aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/test
diff options
context:
space:
mode:
authorMagnus Henoch <[email protected]>2015-12-08 18:16:36 +0000
committerMagnus Henoch <[email protected]>2016-04-05 15:21:01 +0100
commitee2178b073e936760b405b338e473236a5df94ca (patch)
treee3891e31d17f5066efffb5ea24df31242e6712b7 /lib/public_key/test
parente5776f33e6aa8ea99b14d3fd0525e9117bbe698a (diff)
downloadotp-ee2178b073e936760b405b338e473236a5df94ca.tar.gz
otp-ee2178b073e936760b405b338e473236a5df94ca.tar.bz2
otp-ee2178b073e936760b405b338e473236a5df94ca.zip
Function for generating OpenSSL-style name hashes
OpenSSL has functions to generate short (eight hex digits) hashes of issuers of certificates and CRLs. These hashes are used by the "c_rehash" script to populate directories of CA certificates and CRLs, e.g. in the Apache web server. Adding this function lets an Erlang program find the right CRL for a given certificate in such a directory.
Diffstat (limited to 'lib/public_key/test')
-rw-r--r--lib/public_key/test/public_key_SUITE.erl39
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 2fbccbfaa7..2462c17f80 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -43,7 +43,8 @@ all() ->
encrypt_decrypt,
{group, sign_verify},
pkix, pkix_countryname, pkix_emailaddress, pkix_path_validation,
- pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl].
+ pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl,
+ short_cert_issuer_hash, short_crl_issuer_hash].
groups() ->
[{pem_decode_encode, [], [dsa_pem, rsa_pem, ec_pem, encrypted_pem,
@@ -805,6 +806,42 @@ pkix_crl(Config) when is_list(Config) ->
distributionPoint = Point} = public_key:pkix_dist_point(OTPIDPCert).
%%--------------------------------------------------------------------
+short_cert_issuer_hash() ->
+ [{doc, "Test OpenSSL-style hash for certificate issuer"}].
+
+short_cert_issuer_hash(Config) when is_list(Config) ->
+ Datadir = ?config(data_dir, Config),
+ [{'Certificate', CertDER, _}] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+
+ %% This hash value was obtained by running:
+ %% openssl x509 -in client_cert.pem -issuer_hash -noout
+ CertIssuerHash = "d4c8d7e5",
+
+ #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{issuer = Issuer}} =
+ public_key:pkix_decode_cert(CertDER, otp),
+
+ CertIssuerHash = public_key:short_name_hash(Issuer).
+
+%%--------------------------------------------------------------------
+short_crl_issuer_hash() ->
+ [{doc, "Test OpenSSL-style hash for CRL issuer"}].
+
+short_crl_issuer_hash(Config) when is_list(Config) ->
+ Datadir = ?config(data_dir, Config),
+ [{'CertificateList', CrlDER, _}] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "idp_crl.pem")),
+
+ %% This hash value was obtained by running:
+ %% openssl crl -in idp_crl.pem -hash -noout
+ CrlIssuerHash = "d6134ed3",
+
+ Issuer = public_key:pkix_crl_issuer(CrlDER),
+
+ CrlIssuerHash = public_key:short_name_hash(Issuer).
+
+
+%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
asn1_encode_decode({Asn1Type, Der, not_encrypted} = Entry) ->