From 4658af30b5c5ba56881d68462a997c6112338778 Mon Sep 17 00:00:00 2001 From: Bart van Strien Date: Fri, 5 Jun 2015 13:16:21 +0200 Subject: [PATCH] Document certs --- doc/cert.md | 143 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 131 insertions(+), 12 deletions(-) diff --git a/doc/cert.md b/doc/cert.md index f276171..26aadd5 100644 --- a/doc/cert.md +++ b/doc/cert.md @@ -1,19 +1,138 @@ Functions --------- -`cert.load` +### cert.load ### + + cert = cert.load(string) + +Loads a PEM-formatted x509 certificate from a string. Returns nil on failure. +See `cert:pem`. Methods ------- -`cert:digest` -`cert:setencode` -`cert:extensions` -`cert:issuer` -`cert:notbefore` -`cert:notafter` -`cert:pem` -`cert:pubkey` -`cert:serial` -`cert:subject` -`cert:validat` +### cert:digest ### + + digest = cert:digest([format]) + +Obtain the certificate fingerprint in the specified format. Can fail, in which +case it returns nil, followed by an error message. + +Format can be one of: + + - `sha1` (default) + - `sha256` + - `sha512` + +### cert:setencode ### + + succes = cert:setencode(encoding) + +Set the string encoding used for this certificate. + +Encoding can be one of: + + - `ai5` + - `utf8` + +### cert:extensions ### + + extensions = cert:extensions() + + -- extensions is of the format + + extensions = { + [oid] = { + name = name, + -- the following are all optional + dNSName = { dNSName, ... }, + rfc822Name = { rfc822Name, ... }, + uniformResourceIdentifier = { uri, ... }, + iPAddress = { iPAddress, ... }, + [type] = { + name = typeName, + value, ... + }, + }, + ... + } + +Get the extensions supported by this certificate. + +### cert:issuer ### + + issuer = cert:issuer() + +Return the subject of the issuer of this certificate. See `cert:subject`. +Returned as an x509 name, see the Names section. + +### cert:notbefore ### + + time = cert:notbefore() + +Get the notBefore date from the certificate, which specifies the time this +certificate becomes valid at (until notAfter). See `cert:notafter`. The time is +specified as a human-readable string. + +### cert:notafter ### + + time = cert:notafter() + +Get the notAfter date from the certificate, which specifies the time this +certificate ceases to be valid at. See `cert:notbefore`. The time is specified +as a human-readable string. + +### cert:pem ### + + pem = cert:pem() + +Return the certificate as PEM-formatted string. See `cert.load`. + +### cert:pubkey ### + + pem, type, bits = cert:pubkey() + +Return the public key as PEM-formatted string. See `cert:pem`. Also returns the +type and the amount of bits used. + +Type can be one of: + + - `RSA`: Rivest-Shamir-Adleman + - `DSA`: Digital Signature Algorithm + - `DH`: Diffie-Hellman + - `EC`: Elliptic Curved + - `Unknown` + +### cert:serial ### + + serial = cert:digest() + +Returns the certificates serial number as a hex-formatted string. + +### cert:subject ### + + subject = cert:subject() + +Returns the subject of the certificate, that which the certificate is valid for. +Returned as an x509 name, see the Names section. + +### cert:validat ### + + valid = cert:validat(timestamp) + +Returns true if the certificate is valid at the given timestamp. + +Names +----- + +x509 names are represented as a table in luasec. This table is a list of +entries, where every entry is of the following format: + + { + oid = objectIdAsString, + name = name, + value = valueAsString, + } + +One common (no pun intended) entry is the `commonName`, usually corresponding to +the hostname this certificate was given to.