5 files changed, 66 insertions, 92 deletions

diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index c433a96585..c0d7b9be8e 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -371,23 +371,23 @@ match_name(directoryName, DirName,  [PermittedName | Rest]) ->
     match_name(fun is_rdnSeq/2, DirName, PermittedName, Rest);
 
 match_name(uniformResourceIdentifier, URI,  [PermittedName | Rest]) ->
-    case split_uri(URI) of
-	incomplete ->
-	    false;
-	{_, _, Host, _, _} ->
-	    PN = case split_uri(PermittedName) of
-		     {_, _, PNhost, _, _} -> PNhost;
+    case uri_string:normalize(URI, [return_map]) of
+	#{host := Host} ->
+	    PN = case uri_string:normalize(PermittedName, [return_map]) of
+		     #{host := PNhost} -> PNhost;
 		     _X -> PermittedName
 		 end,
-	    match_name(fun is_valid_host_or_domain/2, Host, PN, Rest)
+	    match_name(fun is_valid_host_or_domain/2, Host, PN, Rest);
+        _ ->
+            false
     end;
 
 match_name(emailAddress, Name, [PermittedName | Rest]) ->
     Fun = fun(Email, PermittedEmail) ->
-		  is_valid_email_address(Email, PermittedEmail,
-				   string:tokens(PermittedEmail,"@"))
-	  end,
-     match_name(Fun, Name, PermittedName, Rest);
+                  is_valid_email_address(Email, PermittedEmail,
+                                         string:tokens(PermittedEmail,"@"))
+          end,
+    match_name(Fun, Name, PermittedName, Rest);
 
 match_name(dNSName, Name, [PermittedName | Rest]) ->
     Fun = fun(Domain, [$.|Domain]) -> true;
@@ -868,75 +868,12 @@ is_valid_subject_alt_name({otherName, #'AnotherName'{}}) ->
 is_valid_subject_alt_name({_, _}) ->
     false.
 
-is_ip_address(Address) ->
-    case inet_parse:address(Address) of
-	{ok, _} ->
-	    true;
-	_ ->
-	    false
-    end.
-
-is_fully_qualified_name(_Name) ->
-    true.
-
 is_valid_uri(AbsURI) -> 
-    case split_uri(AbsURI) of
-	incomplete ->
-	    false;
-	{StrScheme, _, Host, _, _} ->
-	    case string:to_lower(StrScheme) of
-		Scheme when Scheme =:= "http"; Scheme =:= "ftp" ->
-		    is_valid_host(Host);
-		_ ->
-		    false
-	    end
-    end.
-
-is_valid_host(Host) ->
-    case is_ip_address(Host) of
-	true ->
-	    true;   
-	false -> 
-	    is_fully_qualified_name(Host)
-    end.
-
-%% Could have a more general split URI in stdlib? Maybe when
-%% regexs are improved. Needed also in inets!
-split_uri(Uri) ->
-    case split_uri(Uri, ":", {error, no_scheme}, 1, 1) of
-	{error, no_scheme} ->
-	    incomplete;
-	{StrScheme, "//" ++ URIPart} ->
-	    {Authority, PathQuery} = 
-		split_auth_path(URIPart),
-	    {UserInfo, HostPort} = 
-		split_uri(Authority, "@", {"", Authority}, 1, 1),
-	    {Host, Port} = 
-		split_uri(HostPort, ":", {HostPort, dummy_port}, 1, 1),
-	    {StrScheme, UserInfo, Host, Port, PathQuery}
-    end.
-
-split_auth_path(URIPart) ->
-    case split_uri(URIPart, "/", URIPart, 1, 0) of
-	Split = {_, _} ->
-	    Split;
-	URIPart ->
-	    case split_uri(URIPart, "\\?", URIPart, 1, 0) of
-		Split = {_, _} ->
-		    Split;
-		URIPart ->
-		    {URIPart,""}
-	    end
-    end.
-
-split_uri(UriPart, SplitChar, NoMatchResult, SkipLeft, SkipRight) ->
-    case re:run(UriPart, SplitChar) of
-	{match,[{Start, _}]} ->
-	    StrPos = Start + 1,
-	    {string:substr(UriPart, 1, StrPos - SkipLeft),
-	     string:substr(UriPart, StrPos + SkipRight, length(UriPart))}; 
-	nomatch ->
-	    NoMatchResult
+    case uri_string:normalize(AbsURI, [return_map]) of
+        #{scheme := _} ->
+            true;
+        _ ->
+            false
     end.
 
 is_rdnSeq({rdnSequence,[]}, {rdnSequence,[none]}) -> 
diff --git a/lib/public_key/src/pubkey_pem.erl b/lib/public_key/src/pubkey_pem.erl
index 06a4455b3f..bacc9ec600 100644
--- a/lib/public_key/src/pubkey_pem.erl
+++ b/lib/public_key/src/pubkey_pem.erl
@@ -209,6 +209,8 @@ pem_start('DSAPrivateKey') ->
     <<"-----BEGIN DSA PRIVATE KEY-----">>;
 pem_start('DHParameter') ->
     <<"-----BEGIN DH PARAMETERS-----">>;
+pem_start('PrivateKeyInfo') ->
+    <<"-----BEGIN PRIVATE KEY-----">>;
 pem_start('EncryptedPrivateKeyInfo') ->
     <<"-----BEGIN ENCRYPTED PRIVATE KEY-----">>;
 pem_start('CertificationRequest') ->
diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl
index a7d018e440..02c061efc9 100644
--- a/lib/public_key/src/pubkey_ssh.erl
+++ b/lib/public_key/src/pubkey_ssh.erl
@@ -38,6 +38,8 @@
 -define(Empint(X),  (mpint(X))/binary ).
 -define(Estring(X), (string(X))/binary ).
 
