1 files changed, 47 insertions, 9 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 31cb1fff3c..034126655c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -59,7 +59,8 @@
 	 pkix_crl_verify/2,
 	 pkix_crl_issuer/1,
 	 short_name_hash/1,
-         pkix_test_data/1
+         pkix_test_data/1,
+         pkix_test_root_cert/2
 	]).
 
 -export_type([public_key/0, private_key/0, pem_entry/0,
@@ -942,7 +943,6 @@ ssh_decode(SshBin, Type) when is_binary(SshBin),
 %%--------------------------------------------------------------------
 -spec ssh_encode([{public_key(), Attributes::list()}], ssh_file()) -> binary()
 	      ; (public_key(), ssh2_pubkey) -> binary()
-	      ; ({public_key(),atom()}, ssh2_pubkey) -> binary()
 	      .
 %%
 %% Description: Encodes a list of ssh file entries (public keys and
@@ -1034,10 +1034,12 @@ short_name_hash({rdnSequence, _Attributes} = Name) ->
 
 
 %%--------------------------------------------------------------------
--spec pkix_test_data(#{chain_type() := pubkey_cert:chain_opts()}) ->
-                            pubkey_cert:test_config().
+-spec pkix_test_data(#{chain_type() := pubkey_cert:chain_opts()} |
+                     pubkey_cert:chain_opts()) ->
+                            pubkey_cert:test_config() |
+                            [pubkey_cert:conf_opt()].
 
-%% Description: Generates OpenSSL-style hash of a name.
+%% Description: Generates cert(s) and ssl configuration
 %%--------------------------------------------------------------------
 
 pkix_test_data(#{client_chain := ClientChain0,
@@ -1046,7 +1048,21 @@ pkix_test_data(#{client_chain := ClientChain0,
     ClientChain = maps:merge(Default, ClientChain0),
     ServerChain = maps:merge(Default, ServerChain0),
     pubkey_cert:gen_test_certs(#{client_chain => ClientChain,
-                                 server_chain => ServerChain}).
+                                 server_chain => ServerChain});
+pkix_test_data(#{} = Chain) ->
+    Default = #{intermediates => []},
+    pubkey_cert:gen_test_certs(maps:merge(Default, Chain)).
+
+%%--------------------------------------------------------------------
+-spec pkix_test_root_cert(
+        Name :: string(), Opts :: [pubkey_cert:cert_opt()]) ->
+                                 pubkey_cert:test_root_cert().
+
+%% Description: Generates a root cert suitable for pkix_test_data/1
+%%--------------------------------------------------------------------
+
+pkix_test_root_cert(Name, Opts) ->
+    pubkey_cert:root_cert(Name, Opts).
 
 %%--------------------------------------------------------------------
 %%% Internal functions
@@ -1324,9 +1340,9 @@ ec_normalize_params(#'ECParameters'{} = ECParams) ->
 ec_normalize_params(Other) -> Other.
 
 -spec ec_curve_spec(ecpk_parameters_api()) -> term().
-ec_curve_spec( #'ECParameters'{fieldID = FieldId, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) ->
-    Field = {pubkey_cert_records:supportedCurvesTypes(FieldId#'FieldID'.fieldType),
-	     FieldId#'FieldID'.parameters},
+ec_curve_spec( #'ECParameters'{fieldID = #'FieldID'{fieldType = Type,
+                                                    parameters = Params}, curve = PCurve, base = Base, order = Order, cofactor = CoFactor }) ->
+    Field = format_field(pubkey_cert_records:supportedCurvesTypes(Type), Params),
     Curve = {PCurve#'Curve'.a, PCurve#'Curve'.b, none},
     {Field, Curve, Base, Order, CoFactor};
 ec_curve_spec({ecParameters, ECParams}) ->
@@ -1336,6 +1352,26 @@ ec_curve_spec({namedCurve, OID}) when is_tuple(OID), is_integer(element(1,OID))
 ec_curve_spec({namedCurve, Name}) when is_atom(Name) ->
     crypto:ec_curve(Name).
 
+format_field(characteristic_two_field = Type, Params0) ->
+    #'Characteristic-two'{
+       m = M,
+       basis = BasisOid,
+       parameters = Params} = der_decode('Characteristic-two', Params0),
+    {Type, M, field_param_decode(BasisOid, Params)};
+format_field(prime_field, Params0) ->
+    Prime = der_decode('Prime-p', Params0),
+    {prime_field, Prime}.
+
+field_param_decode(?'ppBasis', Params) ->
+    #'Pentanomial'{k1 = K1, k2 = K2, k3 = K3} =
+        der_decode('Pentanomial', Params),
+    {ppbasis, K1, K2, K3};
+field_param_decode(?'tpBasis', Params) ->
+    K = der_decode('Trinomial', Params),
+    {tpbasis, K};
+field_param_decode(?'gnBasis', _) ->
+    onbasis.
+        
 -spec ec_key({PubKey::term(), PrivateKey::term()}, Params::ecpk_parameters()) -> #'ECPrivateKey'{}.
 ec_key({PubKey, PrivateKey}, Params) ->
     #'ECPrivateKey'{version = 1,
@@ -1529,6 +1565,8 @@ verify_hostname_match_loop(Refs, Pres, MatchFun, FailCB, Cert) ->
       Refs).
 
 
+to_lower_ascii({ip,_}=X) -> X;
+to_lower_ascii({iPAddress,_}=X) -> X;
 to_lower_ascii(S) when is_list(S) -> lists:map(fun to_lower_ascii/1, S);
 to_lower_ascii({T,S}) -> {T, to_lower_ascii(S)};
 to_lower_ascii(C) when $A =< C,C =< $Z -> C + ($a-$A);