diff options
author | Magnus Henoch <[email protected]> | 2015-12-08 18:16:36 +0000 |
---|---|---|
committer | Magnus Henoch <[email protected]> | 2016-04-05 15:21:01 +0100 |
commit | ee2178b073e936760b405b338e473236a5df94ca (patch) | |
tree | e3891e31d17f5066efffb5ea24df31242e6712b7 /lib/public_key/test | |
parent | e5776f33e6aa8ea99b14d3fd0525e9117bbe698a (diff) | |
download | otp-ee2178b073e936760b405b338e473236a5df94ca.tar.gz otp-ee2178b073e936760b405b338e473236a5df94ca.tar.bz2 otp-ee2178b073e936760b405b338e473236a5df94ca.zip |
Function for generating OpenSSL-style name hashes
OpenSSL has functions to generate short (eight hex digits) hashes of
issuers of certificates and CRLs. These hashes are used by the
"c_rehash" script to populate directories of CA certificates and CRLs,
e.g. in the Apache web server. Adding this function lets an Erlang
program find the right CRL for a given certificate in such a
directory.
Diffstat (limited to 'lib/public_key/test')
-rw-r--r-- | lib/public_key/test/public_key_SUITE.erl | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 2fbccbfaa7..2462c17f80 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -43,7 +43,8 @@ all() -> encrypt_decrypt, {group, sign_verify}, pkix, pkix_countryname, pkix_emailaddress, pkix_path_validation, - pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl]. + pkix_iso_rsa_oid, pkix_iso_dsa_oid, pkix_crl, + short_cert_issuer_hash, short_crl_issuer_hash]. groups() -> [{pem_decode_encode, [], [dsa_pem, rsa_pem, ec_pem, encrypted_pem, @@ -805,6 +806,42 @@ pkix_crl(Config) when is_list(Config) -> distributionPoint = Point} = public_key:pkix_dist_point(OTPIDPCert). %%-------------------------------------------------------------------- +short_cert_issuer_hash() -> + [{doc, "Test OpenSSL-style hash for certificate issuer"}]. + +short_cert_issuer_hash(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'Certificate', CertDER, _}] = + erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")), + + %% This hash value was obtained by running: + %% openssl x509 -in client_cert.pem -issuer_hash -noout + CertIssuerHash = "d4c8d7e5", + + #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{issuer = Issuer}} = + public_key:pkix_decode_cert(CertDER, otp), + + CertIssuerHash = public_key:short_name_hash(Issuer). + +%%-------------------------------------------------------------------- +short_crl_issuer_hash() -> + [{doc, "Test OpenSSL-style hash for CRL issuer"}]. + +short_crl_issuer_hash(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'CertificateList', CrlDER, _}] = + erl_make_certs:pem_to_der(filename:join(Datadir, "idp_crl.pem")), + + %% This hash value was obtained by running: + %% openssl crl -in idp_crl.pem -hash -noout + CrlIssuerHash = "d6134ed3", + + Issuer = public_key:pkix_crl_issuer(CrlDER), + + CrlIssuerHash = public_key:short_name_hash(Issuer). + + +%%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- asn1_encode_decode({Asn1Type, Der, not_encrypted} = Entry) -> |