Merge branch 'ia/public_key_api/OTP-8722' into dev

* ia/public_key_api/OTP-8722:
  Revise the public_key API

Resolved, version is now 0.8.
Conflicts:
	lib/public_key/vsn.mk

4 files changed, 63 insertions, 59 deletions

diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 1d2cea6c72..c9db0d3851 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -56,7 +56,7 @@
 make_cert(Opts) ->
     SubjectPrivateKey = get_key(Opts),
     {TBSCert, IssuerKey} = make_tbs(SubjectPrivateKey, Opts),
-    Cert = public_key:sign(TBSCert, IssuerKey),
+    Cert = public_key:pkix_sign(TBSCert, IssuerKey),
     true = verify_signature(Cert, IssuerKey, undef), %% verify that the keys where ok
     {Cert, encode_key(SubjectPrivateKey)}.
 
@@ -66,8 +66,9 @@ make_cert(Opts) ->
 %% @end
 %%--------------------------------------------------------------------
 write_pem(Dir, FileName, {Cert, Key = {_,_,not_encrypted}}) when is_binary(Cert) ->
-    ok = public_key:der_to_pem(filename:join(Dir, FileName ++ ".pem"), [{cert, Cert, not_encrypted}]),
-    ok = public_key:der_to_pem(filename:join(Dir, FileName ++ "_key.pem"), [Key]).
+    ok = ssl_test_lib:der_to_pem(filename:join(Dir, FileName ++ ".pem"), 
+			       [{'Certificate', Cert, not_encrypted}]),
+    ok = ssl_test_lib:der_to_pem(filename:join(Dir, FileName ++ "_key.pem"), [Key]).
 
 %%--------------------------------------------------------------------
 %% @doc Creates a rsa key (OBS: for testing only)
@@ -94,18 +95,14 @@ gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
 %% @spec (::binary(), ::tuple()) -> ::boolean()
 %% @end
 %%--------------------------------------------------------------------
-verify_signature(DerEncodedCert, DerKey, KeyParams) ->
+verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
     Key = decode_key(DerKey),
     case Key of 
 	#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} ->
-	    public_key:verify_signature(DerEncodedCert, 
-					#'RSAPublicKey'{modulus=Mod, publicExponent=Exp}, 
-					'NULL');
+	    public_key:pkix_verify(DerEncodedCert, 
+				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
 	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:verify_signature(DerEncodedCert, Y, #'Dss-Parms'{p=P, q=Q, g=G});
-
-	_  ->
-	    public_key:verify_signature(DerEncodedCert, Key, KeyParams)
+	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -132,19 +129,18 @@ decode_key(#'RSAPrivateKey'{} = Key,_) ->
     Key;
 decode_key(#'DSAPrivateKey'{} = Key,_) ->
     Key;
-decode_key(Der = {_,_,_}, Pw) ->
-    {ok, Key} = public_key:decode_private_key(Der, Pw),
-    Key;
-decode_key(FileOrDer, Pw) ->
-    {ok, [KeyInfo]} = public_key:pem_to_der(FileOrDer),
+decode_key(PemEntry = {_,_,_}, Pw) ->
+    public_key:pem_entry_decode(PemEntry, Pw);
+decode_key(PemBin, Pw) ->
+    [KeyInfo] = public_key:pem_decode(PemBin),
     decode_key(KeyInfo, Pw).
 
 encode_key(Key = #'RSAPrivateKey'{}) ->
     {ok, Der} = 'OTP-PUB-KEY':encode('RSAPrivateKey', Key),
-    {rsa_private_key, list_to_binary(Der), not_encrypted};   
+    {'RSAPrivateKey', list_to_binary(Der), not_encrypted};   
 encode_key(Key = #'DSAPrivateKey'{}) ->
     {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {dsa_private_key, list_to_binary(Der), not_encrypted}.
+    {'DSAPrivateKey', list_to_binary(Der), not_encrypted}.
 
 make_tbs(SubjectKey, Opts) ->    
     Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
@@ -178,7 +174,7 @@ issuer(Opts, SubjectKey) ->
     end.
 
 issuer_der(Issuer) ->
-    {ok, Decoded} = public_key:pkix_decode_cert(Issuer, otp),
+    Decoded = public_key:pkix_decode_cert(Issuer, otp),
     #'OTPCertificate'{tbsCertificate=Tbs} = Decoded,
     #'OTPTBSCertificate'{subject=Subject} = Tbs,
     Subject.
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index c42a88b02f..53142250e8 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -579,8 +579,8 @@ peercert(Config) when is_list(Config) ->
 			   {options, ClientOpts}]),
     
