
_, err = csr:sign(domain_pkey, d)
if err then
return nil, err
end
return csr:tostring("DER"), nil
end
return {
create_csr = create_csr,
}

623
src/deps/src/lua-resty-openssl/t/openssl/x509/csr.t
View File

@ -1,623 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
no_long_string();
run_tests();
__DATA__
=== TEST 1: Loads a csr
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
ngx.say("ok")
}
}
--- request
GET /t
--- response_body eval
"ok
"
--- no_error_log
[error]
=== TEST 2: Converts and loads PEM format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local pem = myassert(c:tostring("PEM"))
for _, typ in ipairs({"PEM", "*", false}) do
local c2 = myassert(require("resty.openssl.x509.csr").new(pem, typ))
end
local c2, err = require("resty.openssl.x509.csr").new(pem, "DER")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.csr.new.+(nested asn1 error|NESTED_ASN1_ERROR).+"
--- no_error_log
[error]
=== TEST 3: Converts and loads DER format
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local pem = myassert(c:tostring("DER"))
for _, typ in ipairs({"DER", "*", false}) do
local c2 = myassert(require("resty.openssl.x509.csr").new(pem, typ))
end
local c2, err = require("resty.openssl.x509.csr").new(pem, "PEM")
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"x509.csr.new.+(no start line|NO_START_LINE).+"
--- no_error_log
[error]
=== TEST 4: Generates CSR with RSA pkey correctly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local util = require("csr")
local pkey = require("resty.openssl.pkey").new()
local der = myassert(util.create_csr(pkey, "dns1.com", "dns2.com", "dns3.com"))
ngx.update_time()
local fname = "ci_" .. math.floor(ngx.now() * 1000)
local f = io.open(fname, "wb")
f:write(der)
f:close()
ngx.say(io.popen("openssl req -inform der -in " .. fname .. " -noout -text", 'r'):read("*a"))
os.remove(fname)
}
}
--- request
GET /t
--- response_body_like eval
".+CN\\s*=\\s*dns1.com.+rsaEncryption.+2048 bit.+DNS:dns1.com.+DNS:dns2.com.+DNS:dns3.com"
--- no_error_log
[error]
=== TEST 5: Rejects invalid arguments
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local csr = require("resty.openssl.x509.csr").new()
ok, err = csr:set_subject_name("not a subject")
ngx.say(err)
ok, err = csr:set_subject_alt_name("not an alt")
ngx.say(err)
ok, err = csr:set_pubkey("not a pkey")
ngx.say(err)
ok, err = csr:sign("not a pkey")
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
"x509.csr:set_subject_name: expect a x509.name instance at #1
x509.csr:set_subject_alt_name: expect a x509.altname instance at #1
x509.csr:set_pubkey: expect a pkey instance at #1
x509.csr:sign: expect a pkey instance at #1
"
--- no_error_log
[error]
=== TEST 6: x509.csr:get_extensions of csr
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local exts = c:get_extensions()
if #exts == 0 then
ngx.print("0")
else
ngx.print("4")
end
}
}
--- request
GET /t
--- response_body eval
"4"
--- no_error_log
[error]
=== TEST 7: x509.csr:get_extension by nid
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local ext, pos = c:get_extension(83)
if not ext then
ngx.say("nil")
else
ngx.say(pos)
end
local ext = c:get_extension(83, pos)
if not ext then
ngx.say("nil")
else
ngx.say(pos)
end
}
}
--- request
GET /t
--- response_body eval
"2
nil
"
--- no_error_log
[error]
=== TEST 8: x509.csr:get_extension by nid name
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local ext = c:get_extension('basicConstraints')
if not ext then
ngx.print("nil")
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 9: x509.csr:get_extension should return nil if wrong nid name is given
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local ext, err = c:get_extension('test')
if not ext then
ngx.print("ok")
else
ngx.print(err)
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 10: Adds extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local altname = require("resty.openssl.x509.altname").new()
