dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-09-18 18:16:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
205284211e
luasec/doc/cert.md
Bart van Strien 4658af30b5 Document certs
2015-06-05 13:16:21 +02:00

2.9 KiB
Raw Blame History

Functions

cert.load

cert = cert.load(string)

Loads a PEM-formatted x509 certificate from a string. Returns nil on failure. See cert:pem.

Methods

cert:digest

digest = cert:digest([format])

Obtain the certificate fingerprint in the specified format. Can fail, in which case it returns nil, followed by an error message.

Format can be one of:

  • sha1 (default)
  • sha256
  • sha512

cert:setencode

succes = cert:setencode(encoding)

Set the string encoding used for this certificate.

Encoding can be one of:

  • ai5
  • utf8

cert:extensions

extensions = cert:extensions()

-- extensions is of the format

extensions = {
  [oid] = {
    name = name,
    -- the following are all optional
    dNSName = { dNSName, ... },
    rfc822Name = { rfc822Name, ... },
    uniformResourceIdentifier = { uri, ... },
    iPAddress = { iPAddress, ... },
    [type] = {
      name = typeName,
      value, ...
    },
  },
  ...
}

Get the extensions supported by this certificate.

cert:issuer

issuer = cert:issuer()

Return the subject of the issuer of this certificate. See cert:subject. Returned as an x509 name, see the Names section.

cert:notbefore

time = cert:notbefore()

Get the notBefore date from the certificate, which specifies the time this certificate becomes valid at (until notAfter). See cert:notafter. The time is specified as a human-readable string.

cert:notafter

time = cert:notafter()

Get the notAfter date from the certificate, which specifies the time this certificate ceases to be valid at. See cert:notbefore. The time is specified as a human-readable string.

cert:pem

pem = cert:pem()

Return the certificate as PEM-formatted string. See cert.load.

cert:pubkey

pem, type, bits = cert:pubkey()

Return the public key as PEM-formatted string. See cert:pem. Also returns the type and the amount of bits used.

Type can be one of:

  • RSA: Rivest-Shamir-Adleman
  • DSA: Digital Signature Algorithm
  • DH: Diffie-Hellman
  • EC: Elliptic Curved
  • Unknown

cert:serial

serial = cert:digest()

Returns the certificates serial number as a hex-formatted string.

cert:subject

subject = cert:subject()

Returns the subject of the certificate, that which the certificate is valid for. Returned as an x509 name, see the Names section.

cert:validat

valid = cert:validat(timestamp)

Returns true if the certificate is valid at the given timestamp.

Names

x509 names are represented as a table in luasec. This table is a list of entries, where every entry is of the following format:

{
  oid = objectIdAsString,
  name = name,
  value = valueAsString,
}

One common (no pun intended) entry is the commonName, usually corresponding to the hostname this certificate was given to.