-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathssl.lua
108 lines (81 loc) · 2.85 KB
/
ssl.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
local ffi = require("ffi")
local base = require("resty.core.base")
local errmsg = base.get_errmsg_ptr()
local get_request = base.get_request
local FFI_OK = base.FFI_OK
local C = ffi.C
local ffi_str = ffi.string
local subsystem = ngx.config.subsystem
base.allows_subsystem("http", "stream")
local ngx_lua_ffi_apisix_set_gm_cert
local ngx_lua_ffi_apisix_set_gm_priv_key
local ngx_lua_ffi_apisix_enable_ntls
if subsystem == "http" then
ffi.cdef[[
typedef intptr_t ngx_flag_t;
int ngx_http_apisix_set_gm_cert(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_http_apisix_set_gm_priv_key(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_http_apisix_enable_ntls(void *r, int enabled);
]]
ngx_lua_ffi_apisix_set_gm_cert = C.ngx_http_apisix_set_gm_cert
ngx_lua_ffi_apisix_set_gm_priv_key = C.ngx_http_apisix_set_gm_priv_key
ngx_lua_ffi_apisix_enable_ntls = C.ngx_http_apisix_enable_ntls
elseif subsystem == 'stream' then
ffi.cdef[[
typedef intptr_t ngx_flag_t;
int ngx_stream_apisix_set_gm_cert(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_stream_apisix_set_gm_priv_key(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_stream_apisix_enable_ntls(void *r, int enabled);
]]
ngx_lua_ffi_apisix_set_gm_cert = C.ngx_stream_apisix_set_gm_cert
ngx_lua_ffi_apisix_set_gm_priv_key = C.ngx_stream_apisix_set_gm_priv_key
ngx_lua_ffi_apisix_enable_ntls = C.ngx_stream_apisix_enable_ntls
end
local NGX_APISIX_SSL_ENC = 1
local NGX_APISIX_SSL_SIGN = 2
local _M = {}
function _M.set_gm_cert(enc_cert, sign_cert)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_apisix_set_gm_cert(r, enc_cert, errmsg, NGX_APISIX_SSL_ENC)
if rc ~= FFI_OK then
return nil, ffi_str(errmsg[0])
end
local rc = ngx_lua_ffi_apisix_set_gm_cert(r, sign_cert, errmsg, NGX_APISIX_SSL_SIGN)
if rc ~= FFI_OK then
return nil, ffi_str(errmsg[0])
end
return true
end
function _M.set_gm_priv_key(enc_pkey, sign_pkey)
local r = get_request()
if not r then
error("no request found")
end
local rc = ngx_lua_ffi_apisix_set_gm_priv_key(r, enc_pkey, errmsg, NGX_APISIX_SSL_ENC)
if rc ~= FFI_OK then
return nil, ffi_str(errmsg[0])
end
local rc = ngx_lua_ffi_apisix_set_gm_priv_key(r, sign_pkey, errmsg, NGX_APISIX_SSL_SIGN)
if rc ~= FFI_OK then
return nil, ffi_str(errmsg[0])
end
return true
end
function _M.enable_ntls()
local r = get_request()
if not r then
error("no request found")
end
ngx_lua_ffi_apisix_enable_ntls(r, 1)
end
function _M.disable_ntls()
local r = get_request()
if not r then
error("no request found")
end
ngx_lua_ffi_apisix_enable_ntls(r, 0)
end
return _M