myassert(altname:add("DNS", "test.com"))
myassert(altname:add("DNS", "test2.com"))
local extension = require("resty.openssl.x509.extension")
local ext = myassert(extension.from_data(altname, 85, false))
local ok = myassert(c:add_extension(ext))
local ext, _ = c:get_extension("subjectAltName")
ngx.update_time()
local fname = "ci_" .. math.floor(ngx.now() * 1000)
local f = io.open(fname, "wb")
f:write(c:tostring())
f:close()
ngx.say(io.popen("openssl req -in " .. fname .. " -noout -text", 'r'):read("*a"))
os.remove(fname)
}
}
--- request
GET /t
--- response_body_like eval
"DNS:example.com.+DNS:test.com, DNS:test2.com
"
--- no_error_log
[error]
=== TEST 11: Set extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local altname = require("resty.openssl.x509.altname").new()
myassert(altname:add("DNS", "test.com"))
myassert(altname:add("DNS", "test2.com"))
local extension = require("resty.openssl.x509.extension")
local ext = myassert(extension.from_data(altname, 85, false))
local ok = myassert(c:set_extension(ext))
local ext, _ = c:get_extension("subjectAltName")
ngx.say(tostring(ext))
}
}
--- request
GET /t
--- response_body eval
"DNS:test.com, DNS:test2.com
"
--- no_error_log
[error]
=== TEST 12: x509.csr:sign should succeed
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local d = myassert(require("resty.openssl.digest").new("SHA256"))
local p = myassert(require("resty.openssl.pkey").new())
local ok = myassert(c:sign(p, d))
if ok == false then
ngx.say("false")
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 14: Check private key match
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local util = require("csr")
local pkey = require("resty.openssl.pkey").new({ type = "EC", curve = "prime256v1" })
local der = myassert(util.create_csr(pkey, "dns1.com", "dns2.com", "dns3.com"))
local csr = myassert(require("resty.openssl.x509.csr").new(der))
local ok, err = csr:check_private_key(pkey)
ngx.say(ok)
ngx.say(err)
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local ok, err = c:check_private_key(pkey)
ngx.say(ok)
ngx.say(err)
local key2 = require("resty.openssl.pkey").new({
type = 'EC',
curve = "prime256v1",
})
local ok, err = csr:check_private_key(key2)
ngx.say(ok)
ngx.say(err)
}
}
--- request
GET /t
--- response_body_like eval
"true
nil
false
.+(key type mismatch|KEY_TYPE_MISMATCH)
.+(key values mismatch|KEY_VALUES_MISMATCH)
"
--- no_error_log
[error]
# START AUTO GENERATED CODE
=== TEST 15: x509.csr:get_subject_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local get = myassert(c:get_subject_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"C=US/CN=example.com/L=Los Angeles/O=SSL Support/OU=SSL Support/ST=California"
--- no_error_log
[error]
=== TEST 16: x509.csr:set_subject_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local toset = myassert(require("resty.openssl.x509.name").new():add('CN', 'earth.galaxy'))
local ok = myassert(c:set_subject_name(toset))
local get = myassert(c:get_subject_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 17: x509.csr:get_pubkey (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local get = myassert(c:get_pubkey())
get = get:to_PEM()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPOIBIoblSLFv/ifj8GD
CNL5NhDX2JVUQKcWC19KtWYQg1HPnaGIy+Dj9tYSBw8T8xc9hbJ1TYGbBIMKfBUz
KoTt5yLdVIM/HJm3m9ImvAbK7TYcx1U9TJEMxN6686whAUMBr4B7ql4VTXqu6TgD
cdbcQ5wsPVOiFHJTTwgVwt7eVCBMFAkZn+qQz+WigM5HEp8KFrzwAK142H2ucuyf
gGS4+XQSsUdwNWh9GPRZgRt3R2h5ymYkQB/cbg596alCquoizI6QCfwQx3or9Dg1
f3rlwf8H5HIVH3hATGIr7GpbKka/JH2PYNGfi5KqsJssVQfu84m+5WXDB+90KHJE
cwIDAQAB
-----END PUBLIC KEY-----
"
--- no_error_log
[error]
=== TEST 18: x509.csr:set_pubkey (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local toset = myassert(require("resty.openssl.pkey").new())
local ok = myassert(c:set_pubkey(toset))
local get = myassert(c:get_pubkey())
get = get:to_PEM()
