OTP-8649 dg/public_key-test-coverage

4 files changed, 48 insertions, 389 deletions

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 799e3820d1..0651dcec29 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -29,7 +29,7 @@
  	 validate_issuer/4, validate_names/6,
 	 validate_revoked_status/3, validate_extensions/4,
 	 validate_unknown_extensions/3,
-	 normalize_general_name/1, digest_type/1, digest/2, is_self_signed/1,
+	 normalize_general_name/1, digest_type/1, is_self_signed/1,
 	 is_issuer/2, issuer_id/2, is_fixed_dh_cert/1]).
 
 -define(NULL, 0).
@@ -130,7 +130,7 @@ validate_signature(OtpCert, DerCert, Key, KeyParams,
 validate_names(OtpCert, Permit, Exclude, Last, AccErr, Verify) ->
     case is_self_signed(OtpCert) andalso (not Last) of
 	true -> 
-	    ok;
+	    AccErr;
 	false ->
 	    TBSCert = OtpCert#'OTPCertificate'.tbsCertificate, 
 	    Subject = TBSCert#'OTPTBSCertificate'.subject,
@@ -197,7 +197,7 @@ normalize_general_name({rdnSequence, Issuer}) ->
 normalize_general_name(Issuer) ->
     Normalize = fun([{Description, Type, {printableString, Value}}]) ->
 			NewValue = string:to_lower(strip_spaces(Value)),
-			{Description, Type, {printableString, NewValue}};
+			[{Description, Type, {printableString, NewValue}}];
 		   (Atter)  ->
 			Atter
 		end,
@@ -275,13 +275,6 @@ digest_type(?md5WithRSAEncryption) ->
 digest_type(?'id-dsa-with-sha1') ->
     sha.
 
-digest(?sha1WithRSAEncryption, Msg) ->
-    crypto:sha(Msg);
-digest(?md5WithRSAEncryption, Msg) ->
-    crypto:md5(Msg);
-digest(?'id-dsa-with-sha1', Msg) ->
-    crypto:sha(Msg).
-
 public_key_info(PublicKeyInfo, 
 		#path_validation_state{working_public_key_algorithm =
 				       WorkingAlgorithm,
@@ -332,12 +325,6 @@ is_dir_name([[{'AttributeTypeAndValue', Type, What1}]|Rest1],
 	true -> is_dir_name(Rest1,Rest2,Exact);
 	false -> false
     end;
-is_dir_name([{'AttributeTypeAndValue', Type, What1}|Rest1],
-	    [{'AttributeTypeAndValue', Type, What2}|Rest2], Exact) ->
-    case is_dir_name2(What1,What2) of
-	true -> is_dir_name(Rest1,Rest2,Exact);
-	false -> false
-    end;
 is_dir_name(_,[],false) ->
     true;
 is_dir_name(_,_,_) ->
diff --git a/lib/public_key/src/pubkey_cert_records.erl b/lib/public_key/src/pubkey_cert_records.erl
index c7d4080adb..ac04e1c2cb 100644
--- a/lib/public_key/src/pubkey_cert_records.erl
+++ b/lib/public_key/src/pubkey_cert_records.erl
@@ -25,8 +25,6 @@
 
 -export([decode_cert/2, encode_cert/1, encode_tbs_cert/1, transform/2]).
 
--export([old_decode_cert/2, old_encode_cert/1]).  %% Debugging and testing new code.
-
 %%====================================================================
 %% Internal application API
 %%====================================================================
@@ -35,77 +33,25 @@ decode_cert(DerCert, plain) ->
     'OTP-PUB-KEY':decode('Certificate', DerCert);
 decode_cert(DerCert, otp) ->
     {ok, Cert} = 'OTP-PUB-KEY':decode('OTPCertificate', DerCert),
-    {ok, decode_all_otp(Cert)}.
-
-old_decode_cert(DerCert, otp) ->
-    {ok, Cert} = 'OTP-PUB-KEY':decode('Certificate', DerCert),
-    {ok, plain_to_otp(Cert)}.
-
-old_encode_cert(Cert) ->
-    PlainCert = otp_to_plain(Cert),
-    {ok, EncCert} = 'OTP-PUB-KEY':encode('Certificate', PlainCert),
-    list_to_binary(EncCert).
-
+    #'OTPCertificate'{tbsCertificate = TBS} = Cert,
+    {ok, Cert#'OTPCertificate'{tbsCertificate = decode_tbs(TBS)}}.
 
