public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27

Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.

Refactor code so that all handling of the "duplicate" oids is done by
public_key.

Update algorithm information in documentation.

3 files changed, 66 insertions, 2 deletions

diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index ea48479f0b..0de80edeac 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,8 @@ all() ->
      {group, ssh_public_key_decode_encode},
      encrypt_decrypt,
      {group, sign_verify},
-     pkix, pkix_countryname, pkix_path_validation].
+     pkix, pkix_countryname, pkix_path_validation,
+     pkix_iso_rsa_oid, pkix_iso_dsa_oid].
 
 groups() -> 
     [{pem_decode_encode, [], [dsa_pem, rsa_pem, encrypted_pem,
@@ -688,6 +689,31 @@ pkix_path_validation(Config) when is_list(Config) ->
 	public_key:pkix_path_validation(unknown_ca, [Cert1], [{verify_fun,
 							      VerifyFunAndState1}]),
     ok.
+
+%%--------------------------------------------------------------------
+pkix_iso_rsa_oid() ->
+ [{doc, "Test workaround for supporting certs that use ISO oids"
+   " 1.3.14.3.2.29 instead of PKIX/PKCS oid"}].
+pkix_iso_rsa_oid(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+    {ok, PemCert} = file:read_file(filename:join(Datadir, "rsa_ISO.pem")),
+    [{_, Cert, _}] = public_key:pem_decode(PemCert),
+    OTPCert = public_key:pkix_decode_cert(Cert, otp),
+    SigAlg = OTPCert#'OTPCertificate'.signatureAlgorithm,
+    {_, rsa} = public_key:pkix_sign_types(SigAlg#'SignatureAlgorithm'.algorithm).
+
+%%--------------------------------------------------------------------
+pkix_iso_dsa_oid() ->
+ [{doc, "Test workaround for supporting certs that use ISO oids"
+   "1.3.14.3.2.27 instead of PKIX/PKCS oid"}].
+pkix_iso_dsa_oid(Config) when is_list(Config) ->
+    Datadir = ?config(data_dir, Config),
+    {ok, PemCert} = file:read_file(filename:join(Datadir, "dsa_ISO.pem")),
+    [{_, Cert, _}] = public_key:pem_decode(PemCert),
+    OTPCert = public_key:pkix_decode_cert(Cert, otp),
+    SigAlg = OTPCert#'OTPCertificate'.signatureAlgorithm,
+    {_, dsa} = public_key:pkix_sign_types(SigAlg#'SignatureAlgorithm'.algorithm).
+
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------
diff --git a/lib/public_key/test/public_key_SUITE_data/dsa_ISO.pem b/lib/public_key/test/public_key_SUITE_data/dsa_ISO.pem
new file mode 100644
index 0000000000..d3541367f0
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/dsa_ISO.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAqygAwIBAgIQZIIqq4RXfpBKJXV69Jc4BjCCASwGByqGSM44BAMwggEf