toset = toset:to_PEM()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 19: x509.csr:get_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local get = myassert(c:get_version())
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"1"
--- no_error_log
[error]
=== TEST 20: x509.csr:set_version (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local toset = ngx.time()
local ok = myassert(c:set_version(toset))
local get = myassert(c:get_version())
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 21: x509.csr:get_subject_alt_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local get = myassert(c:get_subject_alt_name())
get = get:tostring()
ngx.print(get)
}
}
--- request
GET /t
--- response_body eval
"DNS=example.com"
--- no_error_log
[error]
=== TEST 22: x509.csr:set_subject_alt_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local toset = myassert(require("resty.openssl.x509.altname").new():add('DNS', 'earth.galaxy'))
local ok = myassert(c:set_subject_alt_name(toset))
local get = myassert(c:get_subject_alt_name())
get = get:tostring()
toset = toset:tostring()
if get ~= toset then
ngx.say(get)
ngx.say(toset)
else
ngx.print("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok"
--- no_error_log
[error]
=== TEST 24: x509.csr:get/set_subject_alt_name_critical (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local crit = myassert(c:get_subject_alt_name_critical())
local ok, err = myassert(c:set_subject_alt_name_critical(not crit))
ngx.say(c:get_subject_alt_name_critical() == not crit)
}
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]
=== TEST 25: x509.csr:get_get_signature_name (AUTOGEN)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/test.csr"):read("*a")
local c = myassert(require("resty.openssl.x509.csr").new(f))
local nid = myassert(c:get_signature_nid())
ngx.say(nid)
local name = myassert(c:get_signature_name())
ngx.say(name)
local name = myassert(c:get_signature_digest_name())
ngx.say(name)
}
}
--- request
GET /t
--- response_body
65
RSA-SHA1
SHA1
--- no_error_log
[error]
# END AUTO GENERATED CODE

379
src/deps/src/lua-resty-openssl/t/openssl/x509/extension.t
View File

@ -1,379 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
_G.encode_sorted_json = require("helper").encode_sorted_json
}
};
run_tests();
__DATA__
=== TEST 1: Creates extension by nconf
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.new("extendedKeyUsage",
"serverAuth,clientAuth"))
}
}
--- request
GET /t
--- no_error_log
[error]
=== TEST 2: Gets extension object
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.new("extendedKeyUsage",
"serverAuth,clientAuth"))
ngx.say(encode_sorted_json(myassert(c:get_object())))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":"2.5.29.37","ln":"X509v3 Extended Key Usage","nid":126,"sn":"extendedKeyUsage"}
'
--- no_error_log
[error]
=== TEST 3: Gets extension critical
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local extension, _, err = c:get_extension("X509v3 Key Usage")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(extension:get_critical())
local extension, _, err = c:get_extension("X509v3 Extended Key Usage")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(extension:get_critical())
}
}
--- request
GET /t
--- response_body_like eval
"true
false
"
--- no_error_log
[error]
=== TEST 4: Set extension critical
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.new("extendedKeyUsage",
"serverAuth,clientAuth"))
myassert(c:set_critical())
ngx.say(c:get_critical())
myassert(c:set_critical(true))
ngx.say(c:get_critical())
}
}
--- request
GET /t
--- response_body_like eval
"false
true
"
--- no_error_log
[error]
=== TEST 5: Prints human readable txt of extension
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local extension, _, err = c:get_extension("subjectKeyIdentifier")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(extension:text())
local extension, _, err = c:get_extension("Authority Information Access")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(tostring(extension))