     CertFile = proplists:get_value(certfile, ServerOpts),
-    {ok, [{cert, BinCert, _}]} = public_key:pem_to_der(CertFile),
-    {ok, ErlCert} = public_key:pkix_decode_cert(BinCert, otp),
+    [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
+    ErlCert = public_key:pkix_decode_cert(BinCert, otp),
        
     ServerMsg = {{error, no_peercert}, {error, no_peercert}},
     ClientMsg = {{ok, BinCert}, {ok, ErlCert}},
@@ -2526,35 +2526,35 @@ extended_key_usage(Config) when is_list(Config) ->
     PrivDir = ?config(priv_dir, Config),
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"), 
-    {ok, [KeyInfo]} = public_key:pem_to_der(KeyFile),
-    {ok, Key} = public_key:decode_private_key(KeyInfo),
+    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+    Key = public_key:pem_entry_decode(KeyEntry),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
-    {ok, [{cert, ServerDerCert, _}]} = public_key:pem_to_der(ServerCertFile),
-    {ok, ServerOTPCert} = public_key:pkix_decode_cert(ServerDerCert, otp),
+    [{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
+    ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
     ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
     ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
     ServerExtensions =  ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
     NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions = 
 							       [ServerExtKeyUsageExt | 
 								ServerExtensions]},
-    NewServerDerCert = public_key:sign(NewServerOTPTbsCert, Key), 
-    public_key:der_to_pem(NewServerCertFile, [{cert, NewServerDerCert, not_encrypted}]),
+    NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
     NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
     
     ClientCertFile = proplists:get_value(certfile, ClientOpts),
     NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
-    {ok, [{cert, ClientDerCert, _}]} = public_key:pem_to_der(ClientCertFile),
-    {ok, ClientOTPCert} = public_key:pkix_decode_cert(ClientDerCert, otp),
+    [{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
+    ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
     ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
     ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
     ClientExtensions =  ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
     NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions = 
  							       [ClientExtKeyUsageExt |
  								ClientExtensions]},
-    NewClientDerCert = public_key:sign(NewClientOTPTbsCert, Key), 
-    public_key:der_to_pem(NewClientCertFile, [{cert, NewClientDerCert, not_encrypted}]),
+    NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
     NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2622,13 +2622,13 @@ no_authority_key_identifier(Config) when is_list(Config) ->
     PrivDir = ?config(priv_dir, Config),
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
-    {ok, [KeyInfo]} = public_key:pem_to_der(KeyFile),
-    {ok, Key} = public_key:decode_private_key(KeyInfo),
+    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+    Key = public_key:pem_entry_decode(KeyEntry),
 
     CertFile = proplists:get_value(certfile, ServerOpts),
     NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
-    {ok, [{cert, DerCert, _}]} = public_key:pem_to_der(CertFile),
-    {ok, OTPCert} = public_key:pkix_decode_cert(DerCert, otp),
+    [{'Certificate', DerCert, _}] = ssl_test_lib:pem_to_der(CertFile),
+    OTPCert = public_key:pkix_decode_cert(DerCert, otp),
     OTPTbsCert = OTPCert#'OTPCertificate'.tbsCertificate,
     Extensions =  OTPTbsCert#'OTPTBSCertificate'.extensions,
     NewExtensions =  delete_authority_key_extension(Extensions, []),
@@ -2636,8 +2636,8 @@ no_authority_key_identifier(Config) when is_list(Config) ->
 
     test_server:format("Extensions ~p~n, NewExtensions: ~p~n", [Extensions, NewExtensions]),
 
-    NewDerCert = public_key:sign(NewOTPTbsCert, Key), 
-    public_key:der_to_pem(NewCertFile, [{cert, NewDerCert, not_encrypted}]),
+    NewDerCert = public_key:pkix_sign(NewOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewCertFile, [{'Certificate', NewDerCert, not_encrypted}]),
     NewServerOpts = [{certfile, NewCertFile} | proplists:delete(certfile, ServerOpts)],
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2680,16 +2680,16 @@ invalid_signature_server(Config) when is_list(Config) ->
     PrivDir = ?config(priv_dir, Config),
    
     KeyFile = filename:join(PrivDir, "server/key.pem"),
-    {ok, [KeyInfo]} = public_key:pem_to_der(KeyFile),
-    {ok, Key} = public_key:decode_private_key(KeyInfo),
+    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+    Key = public_key:pem_entry_decode(KeyEntry),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
-    {ok, [{cert, ServerDerCert, _}]} = public_key:pem_to_der(ServerCertFile),
-    {ok, ServerOTPCert} = public_key:pkix_decode_cert(ServerDerCert, otp),
+    [{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
+    ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
     ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
-    NewServerDerCert = public_key:sign(ServerOTPTbsCert, Key), 
-    public_key:der_to_pem(NewServerCertFile, [{cert, NewServerDerCert, not_encrypted}]),
+    NewServerDerCert = public_key:pkix_sign(ServerOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
     NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
     
