]>
Commit | Line | Data |
---|---|---|
4d4d5623 RG |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
22 | ||
23 | #include "config.h" | |
24 | #include "dnsdist.hh" | |
25 | #include "dnsdist-lua.hh" | |
26 | ||
27 | #include "dolog.hh" | |
28 | ||
29 | void setupLuaBindingsDNSCrypt() | |
30 | { | |
31 | #ifdef HAVE_DNSCRYPT | |
32 | /* DNSCryptContext bindings */ | |
33 | g_lua.registerFunction<std::string(DNSCryptContext::*)()>("getProviderName", [](const DNSCryptContext& ctx) { return ctx.getProviderName().toStringNoDot(); }); | |
34 | g_lua.registerFunction("markActive", &DNSCryptContext::markActive); | |
35 | g_lua.registerFunction("markInactive", &DNSCryptContext::markInactive); | |
36 | g_lua.registerFunction("removeInactiveCertificate", &DNSCryptContext::removeInactiveCertificate); | |
37 | g_lua.registerFunction<void(std::shared_ptr<DNSCryptContext>::*)(const std::string& certFile, const std::string& keyFile, boost::optional<bool> active)>("loadNewCertificate", [](std::shared_ptr<DNSCryptContext> ctx, const std::string& certFile, const std::string& keyFile, boost::optional<bool> active) { | |
38 | ||
39 | if (ctx == nullptr) { | |
40 | throw std::runtime_error("DNSCryptContext::loadNewCertificate() called on a nil value"); | |
41 | } | |
42 | ||
43 | ctx->loadNewCertificate(certFile, keyFile, active ? *active : true); | |
44 | }); | |
45 | g_lua.registerFunction<void(std::shared_ptr<DNSCryptContext>::*)(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, boost::optional<bool> active)>("addNewCertificate", [](std::shared_ptr<DNSCryptContext> ctx, const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, boost::optional<bool> active) { | |
46 | ||
47 | if (ctx == nullptr) { | |
48 | throw std::runtime_error("DNSCryptContext::addNewCertificate() called on a nil value"); | |
49 | } | |
50 | ||
51 | ctx->addNewCertificate(newCert, newKey, active ? *active : true); | |
52 | }); | |
53 | g_lua.registerFunction<std::map<int, std::shared_ptr<DNSCryptCertificatePair>>(std::shared_ptr<DNSCryptContext>::*)()>("getCertificatePairs", [](std::shared_ptr<DNSCryptContext> ctx) { | |
54 | std::map<int, std::shared_ptr<DNSCryptCertificatePair>> result; | |
55 | ||
56 | if (ctx != nullptr) { | |
57 | size_t idx = 1; | |
58 | for (auto pair : ctx->getCertificates()) { | |
59 | result[idx++] = pair; | |
60 | } | |
61 | } | |
62 | ||
63 | return result; | |
64 | }); | |
65 | ||
66 | g_lua.registerFunction<std::shared_ptr<DNSCryptCertificatePair>(std::shared_ptr<DNSCryptContext>::*)(size_t idx)>("getCertificatePair", [](std::shared_ptr<DNSCryptContext> ctx, size_t idx) { | |
67 | ||
68 | if (ctx == nullptr) { | |
69 | throw std::runtime_error("DNSCryptContext::getCertificatePair() called on a nil value"); | |
70 | } | |
71 | ||
72 | std::shared_ptr<DNSCryptCertificatePair> result = nullptr; | |
73 | auto pairs = ctx->getCertificates(); | |
74 | if (idx < pairs.size()) { | |
75 | result = pairs.at(idx); | |
76 | } | |
77 | ||
78 | return result; | |
79 | }); | |
80 | ||
81 | g_lua.registerFunction<const DNSCryptCert(std::shared_ptr<DNSCryptContext>::*)(size_t idx)>("getCertificate", [](std::shared_ptr<DNSCryptContext> ctx, size_t idx) { | |
82 | ||
83 | if (ctx == nullptr) { | |
84 | throw std::runtime_error("DNSCryptContext::getCertificate() called on a nil value"); | |
85 | } | |
86 | ||
87 | auto pairs = ctx->getCertificates(); | |
88 | if (idx < pairs.size()) { | |
89 | return pairs.at(idx)->cert; | |
90 | } | |
91 | ||
92 | throw std::runtime_error("This DNSCrypt context has no certificate at index " + std::to_string(idx)); | |
93 | }); | |
94 | ||
95 | g_lua.registerFunction<std::string(std::shared_ptr<DNSCryptContext>::*)()>("printCertificates", [](const std::shared_ptr<DNSCryptContext> ctx) { | |
96 | ostringstream ret; | |