-- unknown extension
local objects = require("resty.openssl.objects")
local id_pe_acmeIdentifier = "1.3.6.1.5.5.7.1.31"
local nid = objects.txt2nid(id_pe_acmeIdentifier)
if not nid or nid == 0 then
nid = objects.create(
id_pe_acmeIdentifier, -- nid
"pe-acmeIdentifier", -- sn
"ACME Identifier" -- ln
)
end
local ext = myassert(require("resty.openssl.x509.extension").from_der("valuevalue", nid, true))
ngx.say("ACME Identifier: ", tostring(ext))
}
}
--- request
GET /t
--- response_body_like eval
"27:B1:7E:9F:BB:26:99:50:D8:F3:C3:53:5B:FE:31:16:B0:BB:1E:72
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt
.?ACME Identifier: valuevalue
"
--- no_error_log
[error]
=== TEST 6: Creates extension by X509V3_CTX
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local x509 = myassert(require("resty.openssl.x509").new(f))
f = io.open("t/fixtures/test.crt"):read("*a")
local ic = myassert(require("resty.openssl.x509").new(f))
f = io.open("t/fixtures/test.key"):read("*a")
local ik = myassert(require("resty.openssl.pkey").new(f))
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.new("subjectKeyIdentifier", "hash",
{
subject = x509,
}))
ngx.say(tostring(c))
if require("resty.openssl.version").OPENSSL_3X then
c = myassert(extension.new("authorityKeyIdentifier", "keyid",
{
subject = x509,
issuer = x509,
}))
if tostring(c) ~= "0." then
ngx.log(ngx.ERR, "authorityKeyIdentifier should be empty but got " .. tostring(c))
end
c = myassert(extension.new("authorityKeyIdentifier", "keyid",
{
subject = x509,
issuer = x509,
issuer_pkey = ik,
}))
-- when set with issuer_pkey, the X509V3_print doesn't include "keyid:" prefix
ngx.print("keyid:")
else
c = myassert(extension.new("authorityKeyIdentifier", "keyid",
{
subject = x509,
issuer = ic,
}))
end
ngx.say(tostring(c))
}
}
--- request
GET /t
--- response_body_like eval
"27:B1:7E:9F:BB:26:99:50:D8:F3:C3:53:5B:FE:31:16:B0:BB:1E:72
keyid:CF:03:F5:09:EB:83:D2:4F:10:DE:65:92:90:E9:93:3E:38:4C:E8:7C
"
--- no_error_log
[error]
=== TEST 7: Creates extension by data
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname").new()
myassert(altname:add("DNS", "test.com"))
myassert(altname:add("DNS", "test2.com"))
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.from_data(altname, 85, false))
ngx.say(encode_sorted_json(c:get_object()))
ngx.say(tostring(c))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":"2.5.29.17","ln":"X509v3 Subject Alternative Name","nid":85,"sn":"subjectAltName"}
DNS:test.com, DNS:test2.com
'
--- no_error_log
[error]
=== TEST 8: Convert extension to data
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local altname = require("resty.openssl.x509.altname").new()
myassert(altname:add("DNS", "test.com"))
myassert(altname:add("DNS", "test2.com"))
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.from_data(altname, 85, false))
local alt2 = myassert(extension.to_data(c, 85))
ngx.say(alt2:tostring())
}
}
--- request
GET /t
--- response_body_like eval
'DNS=test.com/DNS=test2.com
'
--- no_error_log
[error]
=== TEST 9: Creates extension by der
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.from_der("\x00\x01\x02\x03", "basicConstraints"))
ngx.say(encode_sorted_json(c:get_object()))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":"2.5.29.19","ln":"X509v3 Basic Constraints","nid":87,"sn":"basicConstraints"}
'
--- no_error_log
[error]
=== TEST 10: Creates extension by nconf
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
if require("resty.openssl.version").BORINGSSL then
ngx.say([[
{"id":"2.5.29.32","ln":"X509v3 Certificate Policies","nid":89,"sn":"certificatePolicies"}
Policy: 1.2.3.4
Policy: 1.5.6.7.8
Policy: 1.3.5.8
CPS: http://my.host.name/
CPS: http://my.your.name/
User Notice:
Organization: Organisation Name
Numbers: 1, 2, 3, 4
Explicit Text: Explicit Text Here
]])
ngx.exit(0)
end
local extension = require("resty.openssl.x509.extension")
