return result;
});
+
g_lua.registerFunction<std::shared_ptr<DNSCryptCertificatePair>(std::shared_ptr<DNSCryptContext>::*)(size_t idx)>("getCertificatePair", [](std::shared_ptr<DNSCryptContext> ctx, size_t idx) {
if (ctx == nullptr) {
return result;
});
- g_lua.registerFunction<DNSCryptCert(std::shared_ptr<DNSCryptContext>::*)()>("getCurrentCertificate", [](std::shared_ptr<DNSCryptContext> ctx) {
-
- if (ctx == nullptr) {
- throw std::runtime_error("DNSCryptContext::getCurrentCertificate() called on a nil value");
- }
-
- auto pairs = ctx->getCertificates();
- for (const auto& pair : pairs) {
- if (pair->active) {
- return pair->cert;
- }
- }
-
- throw std::runtime_error("This context has no active certificate");
- });
-
- g_lua.registerFunction<DNSCryptCert(std::shared_ptr<DNSCryptContext>::*)()>("getOldCertificate", [](std::shared_ptr<DNSCryptContext> ctx) {
+ g_lua.registerFunction<const DNSCryptCert(std::shared_ptr<DNSCryptContext>::*)(size_t idx)>("getCertificate", [](std::shared_ptr<DNSCryptContext> ctx, size_t idx) {
if (ctx == nullptr) {
- throw std::runtime_error("DNSCryptContext::getOldCertificate() called on a nil value");
+ throw std::runtime_error("DNSCryptContext::getCertificate() called on a nil value");
}
auto pairs = ctx->getCertificates();
- for (const auto& pair : pairs) {
- if (!pair->active) {
- return pair->cert;
- }
- }
-
- throw std::runtime_error("This context has no inactive certificate");
- });
-
- g_lua.registerFunction<bool(std::shared_ptr<DNSCryptContext>::*)()>("hasOldCertificate", [](std::shared_ptr<DNSCryptContext> ctx) {
-
- if (ctx == nullptr) {
- throw std::runtime_error("DNSCryptContext::hasOldCertificate() called on a nil value");
- }
-
- auto pairs = ctx->getCertificates();
- for (const auto& pair : pairs) {
- if (!pair->active) {
- return true;
- }
+ if (idx < pairs.size()) {
+ return pairs.at(idx)->cert;
}
- return false;
+ throw std::runtime_error("This DNSCrypt context has no certificate at index " + std::to_string(idx));
});
g_lua.registerFunction<std::string(std::shared_ptr<DNSCryptContext>::*)()>("printCertificates", [](const std::shared_ptr<DNSCryptContext> ctx) {
:param int end: Unix timestamp from until the certificate is valid
:param DNSCryptExchangeVersion version: The exchange version to use. Possible values are ``DNSCryptExchangeVersion::VERSION1`` (default, X25519-XSalsa20Poly1305) and ``DNSCryptExchangeVersion::VERSION2`` (X25519-XChacha20Poly1305)
- .. method:: DNSCryptContext:getCertificatePair(index) -> DNSCryptCertificatePair
+ .. method:: DNSCryptContext:getCertificate(index) -> DNSCryptCert
.. versionadded:: 1.3.0
- Return the certificate pair with index `index`.
+ Return the certificate with index `index`.
:param int index: The index of the certificate, starting at 0
- .. method:: DNSCryptContext:getCertificatePair(index) -> table of DNSCryptCertificatePair
+ .. method:: DNSCryptContext:getCertificatePair(index) -> DNSCryptCertificatePair
.. versionadded:: 1.3.0
- Return a table of certificate pairs.
-
- .. method:: DNSCryptContext:getCurrentCertificate() -> DNSCryptCert
-
- .. deprecated:: 1.3.0
+ Return the certificate pair with index `index`.
- Return the current certificate. Deprecated as of 1.3.0 since more than one active certificate
- is now supported. For compatibility, it will return the first active certificate.
+ :param int index: The index of the certificate, starting at 0
- .. method:: DNSCryptContext:getOldCertificate() -> DNSCryptCert
+ .. method:: DNSCryptContext:getCertificatePair(index) -> table of DNSCryptCertificatePair
- .. deprecated:: 1.3.0
+ .. versionadded:: 1.3.0
- Return the previous certificate. Deprecated as of 1.3.0 since more than one inactive certificate
- is now supported. For compatibility, it will return the first inactive certificate.
+ Return a table of certificate pairs.
.. method:: DNSCryptContext:getProviderName() -> string
Return the provider name
- .. method:: DNSCryptContext:hasOldCertificate() -> bool
-
- .. deprecated:: 1.3.0
-
- Whether or not the context has a previous certificate, from a certificate rotation. Since
- 1.3.0 several certificates active and inactive certificates can be used at the same time,
- so this function is deprecated. In order to keep compatibility this function will simply
- return `true` if at least one inactive certificate is configured.
-
.. method:: DNSCryptContext:loadNewCertificate(certificate, keyfile[, active])
.. versionchanged:: 1.3.0
# add that new certificate
self.sendConsoleCommand("getDNSCryptBind(0):loadNewCertificate('DNSCryptResolver.cert.2', 'DNSCryptResolver.key.2')")
- oldSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCertificatePair(0):getCertificate():getSerial()")
+ oldSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCertificate(0):getSerial()")
self.assertEquals(int(oldSerial), self._resolverCertificateSerial)
- effectiveSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCertificatePair(1):getCertificate():getSerial()")
+ effectiveSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCertificate(1):getSerial()")
self.assertEquals(int(effectiveSerial), self._resolverCertificateSerial + 1)
- tsStart = self.sendConsoleCommand("getDNSCryptBind(0):getCertificatePair(1):getCertificate():getTSStart()")
+ tsStart = self.sendConsoleCommand("getDNSCryptBind(0):getCertificate(1):getTSStart()")
self.assertEquals(int(tsStart), self._resolverCertificateValidFrom)
- tsEnd = self.sendConsoleCommand("getDNSCryptBind(0):getCertificatePair(1):getCertificate():getTSEnd()")
+ tsEnd = self.sendConsoleCommand("getDNSCryptBind(0):getCertificate(1):getTSEnd()")
self.assertEquals(int(tsEnd), self._resolverCertificateValidUntil)
# we should still be able to send queries with the previous certificate
projects / pdns / commitdiff