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2720,16 +2720,16 @@ invalid_signature_client(Config) when is_list(Config) ->
     PrivDir = ?config(priv_dir, Config),
    
     KeyFile = filename:join(PrivDir, "client/key.pem"),
-    {ok, [KeyInfo]} = public_key:pem_to_der(KeyFile),
-    {ok, Key} = public_key:decode_private_key(KeyInfo),
+    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+    Key = public_key:pem_entry_decode(KeyEntry),
 
     ClientCertFile = proplists:get_value(certfile, ClientOpts),
     NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
-    {ok, [{cert, ClientDerCert, _}]} = public_key:pem_to_der(ClientCertFile),
-    {ok, ClientOTPCert} = public_key:pkix_decode_cert(ClientDerCert, otp),
+    [{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
+    ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
     ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
-    NewClientDerCert = public_key:sign(ClientOTPTbsCert, Key), 
-    public_key:der_to_pem(NewClientCertFile, [{cert, NewClientDerCert, not_encrypted}]),
+    NewClientDerCert = public_key:pkix_sign(ClientOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
     NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2797,13 +2797,13 @@ cert_expired(Config) when is_list(Config) ->
     PrivDir = ?config(priv_dir, Config),
    
     KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
-    {ok, [KeyInfo]} = public_key:pem_to_der(KeyFile),
-    {ok, Key} = public_key:decode_private_key(KeyInfo),
+    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+    Key = public_key:pem_entry_decode(KeyEntry),
 
     ServerCertFile = proplists:get_value(certfile, ServerOpts),
     NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
-    {ok, [{cert, DerCert, _}]} = public_key:pem_to_der(ServerCertFile),
-    {ok, OTPCert} = public_key:pkix_decode_cert(DerCert, otp),
+    [{'Certificate', DerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
+    OTPCert = public_key:pkix_decode_cert(DerCert, otp),
     OTPTbsCert = OTPCert#'OTPCertificate'.tbsCertificate,
 
     {Year, Month, Day} = date(),
@@ -2826,8 +2826,8 @@ cert_expired(Config) when is_list(Config) ->
 		       [OTPTbsCert#'OTPTBSCertificate'.validity, NewValidity]),
 
     NewOTPTbsCert =  OTPTbsCert#'OTPTBSCertificate'{validity = NewValidity},
-    NewServerDerCert = public_key:sign(NewOTPTbsCert, Key), 
-    public_key:der_to_pem(NewServerCertFile, [{cert, NewServerDerCert, not_encrypted}]),
+    NewServerDerCert = public_key:pkix_sign(NewOTPTbsCert, Key), 
+    ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
     NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
     
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 1b8754afe9..fac84a85cd 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -1770,7 +1770,7 @@ packet_asn1_decode(Config) when is_list(Config) ->
     File = proplists:get_value(certfile, ServerOpts),
 
     %% A valid asn1 BER packet (DER is stricter BER)
-    {ok,[{cert, Data, _}]} = public_key:pem_to_der(File),
+    [{'Certificate', Data, _}] = ssl_test_lib:pem_to_der(File),
     
     Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
 					{from, self()},
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index e34b6782a6..c7ff015034 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -352,9 +352,9 @@ make_dsa_cert_files(RoleStr, Config) ->
     KeyFile = filename:join([?config(priv_dir, Config), 
 				   RoleStr, "dsa_key.pem"]),
     
-    public_key:der_to_pem(CaCertFile, [{cert, CaCert, not_encrypted}]),
-    public_key:der_to_pem(CertFile, [{cert, Cert, not_encrypted}]),
-    public_key:der_to_pem(KeyFile, [CertKey]),
+    der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
+    der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]),
+    der_to_pem(KeyFile, [CertKey]),
     {CaCertFile, CertFile, KeyFile}.
 
 start_upgrade_server(Args) ->
@@ -615,3 +615,11 @@ openssl_dsa_suites() ->
 				 true
 			 end 
 		 end, Ciphers).
+
+pem_to_der(File) ->
+    {ok, PemBin} = file:read_file(File),
+    public_key:pem_decode(PemBin).
+
+der_to_pem(File, Entries) ->
+    PemBin = public_key:pem_encode(Entries),
+    file:write_file(File, PemBin).