local c = myassert(extension.new("certificatePolicies", "ia5org,1.2.3.4,1.5.6.7.8,@polsect",
[[
[polsect]
policyIdentifier = 1.3.5.8
CPS.1="http://my.host.name/"
CPS.2="http://my.your.name/"
userNotice.1=@notice
[notice]
explicitText="Explicit Text Here"
organization="Organisation Name"
noticeNumbers=1,2,3,4
]]
))
ngx.say(encode_sorted_json(c:get_object()))
ngx.say(tostring(c))
}
}
--- request
GET /t
--- response_body_like eval
'{"id":"2.5.29.32","ln":"X509v3 Certificate Policies","nid":89,"sn":"certificatePolicies"}
Policy: 1.2.3.4
Policy: 1.5.6.7.8
Policy: 1.3.5.8
CPS: http://my.host.name/
CPS: http://my.your.name/
User Notice:
Organization: Organisation Name
Numbers: 1, 2, 3, 4
Explicit Text: Explicit Text Here
'
--- no_error_log
[error]
=== TEST 11: Returns DER encoded data
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local f = io.open("t/fixtures/Github.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local extension, _, err = c:get_extension("subjectKeyIdentifier")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(require("helper").to_hex(extension:to_der()))
local extension, _, err = c:get_extension("Authority Information Access")
if err then
ngx.log(ngx.ERR, err)
return
end
ngx.say(require("helper").to_hex(extension:to_der()))
}
}
--- request
GET /t
--- response_body_like eval
"041427B17E9FBB269950D8F3C3535BFE3116B0BB1E72
308182302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D305A06082B06010505073002864E687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274486967684173737572616E6365544C53487962726964454343534841323536323032304341312E637274
"
--- no_error_log
[error]

180
src/deps/src/lua-resty-openssl/t/openssl/x509/extensions.t
View File

@ -1,180 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Creates stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
ngx.say(#c)
}
}
--- request
GET /t
--- response_body eval
"0
"
--- no_error_log
[error]
=== TEST 2: Adds elements to stack properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension_lib = require("resty.openssl.x509.extension")
local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
for i=0,2,1 do
local ok = myassert(c:add(ext))
end
ngx.say(#c)
ngx.say(#c:all())
}
}
--- request
GET /t
--- response_body eval
"3
3
"
--- no_error_log
[error]
=== TEST 3: Element can be indexed properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension_lib = require("resty.openssl.x509.extension")
local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
for i=0,2,1 do
local ok = myassert(c:add(ext))
end
collectgarbage()
for _, cc in ipairs(c) do
ngx.say(cc:text())
end
}
}
--- request
GET /t
--- response_body eval
"TLS Web Server Authentication, TLS Web Client Authentication
TLS Web Server Authentication, TLS Web Client Authentication
TLS Web Server Authentication, TLS Web Client Authentication
"
--- no_error_log
[error]
=== TEST 4: Element is duplicated when added to stack
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension_lib = require("resty.openssl.x509.extension")
local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
local ok = myassert(c:add(ext))
ext = nil
collectgarbage("collect")
ngx.say(c[1]:text())
}
}
--- request
GET /t
--- response_body eval
"TLS Web Server Authentication, TLS Web Client Authentication
"
--- no_error_log
[error]
=== TEST 5: Element is duplicated when returned
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension_lib = require("resty.openssl.x509.extension")
local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
local ok = myassert(c:add(ext))
local cc = c[1]
c = nil
collectgarbage("collect")
ngx.say(cc:text())
}
}
--- request
GET /t
--- response_body eval
"TLS Web Server Authentication, TLS Web Client Authentication
"
--- no_error_log
[error]
=== TEST 6: Element is not freed when stack is duplicated
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local extension_lib = require("resty.openssl.x509.extension")
