1 files changed, 65 insertions, 0 deletions

diff --git a/examples/self.x509 b/examples/self.x509
new file mode 100755
index 0000000..37b12c7
--- /dev/null
+++ b/examples/self.x509
@@ -0,0 +1,65 @@
+#!/usr/local/lua52/bin/lua
+--
+-- Example self-signed X.509 certificate generation.
+--
+-- Skips intermediate CSR object, which is just an antiquated way for
+-- specifying subject DN and public key to CAs. See API documentation for
+-- CSR generation.
+--
+
+local keytype = ...
+
+local openssl = require"openssl"
+local pkey = require"openssl.pkey"
+local x509 = require"openssl.x509"
+local name = require"openssl.x509.name"
+local altname = require"openssl.x509.altname"
+
+-- generate our public/private key pair
+local function genkey(type)
+	type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA")
+
+	if type == "RSA" then
+		return pkey.new{ type = "RSA", bits = 1024 }
+	elseif type == "DSA" then
+		return pkey.new{ type = "DSA", bits = 1024 }
+	else
+		return pkey.new{ type = "EC", curve = "prime192v1" }
+	end
+end
+
+local key = genkey(keytype)
+
+-- our Subject and Issuer DN (self-signed, so same)
+local dn = name.new()
+dn:add("C", "US")
+dn:add("ST", "California")
+dn:add("L", "San Francisco")
+dn:add("O", "Acme, Inc")
+dn:add("CN", "acme.inc")
+
+-- our Alternative Names
+local alt = altname.new()
+alt:add("DNS", "acme.inc")
+alt:add("DNS", "*.acme.inc")
+
+-- build our certificate
+local crt = x509.new()
+
+crt:setVersion(3)
+crt:setSerial(47)
+
+crt:setSubject(dn)
+crt:setIssuer(crt:getSubject())
+crt:setSubjectAlt(alt)
+
+local issued, expires = crt:getLifetime()
+crt:setLifetime(issued, expires + 60) -- good for 60 seconds
+
+crt:setBasicConstraints{ CA = true, pathLen = 2 }
+crt:setBasicConstraintsCritical(true)
+
+crt:setPublicKey(key)
+crt:sign(key)
+
+print(crt:text())