aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lua: add lua functions for certificate validity dates

Browse Source 
Add functions TlsGetCertNotBefore and TLSGetCertNotAfter to get notBefore
and notAfter fields from TLS certificate in lua scripts.
pull/2284/head
Mats Klepsland 10 years ago committed by Victor Julien
parent 67ea821521
commit cad638697d
1 changed files with 88 additions and 0 deletions
Show Stats Download Patch File Download Diff File

88
src/util-lua-tls.c
Unescape Escape View File

@ -57,6 +57,88 @@
#include "util-lua.h" #include "util-lua.h"
#include "util-lua-common.h" #include "util-lua-common.h"
static int GetCertNotBefore(lua_State *luastate, const Flow *f, int direction)
{
void *state = FlowGetAppState(f);
if (state == NULL)
return LuaCallbackError(luastate, "error: no app layer state");
SSLState *ssl_state = (SSLState *)state;
SSLStateConnp *connp = NULL;
if (direction) {
connp = &ssl_state->client_connp;
} else {
connp = &ssl_state->server_connp;
}
if (connp->cert0_not_before == 0)
return LuaCallbackError(luastate, "error: no certificate NotBefore");
int r = LuaPushInteger(luastate, connp->cert0_not_before);
return r;
}
static int TlsGetCertNotBefore(lua_State *luastate)
{
int r;
if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
return LuaCallbackError(luastate, "error: protocol not tls");
int direction = LuaStateGetDirection(luastate);
Flow *f = LuaStateGetFlow(luastate);
if (f == NULL)
return LuaCallbackError(luastate, "internal error: no flow");
r = GetCertNotBefore(luastate, f, direction);
return r;
}
static int GetCertNotAfter(lua_State *luastate, const Flow *f, int direction)
{
void *state = FlowGetAppState(f);
if (state == NULL)
return LuaCallbackError(luastate, "error: no app layer state");
SSLState *ssl_state = (SSLState *)state;
SSLStateConnp *connp = NULL;
if (direction) {
connp = &ssl_state->client_connp;
} else {
connp = &ssl_state->server_connp;
}
if (connp->cert0_not_after == 0)
return LuaCallbackError(luastate, "error: no certificate NotAfter");
int r = LuaPushInteger(luastate, connp->cert0_not_after);
return r;
}
static int TlsGetCertNotAfter(lua_State *luastate)
{
int r;
if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
return LuaCallbackError(luastate, "error: protocol not tls");
int direction = LuaStateGetDirection(luastate);
Flow *f = LuaStateGetFlow(luastate);
if (f == NULL)
return LuaCallbackError(luastate, "internal error: no flow");
r = GetCertNotAfter(luastate, f, direction);
return r;
}
static int GetCertInfo(lua_State *luastate, const Flow *f, int direction) static int GetCertInfo(lua_State *luastate, const Flow *f, int direction)
{ {
void *state = FlowGetAppState(f); void *state = FlowGetAppState(f);
@ -218,6 +300,12 @@ static int TlsGetCertChain(lua_State *luastate)
int LuaRegisterTlsFunctions(lua_State *luastate) int LuaRegisterTlsFunctions(lua_State *luastate)
{ {
/* registration of the callbacks */ /* registration of the callbacks */
lua_pushcfunction(luastate, TlsGetCertNotBefore);
lua_setglobal(luastate, "TlsGetCertNotBefore");
lua_pushcfunction(luastate, TlsGetCertNotAfter);
lua_setglobal(luastate, "TlsGetCertNotAfter");
lua_pushcfunction(luastate, TlsGetCertInfo); lua_pushcfunction(luastate, TlsGetCertInfo);
lua_setglobal(luastate, "TlsGetCertInfo"); lua_setglobal(luastate, "TlsGetCertInfo");

Write Preview
Loading…
Cancel
Save