local ext = extension_lib.new("extendedKeyUsage", "serverAuth,clientAuth")
local extensions = require("resty.openssl.x509.extensions")
local c = myassert(extensions.new())
local ok = myassert(c:add(ext))
local c2 = myassert(extensions.dup(c.ctx))
c = nil
collectgarbage("collect")
ngx.say(c2:count())
ngx.say(c2[1]:text())
}
}
--- request
GET /t
--- response_body eval
"1
TLS Web Server Authentication, TLS Web Client Authentication
"
--- no_error_log
[error]

139
src/deps/src/lua-resty-openssl/t/openssl/x509/name.t
View File

@ -1,139 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Duplicate the ctx
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
require('ffi').cdef('typedef struct X509_name_st X509_NAME; void X509_NAME_free(X509_NAME *name);')
local name = myassert(require("resty.openssl.x509.name").new())
local name2 = myassert(require("resty.openssl.x509.name").dup(name.ctx))
name = nil
collectgarbage("collect")
-- if name2.ctx is also freed this following will segfault
local _ = myassert(name2:add("CN", "example.com"))
}
}
--- request
GET /t
--- response_body eval
""
--- no_error_log
[error]
=== TEST 2: Rejects invalid NID
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local name = myassert(require("resty.openssl.x509.name").new())
name, err = name:add("whatever", "value")
ngx.say(name == nil)
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
"true
x509.name:add: invalid NID text whatever
"
--- no_error_log
[error]
=== TEST 3: Finds by text
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local name = myassert(require("resty.openssl.x509.name").new())
name = myassert(name:add("CN", "example.com"))
name = myassert(name:add("CN", "anotherdomain.com"))
local a, b, c = name:find("CN")
if a then
ngx.say("found ", b, " ", a.blob)
end
local a, b, c = name:find("2.5.4.3")
if a then
ngx.say("found ", b, " ", a.blob)
end
local a, b, c = name:find("CM")
if not a then
ngx.say("not found")
end
local a, b, c = name:find("CN", 1)
if a then
ngx.say("found ", b, " ", a.blob)
end
}
}
--- request
GET /t
--- response_body_like eval
"found 1 example.com
found 1 example.com
not found
found 2 anotherdomain.com
"
--- no_error_log
[error]
=== TEST 4: Pairs
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local name = myassert(require("resty.openssl.x509.name").new())
local CNs = 3
for i=1,CNs,1 do
name = myassert(name:add("CN", string.format("%d.example.com", i)))
end
local others = { "L", "ST", "O" }
for _, k in ipairs(others) do
name = myassert(name:add(k, "Mars"))
end
ngx.say(#name)
for k, v in pairs(name) do
ngx.print(v.nid .. ",")
end
}
}
--- request
GET /t
--- response_body eval
"6
13,13,13,15,16,17,"
--- no_error_log
[error]

69
src/deps/src/lua-resty-openssl/t/openssl/x509/revoked.t
View File

@ -1,69 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
no_long_string();
run_tests();
__DATA__
=== TEST 1:revoked.new should create new revoked instance
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local revoked = myassert(require("resty.openssl.x509.revoked"))
local time = ngx.time()
local r, err = myassert(revoked.new(1234, time, 1))
if not revoked.istype(r) then
ngx.say("it should be instance of revoked")
else
ngx.say("ok")
end
}
}
--- request
GET /t
--- response_body eval
"ok
"
--- no_error_log
[error]
=== TEST 2:revoked.new should fail when invalid parameters are given
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local revoked = myassert(require("resty.openssl.x509.revoked"))
local toset = ngx.time()
local r, err = revoked.new("1234", toset, 40)
ngx.say(r == nil)
ngx.say(err)
}
}
--- request
GET /t
--- response_body eval
"true
x509.revoked.new: sn should be number or a bn instance
"
--- no_error_log
[error]

414
src/deps/src/lua-resty-openssl/t/openssl/x509/store.t
View File

@ -1,414 +0,0 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:
use Test::Nginx::Socket::Lua 'no_plan';
use Cwd qw(cwd);