 encode_cert(Cert = #'Certificate'{}) ->
     {ok, EncCert} = 'OTP-PUB-KEY':encode('Certificate', Cert),
     list_to_binary(EncCert);
-encode_cert(C = #'OTPCertificate'{tbsCertificate = TBS = 
-				  #'OTPTBSCertificate'{
-						     issuer=Issuer0,
-						     subject=Subject0,
-						     subjectPublicKeyInfo=Spki0,
-						     extensions=Exts0}
-				 }) ->
-    Issuer  = transform(Issuer0,encode),
-    Subject = transform(Subject0,encode),
-    Spki = encode_supportedPublicKey(Spki0),
-    Exts = encode_extensions(Exts0),
-    %%    io:format("Extensions ~p~n",[Exts]),
-    Cert = C#'OTPCertificate'{tbsCertificate=
-			      TBS#'OTPTBSCertificate'{
-				issuer=Issuer, subject=Subject,
-				subjectPublicKeyInfo=Spki,
-				extensions=Exts}},
+encode_cert(C = #'OTPCertificate'{tbsCertificate = TBS}) ->
+    Cert = C#'OTPCertificate'{tbsCertificate=encode_tbs(TBS)},
     {ok, EncCert} = 'OTP-PUB-KEY':encode('OTPCertificate', Cert),
     list_to_binary(EncCert).
 
-encode_tbs_cert(TBS = #'OTPTBSCertificate'{
-		  issuer=Issuer0,
-		  subject=Subject0,
-		  subjectPublicKeyInfo=Spki0,
-		  extensions=Exts0}) ->
-    Issuer  = transform(Issuer0,encode),
-    Subject = transform(Subject0,encode),
-    Spki = encode_supportedPublicKey(Spki0),
-    Exts = encode_extensions(Exts0),
-    TBSCert = TBS#'OTPTBSCertificate'{issuer=Issuer,subject=Subject,
-				      subjectPublicKeyInfo=Spki,extensions=Exts},
-    {ok, EncTBSCert} = 'OTP-PUB-KEY':encode('OTPTBSCertificate', TBSCert),
+encode_tbs_cert(TBS) ->
+    {ok, EncTBSCert} = 'OTP-PUB-KEY':encode('OTPTBSCertificate', encode_tbs(TBS)),
     list_to_binary(EncTBSCert).
 