97 | ||
98 | if (ctx != nullptr) { | |
99 | size_t idx = 1; | |
100 | boost::format fmt("%1$-3d %|5t|%2$-8d %|10t|%3$-7d %|20t|%4$-21.21s %|41t|%5$-21.21s"); | |
101 | ret << (fmt % "#" % "Serial" % "Version" % "From" % "To" ) << endl; | |
102 | ||
103 | for (auto pair : ctx->getCertificates()) { | |
104 | const auto cert = pair->cert; | |
105 | const DNSCryptExchangeVersion version = DNSCryptContext::getExchangeVersion(cert); | |
106 | ||
107 | ret << (fmt % idx % cert.getSerial() % (version == DNSCryptExchangeVersion::VERSION1 ? 1 : 2) % DNSCryptContext::certificateDateToStr(cert.getTSStart()) % DNSCryptContext::certificateDateToStr(cert.getTSEnd())) << endl; | |
108 | } | |
109 | } | |
110 | ||
111 | return ret.str(); | |
112 | }); | |
113 | ||
114 | g_lua.registerFunction<void(DNSCryptContext::*)(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional<DNSCryptExchangeVersion> version)>("generateAndLoadInMemoryCertificate", [](DNSCryptContext& ctx, const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional<DNSCryptExchangeVersion> version) { | |
115 | DNSCryptPrivateKey privateKey; | |
116 | DNSCryptCert cert; | |
117 | ||
118 | try { | |
119 | if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { | |
120 | ctx.addNewCertificate(cert, privateKey); | |
121 | } | |
122 | } | |
123 | catch(const std::exception& e) { | |
124 | errlog(e.what()); | |
125 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
126 | } | |
127 | }); | |
128 | ||
129 | /* DNSCryptCertificatePair */ | |
130 | g_lua.registerFunction<const DNSCryptCert(std::shared_ptr<DNSCryptCertificatePair>::*)()>("getCertificate", [](const std::shared_ptr<DNSCryptCertificatePair> pair) { | |
131 | if (pair == nullptr) { | |
132 | throw std::runtime_error("DNSCryptCertificatePair::getCertificate() called on a nil value"); | |
133 | } | |
134 | return pair->cert; | |
135 | }); | |
136 | g_lua.registerFunction<bool(std::shared_ptr<DNSCryptCertificatePair>::*)()>("isActive", [](const std::shared_ptr<DNSCryptCertificatePair> pair) { | |
137 | if (pair == nullptr) { | |
138 | throw std::runtime_error("DNSCryptCertificatePair::isActive() called on a nil value"); | |
139 | } | |
140 | return pair->active; | |
141 | }); | |
142 | ||
143 | /* DNSCryptCert */ | |
144 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getMagic", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.magic), sizeof(cert.magic)); }); | |
145 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getEsVersion", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.esVersion), sizeof(cert.esVersion)); }); | |
146 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getProtocolMinorVersion", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.protocolMinorVersion), sizeof(cert.protocolMinorVersion)); }); | |
147 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getSignature", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signature), sizeof(cert.signature)); }); | |
148 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getResolverPublicKey", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.resolverPK), sizeof(cert.signedData.resolverPK)); }); | |
149 | g_lua.registerFunction<std::string(DNSCryptCert::*)()>("getClientMagic", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.clientMagic), sizeof(cert.signedData.clientMagic)); }); | |
150 | g_lua.registerFunction<uint32_t(DNSCryptCert::*)()>("getSerial", [](const DNSCryptCert& cert) { return cert.getSerial(); }); | |
151 | g_lua.registerFunction<uint32_t(DNSCryptCert::*)()>("getTSStart", [](const DNSCryptCert& cert) { return ntohl(cert.getTSStart()); }); | |
152 | g_lua.registerFunction<uint32_t(DNSCryptCert::*)()>("getTSEnd", [](const DNSCryptCert& cert) { return ntohl(cert.getTSEnd()); }); | |
153 | #endif | |
154 | } |