my $pwd = cwd();
my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
our $HttpConfig = qq{
lua_package_path "$pwd/t/openssl/?.lua;$pwd/t/openssl/x509/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
init_by_lua_block {
if "1" == "$use_luacov" then
require 'luacov.tick'
jit.off()
end
_G.myassert = require("helper").myassert
}
};
run_tests();
__DATA__
=== TEST 1: Creates store properly
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local store = require("resty.openssl.x509.store")
local c = myassert(store.new())
}
}
--- request
GET /t
--- response_body eval
""
--- no_error_log
[error]
=== TEST 2: Loads a x509 object
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert, key = require("helper").create_self_signed()
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local ok = myassert(s:add(cert))
}
}
--- request
GET /t
--- response_body eval
""
--- no_error_log
[error]
=== TEST 3: Loads default location
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
myassert(s:use_default())
}
}
--- request
GET /t
--- response_body eval
""
--- no_error_log
[error]
=== TEST 4: Loads file
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local ok, err = s:load_file("certnonexistent.pem")
ngx.say(ok)
ngx.say(err)
os.execute("echo > cert4-empty.pem")
local ok, err = s:load_file("cert4-empty.pem")
ngx.say(ok)
-- we only get detailed error for "no certificate found" on >= 1.1.1
ngx.say(err)
os.remove("cert4-empty.pem")
local cert, _ = require("helper").create_self_signed()
local f = io.open("cert4.pem", "w")
f:write(cert:tostring())
f:close()
local ok = myassert(s:load_file("cert4.pem"))
os.remove("cert4.pem")
}
}
--- request
GET /t
--- response_body_like eval
"false
x509.store:load_file.+system lib.*
false
x509.store:load_file.+
"
--- no_error_log
[error]
=== TEST 5: Verifies a x509 object
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local cert1, key1 = require("helper").create_self_signed()
local cert2, key2 = require("helper").create_self_signed()
local cert3, key3 = require("helper").create_self_signed()
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local ok = myassert(s:add(cert1))
local ok = myassert(s:add(cert2))
local chain = myassert(s:verify(cert1, nil, true))
ngx.say(#chain)
local chain, err = s:verify(cert3, nil, true)
ngx.say(err)
ngx.say(chain == nil)
}
}
--- request
GET /t
--- response_body_like eval
"1
(?:self signed|self-signed) certificate
true
"
--- no_error_log
[error]
=== TEST 6: Using default CAs (skip due to hard to setup on custom-built openssl env)
--- SKIP
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local ok = myassert(s:use_default())
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local chain = myassert(s:verify(c, nil, true))
ngx.say(#chain)
}
}
--- request
GET /t
--- response_body_like eval
"1
"
--- no_error_log
[error]
=== TEST 7: Loads directory
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local ok = myassert(s:load_directory("/etc/ssl/certs"))
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(require("resty.openssl.x509").new(f))
local chain = myassert(s:verify(c, nil, true))
ngx.say(#chain)
}
}
--- request
GET /t
--- response_body_like eval
"1
"
--- no_error_log
[error]
=== TEST 8: Verifies sub cert
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require("helper")
local x509 = require("resty.openssl.x509")
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(x509.new(f))
ngx.say(helper.to_hex(c:digest()))
local chain = myassert(s:add(c))
local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
local c = myassert(x509.new(f))
ngx.say(helper.to_hex(c:digest()))
local chain = myassert(s:verify(c, nil, true))
for _, c in ipairs(chain) do
ngx.say(helper.to_hex(c:digest()))
end
}
}
--- request
GET /t
--- response_body eval
"B1BC968BD4F49D622AA89A81F2150152A41D829C
C187B85714202A2941E8EAFB846C39EB1F9C609A
C187B85714202A2941E8EAFB846C39EB1F9C609A
B1BC968BD4F49D622AA89A81F2150152A41D829C