+AoGBALez5tklY5CdFeTMos899pA6i4u4uCtszgBzrdBk6cl5FVqzdzWMGTQiynnT
+pGsrOESinzP06Ip+pG15We2OORwgvCxD/W95aCiN0/+MdiXqlsmboBARMzsa+SmB
+ENN3gF/+tuuEAFzOXU1q2cmEywRLyfbM2KIBVE/TChWYw2eRAhUA1R64VvcQ90XA
+8SOKVDmMA0dBzukCgYEAlLMYP0pbgBlgHQVO3/avAHlWNrIq52Lxk7SdPJWgMvPj
+TK9Z6sv88kxsCcydtjvO439j1yqcwk50GQc+86ktBWWz93/HkIdnFyqafef4mmWv
+m2Uq6ClQKS+A0Asfaj8Mys+HUMiI+qsfdjRbyIpwb7MX1nsVdsKzALnZNMW27A0w
+HTEbMBkGA1UEAxMSSVNBIFRlc3QgQXV0aG9yaXR5MB4XDTEyMDMyMDE3MTMyMVoX
+DTM5MTIzMTIzNTk1OVowHTEbMBkGA1UEAxMSSVNBIFRlc3QgQXV0aG9yaXR5MIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqe3oVLIVBVIPI/uZjrciELODKxPEE
+SDWoNvycEeP1ERF5kDlRDmLIQ51Nt0vI5pKTasnIDbB1ONiQ2cvMrj2dkWWl/z2v
+f9tqQAzBm/r1LcUmL1bbP2bgk+//n5AJicU1FKecfDeZo0SXChDKSfH3ojdbsS5U
+68q0qGHgNoPRawIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/ME4GA1UdAQRHMEWA
+EEIfCfbwCZs35y8mXWInVuyhHzAdMRswGQYDVQQDExJJU0EgVGVzdCBBdXRob3Jp
+dHmCEGSCKquEV36QSiV1evSXOAYwggEsBgcqhkjOOAQDMIIBHwKBgQC3s+bZJWOQ
+nRXkzKLPPfaQOouLuLgrbM4Ac63QZOnJeRVas3c1jBk0Isp506RrKzhEop8z9OiK
+fqRteVntjjkcILwsQ/1veWgojdP/jHYl6pbJm6AQETM7GvkpgRDTd4Bf/rbrhABc
+zl1NatnJhMsES8n2zNiiAVRP0woVmMNnkQIVANUeuFb3EPdFwPEjilQ5jANHQc7p
+AoGBAJSzGD9KW4AZYB0FTt/2rwB5VjayKudi8ZO0nTyVoDLz40yvWerL/PJMbAnM
+nbY7zuN/Y9cqnMJOdBkHPvOpLQVls/d/x5CHZxcqmn3n+Jplr5tlKugpUCkvgNAL
+H2o/DMrPh1DIiPqrH3Y0W8iKcG+zF9Z7FXbCswC52TTFtuwNAzAAMC0CFH/KmkwI
+wnL9ecefLjQZ9Au52Kt5AhUAqJ5UEy2hIjCkdBoyuwOVPp5qnUw=
+-----END CERTIFICATE-----
diff --git a/lib/public_key/test/public_key_SUITE_data/rsa_ISO.pem b/lib/public_key/test/public_key_SUITE_data/rsa_ISO.pem
new file mode 100644
index 0000000000..f82efdefc5
--- /dev/null
+++ b/lib/public_key/test/public_key_SUITE_data/rsa_ISO.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGjCCAYegAwIBAgIQZIIqq4RXfpBKJXV69Jc4BjAJBgUrDgMCHQUAMB0xGzAZ
+BgNVBAMTEklTQSBUZXN0IEF1dGhvcml0eTAeFw0xMjAzMjAxNzEzMjFaFw0zOTEy
+MzEyMzU5NTlaMB0xGzAZBgNVBAMTEklTQSBUZXN0IEF1dGhvcml0eTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAqnt6FSyFQVSDyP7mY63IhCzgysTxBEg1qDb8
+nBHj9REReZA5UQ5iyEOdTbdLyOaSk2rJyA2wdTjYkNnLzK49nZFlpf89r3/bakAM
+wZv69S3FJi9W2z9m4JPv/5+QCYnFNRSnnHw3maNElwoQyknx96I3W7EuVOvKtKhh
+4DaD0WsCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zBOBgNVHQEERzBFgBBCHwn2
+8AmbN+cvJl1iJ1bsoR8wHTEbMBkGA1UEAxMSSVNBIFRlc3QgQXV0aG9yaXR5ghBk
+giqrhFd+kEoldXr0lzgGMAkGBSsOAwIdBQADgYEAIlVecua5Cr1z/cdwQ8znlgOU
+U+y/uzg0nupKkopzVnRYhwV4hxZt3izAz4C/SJZB7eL0bUKlg1ceGjbQsGEm0fzF
+LEV3vym4G51bxv03Iecwo96G4NgjJ7+9/7ciBVzfxZyfuCpYG1M2LyrbOyuevtTy
+2+vIueT0lv6UftgBfIE=
+-----END CERTIFICATE-----