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
 
-decode_all_otp(C = #'OTPCertificate'{tbsCertificate = TBS = 
-				     #'OTPTBSCertificate'{
-							issuer=Issuer0,
-							subject=Subject0,
-							subjectPublicKeyInfo=Spki0,
-							extensions=Exts0}
-				    }) -> 
-    Issuer  = transform(Issuer0,decode),
-    Subject = transform(Subject0,decode),
-    Spki = decode_supportedPublicKey(Spki0),
-    Exts = decode_extensions(Exts0),
-    %%    io:format("Extensions ~p~n",[Exts]),
-    C#'OTPCertificate'{tbsCertificate=
-		       TBS#'OTPTBSCertificate'{
-			 issuer=Issuer, subject=Subject,
-			 subjectPublicKeyInfo=Spki,extensions=Exts}}.
-
-
 %%% SubjectPublicKey
 supportedPublicKeyAlgorithms(?'rsaEncryption') -> 'RSAPublicKey';
 supportedPublicKeyAlgorithms(?'id-dsa') -> 'DSAPublicKey';
@@ -204,15 +150,35 @@ transform({rdnSequence, SeqList},Func) when is_list(SeqList) ->
      lists:map(fun(Seq) -> 
 		       lists:map(fun(Element) -> transform(Element,Func) end, Seq)
 	       end, SeqList)};
-%% transform(List = [{rdnSequence, _}|_],Func)  ->
-%%     lists:map(fun(Element) -> transform(Element,Func) end, List);
 transform(#'NameConstraints'{permittedSubtrees=Permitted, excludedSubtrees=Excluded}, Func) ->
-    Res = #'NameConstraints'{permittedSubtrees=transform_sub_tree(Permitted,Func),
-			     excludedSubtrees=transform_sub_tree(Excluded,Func)},
-%%    io:format("~p~n",[Res]),
-    Res;
+    #'NameConstraints'{permittedSubtrees=transform_sub_tree(Permitted,Func),
+		       excludedSubtrees=transform_sub_tree(Excluded,Func)};
+	  
 transform(Other,_) ->
     Other.
+
+encode_tbs(TBS=#'OTPTBSCertificate'{issuer=Issuer0,
+				    subject=Subject0,
+				    subjectPublicKeyInfo=Spki0,
+				    extensions=Exts0}) ->
+    Issuer  = transform(Issuer0,encode),
+    Subject = transform(Subject0,encode),
+    Spki = encode_supportedPublicKey(Spki0),
+    Exts = encode_extensions(Exts0),
+    TBS#'OTPTBSCertificate'{issuer=Issuer, subject=Subject,
+			    subjectPublicKeyInfo=Spki,extensions=Exts}.
+
+decode_tbs(TBS = #'OTPTBSCertificate'{issuer=Issuer0,
+				      subject=Subject0,
+				      subjectPublicKeyInfo=Spki0,
+				      extensions=Exts0}) -> 
+    Issuer  = transform(Issuer0,decode),
+    Subject = transform(Subject0,decode),
+    Spki = decode_supportedPublicKey(Spki0),
+    Exts = decode_extensions(Exts0),
+    TBS#'OTPTBSCertificate'{issuer=Issuer, subject=Subject,
+			    subjectPublicKeyInfo=Spki,extensions=Exts}.
+
 transform_sub_tree(asn1_NOVALUE,_) -> asn1_NOVALUE;
 transform_sub_tree(TreeList,Func) ->
     [Tree#'GeneralSubtree'{base=transform(Name,Func)} || 
@@ -236,303 +202,3 @@ attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
 attribute_type(?'id-domainComponent') -> 'DomainComponent';
 attribute_type(?'id-emailAddress') -> 'EmailAddress';
 attribute_type(Type) -> Type.
-
-%%% Old code transforms
-
-plain_to_otp(#'Certificate'{tbsCertificate = TBSCert,
-			    signatureAlgorithm = SigAlg,
-			    signature = Signature} = Cert) ->
-    Cert#'Certificate'{tbsCertificate = plain_to_otp(TBSCert), 
-		       signatureAlgorithm = plain_to_otp(SigAlg),
-		       signature = plain_to_otp(Signature)};
-
-plain_to_otp(#'TBSCertificate'{signature = Signature,
-			       issuer = Issuer,
-			       subject = Subject,
-			       subjectPublicKeyInfo = SPubKeyInfo,
-			       extensions = Extensions} = TBSCert) ->
-    
-    TBSCert#'TBSCertificate'{signature = plain_to_otp(Signature),
-			     issuer = plain_to_otp(Issuer),
-			     subject = 
-			     plain_to_otp(Subject),
-			     subjectPublicKeyInfo = 
-			     plain_to_otp(SPubKeyInfo),
-			     extensions = 
-			     plain_to_otp_extensions(Extensions)
-			    };
-
-plain_to_otp(#'AlgorithmIdentifier'{algorithm = Algorithm, 
-				    parameters = Params}) ->
-    SignAlgAny = 
-	#'SignatureAlgorithm-Any'{algorithm = Algorithm, 
-				  parameters = Params},
-    {ok, AnyEnc} = 'OTP-PUB-KEY':encode('SignatureAlgorithm-Any', 
-					SignAlgAny),
-    {ok, SignAlg} = 'OTP-PUB-KEY':decode('SignatureAlgorithm', 
-					list_to_binary(AnyEnc)),
-    SignAlg;
-
-plain_to_otp({rdnSequence, SeqList}) when is_list(SeqList) ->
-    {rdnSequence, 
-     lists:map(fun(Seq) -> 
-		       lists:map(fun(Element) -> 
-					 plain_to_otp(Element)
-				 end,
-				 Seq)
-	       end, SeqList)};
-
-plain_to_otp(#'AttributeTypeAndValue'{} = ATAV) ->
-    {ok, ATAVEnc} = 
-	'OTP-PUB-KEY':encode('AttributeTypeAndValue', ATAV),
-    {ok, ATAVDec} = 'OTP-PUB-KEY':decode('OTPAttributeTypeAndValue', 
-				      list_to_binary(ATAVEnc)),
-    #'AttributeTypeAndValue'{type = ATAVDec#'OTPAttributeTypeAndValue'.type,
-			     value =  
-			     ATAVDec#'OTPAttributeTypeAndValue'.value};