"
--- no_error_log
[error]
=== TEST 9: Set purpose
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require("helper")
local x509 = require("resty.openssl.x509")
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(x509.new(f))
local chain = myassert(s:add(c))
local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
local c = myassert(x509.new(f))
myassert(s:set_purpose("sslclient"))
local ok, err = s:verify(c, nil, false)
ngx.say(ok, err)
myassert(s:set_purpose("crlsign"))
local ok, err = s:verify(c, nil, false)
ngx.say(ok, err)
}
}
--- request
GET /t
--- response_body_like eval
"nil(?:unsupported|unsuitable) certificate purpose
truenil
"
--- no_error_log
[error]
=== TEST 10: Set depth
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require "t.openssl.helper"
local store = require("resty.openssl.x509.store")
local chain = require("resty.openssl.x509.chain")
local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
local s = myassert(store.new())
myassert(s:add(certs[1]))
local ch = chain.new()
for i=2, #certs-1 do
myassert(ch:add(certs[i]))
end
-- should be ok
ngx.say(s:verify(certs[#certs], ch))
-- in openssl < 1.1.0, depth are counted 1 more than later versions
-- we set it to be one less than enough to be prune to that case
myassert(s:set_depth(1))
-- openssl 1.0.2 will emit "unable to get local issuer certificate"
-- instead of "certificate chain too long"
ngx.say(s:verify(certs[#certs], ch))
}
}
--- request
GET /t
--- response_body_like eval
"truenil
nil(?:certificate chain too long|unable to get local issuer certificate)
"
--- no_error_log
[error]
=== TEST 11: Verify with verify_method
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require("helper")
local x509 = require("resty.openssl.x509")
local store = require("resty.openssl.x509.store")
local s = myassert(store.new())
local f = io.open("t/fixtures/GlobalSign.pem"):read("*a")
local c = myassert(x509.new(f))
local chain = myassert(s:add(c))
local f = io.open("t/fixtures/GlobalSign_sub.pem"):read("*a")
local c = myassert(x509.new(f))
local ok, err = s:verify(c, nil, false, nil, "ssl_client")
ngx.say(ok, err)
local ok, err = s:verify(c, nil, false, nil, "default")
ngx.say(ok, err)
myassert(s:set_purpose("sslclient"))
local ok, err = s:verify(c, nil, false, nil, "default")
ngx.say(ok, err)
}
}
--- request
GET /t
--- response_body_like eval
"nil(?:unsupported|unsuitable) certificate purpose
truenil
nil(?:unsupported|unsuitable) certificate purpose
"
--- no_error_log
[error]
=== TEST 12: Set flags
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require "t.openssl.helper"
local store = require("resty.openssl.x509.store")
local chain = require("resty.openssl.x509.chain")
local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
local s = myassert(store.new())
myassert(s:add(certs[2]))
local ch = chain.new()
for i=3, #certs-1 do
myassert(ch:add(certs[i]))
end
-- should not be ok, need root CA
ngx.say(s:verify(certs[#certs], ch))
myassert(s:set_flags(s.verify_flags.X509_V_FLAG_PARTIAL_CHAIN))
ngx.say(s:verify(certs[#certs], ch))
}
}
--- request
GET /t
--- response_body_like eval
"nilunable to get issuer certificate
truenil
"
--- no_error_log
[error]
=== TEST 13: Set verify time flags
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local helper = require "t.openssl.helper"
local store = require("resty.openssl.x509.store")
local chain = require("resty.openssl.x509.chain")
local certs, keys = helper.create_cert_chain(5, { type = 'EC', curve = "prime256v1" })
local s = myassert(store.new())
myassert(s:add(certs[2]))
local ch = chain.new()
for i=3, #certs-1 do
myassert(ch:add(certs[i]))
end
-- should not be ok, need root CA
ngx.say(s:verify(certs[#certs], ch))
ngx.say(s:verify(certs[#certs], ch, false, nil, nil, s.verify_flags.X509_V_FLAG_PARTIAL_CHAIN))
}
}
--- request
GET /t
--- response_body_like eval
"nilunable to get issuer certificate
truenil
"
--- no_error_log
[error]