-
-plain_to_otp(#'SubjectPublicKeyInfo'{algorithm = 
-				     #'AlgorithmIdentifier'{algorithm 
-							    = Algo,
-							    parameters = 
-							    Params},
-				     subjectPublicKey = PublicKey}) ->
-    
-    AnyAlgo = #'PublicKeyAlgorithm'{algorithm = Algo, 
-				    parameters = Params},
-    {0, AnyKey} = PublicKey,
-    AnyDec = #'OTPSubjectPublicKeyInfo-Any'{algorithm = AnyAlgo,
-					      subjectPublicKey = AnyKey},
-    {ok, AnyEnc} = 
-	'OTP-PUB-KEY':encode('OTPSubjectPublicKeyInfo-Any', AnyDec),
-    {ok, InfoDec} = 'OTP-PUB-KEY':decode('OTPOLDSubjectPublicKeyInfo', 
-					 list_to_binary(AnyEnc)),
-
-    AlgorithmDec = InfoDec#'OTPOLDSubjectPublicKeyInfo'.algorithm,
-    AlgoDec = AlgorithmDec#'OTPOLDSubjectPublicKeyInfo_algorithm'.algo, 
-    NewParams = AlgorithmDec#'OTPOLDSubjectPublicKeyInfo_algorithm'.parameters,
-    PublicKeyDec = InfoDec#'OTPOLDSubjectPublicKeyInfo'.subjectPublicKey,
-    NewAlgorithmDec = 
-	#'SubjectPublicKeyInfoAlgorithm'{algorithm = AlgoDec, 
-					  parameters = NewParams},
-    #'SubjectPublicKeyInfo'{algorithm = NewAlgorithmDec,
-			    subjectPublicKey = PublicKeyDec
-			   };
-
-plain_to_otp(#'Extension'{extnID = ExtID, 
-			  critical = Critical,
-			  extnValue = Value}) 
-  when  ExtID == ?'id-ce-authorityKeyIdentifier';
-	ExtID == ?'id-ce-subjectKeyIdentifier';
-	ExtID == ?'id-ce-keyUsage';
-	ExtID == ?'id-ce-privateKeyUsagePeriod';
-	ExtID == ?'id-ce-certificatePolicies';
-	ExtID == ?'id-ce-policyMappings';
-	ExtID == ?'id-ce-subjectAltName';
-	ExtID == ?'id-ce-issuerAltName';
-	ExtID == ?'id-ce-subjectDirectoryAttributes';
-	ExtID == ?'id-ce-basicConstraints';
-	ExtID == ?'id-ce-nameConstraints';
-	ExtID == ?'id-ce-policyConstraints';
-	ExtID == ?'id-ce-extKeyUsage';
-	ExtID == ?'id-ce-cRLDistributionPoints';
-	ExtID == ?'id-ce-inhibitAnyPolicy';
-	ExtID == ?'id-ce-freshestCRL' ->    
-    ExtAny = #'Extension-Any'{extnID = ExtID,
-			      critical = Critical,
-			      extnValue = Value},
-    {ok, AnyEnc} = 'OTP-PUB-KEY':encode('Extension-Any', ExtAny),
-    {ok, ExtDec} =  'OTP-PUB-KEY':decode('OTPExtension', 
-				      list_to_binary(AnyEnc)),
-    
-    ExtValue = plain_to_otp_extension_value(ExtID, 
-					    ExtDec#'OTPExtension'.extnValue),
-    #'Extension'{extnID = ExtID,
-		 critical = ExtDec#'OTPExtension'.critical,
-		 extnValue = ExtValue};
-
-plain_to_otp(#'Extension'{} = Ext) ->
-    Ext;
-
-plain_to_otp(#'AuthorityKeyIdentifier'{} = Ext) ->
-    CertIssuer = Ext#'AuthorityKeyIdentifier'.authorityCertIssuer,
-    Ext#'AuthorityKeyIdentifier'{authorityCertIssuer = 
-				 plain_to_otp(CertIssuer)};
-
-
-plain_to_otp([{directoryName, Value}]) ->
-    [{directoryName, plain_to_otp(Value)}];
-
-plain_to_otp(Value) ->
-    Value.
-
-otp_to_plain(#'Certificate'{tbsCertificate = TBSCert,
-			    signatureAlgorithm = SigAlg,
-			    signature = Signature} = Cert) ->
-    Cert#'Certificate'{tbsCertificate = otp_to_plain(TBSCert), 
-		       signatureAlgorithm = 
-		       otp_to_plain(SigAlg),
-		       signature = otp_to_plain(Signature)};
-
-otp_to_plain(#'TBSCertificate'{signature = Signature,
-			       issuer = Issuer,
-			       subject = Subject,
-			       subjectPublicKeyInfo = SPubKeyInfo,
-			       extensions = Extensions} = TBSCert) ->
-    
-    TBSCert#'TBSCertificate'{signature = otp_to_plain(Signature),
-			     issuer = otp_to_plain(Issuer),
-			     subject = 
-			     otp_to_plain(Subject),
-			     subjectPublicKeyInfo = 
-			     otp_to_plain(SPubKeyInfo),
-			     extensions = otp_to_plain_extensions(Extensions)
-			    };
-
-otp_to_plain(#'SignatureAlgorithm'{} = SignAlg) ->
-    {ok, EncSignAlg} = 'OTP-PUB-KEY':encode('SignatureAlgorithm', SignAlg),
-    {ok, #'SignatureAlgorithm-Any'{algorithm = Algorithm, 
-				   parameters = Params}} = 
-	'OTP-PUB-KEY':decode('SignatureAlgorithm-Any', 
-			     list_to_binary(EncSignAlg)),
-    #'AlgorithmIdentifier'{algorithm = Algorithm, 
-			   parameters = Params};
-
-otp_to_plain({rdnSequence, SeqList}) when is_list(SeqList) ->
-    {rdnSequence, 
-     lists:map(fun(Seq) -> 
-		       lists:map(fun(Element) -> 
-					 otp_to_plain(Element)
-				 end,
-				 Seq)
-	       end, SeqList)};
-
-otp_to_plain(#'AttributeTypeAndValue'{type = Type, value = Value}) ->
-    {ok, ATAVEnc} = 
-	'OTP-PUB-KEY':encode('OTPAttributeTypeAndValue', 
-			     #'OTPAttributeTypeAndValue'{type = Type, 
-							 value = Value}),
-    {ok, ATAVDec} = 'OTP-PUB-KEY':decode('AttributeTypeAndValue', 
-					 list_to_binary(ATAVEnc)),
-    ATAVDec;
-
-otp_to_plain(#'SubjectPublicKeyInfo'{algorithm = 
-				     #'SubjectPublicKeyInfoAlgorithm'{
-				       algorithm = Algo,
-				       parameters = 
-				       Params},
-				     subjectPublicKey = PublicKey}) ->
-    
-    OtpAlgo = #'OTPOLDSubjectPublicKeyInfo_algorithm'{algo = Algo,
-						   parameters = Params},
-    OtpDec = #'OTPOLDSubjectPublicKeyInfo'{algorithm = OtpAlgo,
-					    subjectPublicKey = PublicKey},
-    {ok, OtpEnc} = 
-	'OTP-PUB-KEY':encode('OTPOLDSubjectPublicKeyInfo', OtpDec),
-    
-    {ok, AnyDec} = 'OTP-PUB-KEY':decode('OTPSubjectPublicKeyInfo-Any', 
-					list_to_binary(OtpEnc)),
-    
-    #'OTPSubjectPublicKeyInfo-Any'{algorithm = #'PublicKeyAlgorithm'{
-				     algorithm = NewAlgo,
-				     parameters = NewParams},
-				   subjectPublicKey = Bin} = AnyDec,
-    
-    #'SubjectPublicKeyInfo'{algorithm = 
-			    #'AlgorithmIdentifier'{
-			      algorithm = NewAlgo,
-			      parameters = plain_key_params(NewParams)}, 
-			    subjectPublicKey = 
-			    {0, Bin}
-			   };
-
-otp_to_plain(#'Extension'{extnID = ExtID, 
-			  extnValue = Value} = Ext) ->
-    ExtValue = 
-	otp_to_plain_extension_value(ExtID, Value),
-    
-    Ext#'Extension'{extnValue = ExtValue};
-
-otp_to_plain(#'AuthorityKeyIdentifier'{} = Ext) ->
-    CertIssuer = Ext#'AuthorityKeyIdentifier'.authorityCertIssuer,
-    Ext#'AuthorityKeyIdentifier'{authorityCertIssuer = 
-				 otp_to_plain(CertIssuer)};
-
-otp_to_plain([{directoryName, Value}]) ->
-    [{directoryName, otp_to_plain(Value)}];
-
-otp_to_plain(Value) ->
-    Value.
-
-plain_key_params('NULL') ->
-   <<5,0>>;
-plain_key_params(Value) ->
-    Value.
-
-plain_to_otp_extension_value(?'id-ce-authorityKeyIdentifier', Value) ->
-    plain_to_otp(Value);
-plain_to_otp_extension_value(_, Value) ->
-    Value.
-
-plain_to_otp_extensions(Exts) when is_list(Exts) ->
-    lists:map(fun(Ext) -> plain_to_otp(Ext) end, Exts).
-
-otp_to_plain_extension_value(?'id-ce-authorityKeyIdentifier', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('AuthorityKeyIdentifier',
-				     otp_to_plain(Value)),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-subjectKeyIdentifier', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectKeyIdentifier', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-keyUsage', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('KeyUsage', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-privateKeyUsagePeriod', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('PrivateKeyUsagePeriod', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-certificatePolicies', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('CertificatePolicies', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-policyMappings', Value) ->
-    {ok, Enc} = 'OTP-PUB-KEY':encode('PolicyMappings', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-subjectAltName', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectAltName', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-issuerAltName', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('IssuerAltName', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-subjectDirectoryAttributes', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('SubjectDirectoryAttributes', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-basicConstraints', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('BasicConstraints', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-nameConstraints', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('NameConstraints', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-policyConstraints', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('PolicyConstraints', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-extKeyUsage', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('ExtKeyUsage', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-cRLDistributionPoints', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('CRLDistributionPoints', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-inhibitAnyPolicy', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('InhibitAnyPolicy', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(?'id-ce-freshestCRL', Value) ->
- {ok, Enc} = 'OTP-PUB-KEY':encode('FreshestCRL', Value),
-    otp_to_plain_extension_value_format(Enc);
-otp_to_plain_extension_value(_Id, Value) ->
-    Value.
-
-otp_to_plain_extension_value_format(Value) -> 
-    list_to_binary(Value).
-
-otp_to_plain_extensions(Exts) when is_list(Exts) ->
-    lists:map(fun(Ext) ->
-		      otp_to_plain(Ext)
-	      end, Exts).
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 9fc17b6f73..65879f1bbe 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -124,25 +124,31 @@ decode_file2([L|Rest], RLs, Ens, Tag, Info0) ->
 decode_file2([], _, Ens, _, _) ->
     {ok, lists:reverse(Ens)}.
 
-%% TODO Support same as decode_file
+%% Support same as decode_file
 encode_file(Ds) ->
     lists:map(
-      fun({cert, Bin}) -> 
+      fun({cert, Bin, not_encrypted}) -> 
 	      %% PKIX (X.509)
 	      ["-----BEGIN CERTIFICATE-----\n",
 	       b64encode_and_split(Bin),
 	       "-----END CERTIFICATE-----\n\n"];
-	 ({cert_req, Bin}) -> 
+	 ({cert_req, Bin, not_encrypted}) -> 
 	      %% PKCS#10
 	      ["-----BEGIN CERTIFICATE REQUEST-----\n",
 	       b64encode_and_split(Bin),
 	       "-----END CERTIFICATE REQUEST-----\n\n"];
-	 ({rsa_private_key, Bin}) -> 
+	 ({rsa_private_key, Bin, not_encrypted}) -> 
 	      %% PKCS#?
 	      ["XXX Following key assumed not encrypted\n",
 	       "-----BEGIN RSA PRIVATE KEY-----\n",
 	       b64encode_and_split(Bin),
-	       "-----END RSA PRIVATE KEY-----\n\n"]
+	       "-----END RSA PRIVATE KEY-----\n\n"];
+	 ({dsa_private_key, Bin, not_encrypted}) -> 
+	      %% PKCS#?
+	      ["XXX Following key assumed not encrypted\n",
+	       "-----BEGIN DSA PRIVATE KEY-----\n",
+	       b64encode_and_split(Bin),
+	       "-----END DSA PRIVATE KEY-----\n\n"]
       end, Ds).
 
 dek_info(Line0, Info) ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 157e76bb21..d1d45f21a0 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -113,13 +113,13 @@ decrypt_public(CipherText, Key, Options)  ->
 encrypt_public(PlainText, Key) ->
     encrypt_public(PlainText, Key, []).
 encrypt_public(PlainText, Key, Options)  ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_oaep_padding),
+    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
     pubkey_crypto:encrypt_public(PlainText, Key, Padding).
 
 encrypt_private(PlainText, Key) ->
     encrypt_private(PlainText, Key, []).
 encrypt_private(PlainText, Key, Options)  ->
-    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_oaep_padding),
+    Padding = proplists:get_value(rsa_pad, Options, rsa_pkcs1_padding),
     pubkey_crypto:encrypt_private(PlainText, Key, Padding).
 
 %%--------------------------------------------------------------------