+-define(b64enc(X), base64:encode(iolist_to_binary(X)) ).
+-define(b64mime_dec(X), base64:mime_decode(iolist_to_binary(X)) ).
 
 %% Max encoded line length is 72, but conformance examples use 68
 %% Comment from rfc 4716: "The following are some examples of public
@@ -163,7 +165,7 @@ rfc4716_decode_line(Line, Lines, Acc) ->
 	    rfc4716_decode_lines(Lines, [{string_decode(Tag), unicode_decode(Value)} | Acc]);
 	_ ->
 	    {Body, Rest} = join_entry([Line | Lines], []),
-	    {lists:reverse(Acc), rfc4716_pubkey_decode(base64:mime_decode(Body)), Rest}
+	    {lists:reverse(Acc), rfc4716_pubkey_decode(?b64mime_dec(Body)), Rest}
     end.
 
 join_entry([<<"---- END SSH2 PUBLIC KEY ----", _/binary>>| Lines], Entry) ->
@@ -257,11 +259,11 @@ decode_comment(Comment) ->
 
 openssh_pubkey_decode(Type,  Base64Enc) ->
     try
-        <<?DEC_BIN(Type,_TL), Bin/binary>> = base64:mime_decode(Base64Enc),
+        <<?DEC_BIN(Type,_TL), Bin/binary>> = ?b64mime_dec(Base64Enc),
 	ssh2_pubkey_decode(Type,  Bin)
     catch
 	_:_ ->
-	    {Type, base64:mime_decode(Base64Enc)}
+	    {Type, ?b64mime_dec(Base64Enc)}
     end.
 
 
@@ -292,12 +294,12 @@ do_encode(Type, Key, Attributes) ->
 
 rfc4716_encode(Key, [],[]) ->
     iolist_to_binary([begin_marker(),"\n",
-			     split_lines(base64:encode(ssh2_pubkey_encode(Key))),
+			     split_lines(?b64enc(ssh2_pubkey_encode(Key))),
 			     "\n", end_marker(), "\n"]);
 rfc4716_encode(Key, [], [_|_] = Acc) ->
     iolist_to_binary([begin_marker(), "\n",
 			     lists:reverse(Acc),
-			     split_lines(base64:encode(ssh2_pubkey_encode(Key))),
+			     split_lines(?b64enc(ssh2_pubkey_encode(Key))),
 			     "\n", end_marker(), "\n"]);
 rfc4716_encode(Key, [ Header | Headers], Acc) ->
     LinesStr = rfc4716_encode_header(Header),
@@ -326,7 +328,7 @@ rfc4716_encode_value(Value) ->
 
 openssh_encode(openssh_public_key, Key, Attributes) ->
     Comment = proplists:get_value(comment, Attributes, ""),
-    Enc = base64:encode(ssh2_pubkey_encode(Key)),
+    Enc = ?b64enc(ssh2_pubkey_encode(Key)),
     iolist_to_binary([key_type(Key), " ",  Enc,  " ", Comment, "\n"]);
 
 openssh_encode(auth_keys, Key, Attributes) ->
@@ -351,10 +353,10 @@ openssh_encode(known_hosts, Key, Attributes) ->
     end.
 
 openssh_ssh2_auth_keys_encode(undefined, Key, Comment) ->
-    iolist_to_binary([key_type(Key)," ",  base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]);
+    iolist_to_binary([key_type(Key)," ",  ?b64enc(ssh2_pubkey_encode(Key)), line_end(Comment)]);
 openssh_ssh2_auth_keys_encode(Options, Key, Comment) ->
     iolist_to_binary([comma_list_encode(Options, []), " ",
-			     key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).
+			     key_type(Key)," ", ?b64enc(ssh2_pubkey_encode(Key)), line_end(Comment)]).
 
 openssh_ssh1_auth_keys_encode(undefined, Bits,
 			      #'RSAPublicKey'{modulus = N, publicExponent = E},
@@ -369,7 +371,7 @@ openssh_ssh1_auth_keys_encode(Options, Bits,
 
 openssh_ssh2_know_hosts_encode(Hostnames, Key, Comment) ->
     iolist_to_binary([comma_list_encode(Hostnames, []), " ",
-			     key_type(Key)," ",  base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).
+			     key_type(Key)," ",  ?b64enc(ssh2_pubkey_encode(Key)), line_end(Comment)]).
 
 openssh_ssh1_known_hosts_encode(Hostnames, Bits,
 				#'RSAPublicKey'{modulus = N, publicExponent = E},
diff --git a/lib/public_key/src/public_key.app.src b/lib/public_key/src/public_key.app.src
index dbd732c384..5833141e87 100644
--- a/lib/public_key/src/public_key.app.src
+++ b/lib/public_key/src/public_key.app.src
@@ -14,7 +14,7 @@
    {applications, [asn1, crypto, kernel, stdlib]},
    {registered, []},
    {env, []},
-   {runtime_dependencies, ["stdlib-2.0","kernel-3.0","erts-6.0","crypto-3.8",
+   {runtime_dependencies, ["stdlib-3.5","kernel-3.0","erts-6.0","crypto-3.8",
 			   "asn1-3.0"]}
    ]
 }.
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 034126655c..1c4acc9e1a 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -237,7 +237,7 @@ der_decode(Asn1Type, Der) when (Asn1Type == 'PrivateKeyInfo') or
 			       andalso is_binary(Der) ->
     try
 	{ok, Decoded} = 'PKCS-FRAME':decode(Asn1Type, Der),
-	Decoded
+	der_priv_key_decode(Decoded)
     catch
 	error:{badmatch, {error, _}} = Error ->
 	    erlang:error(Error)
@@ -252,12 +252,45 @@ der_decode(Asn1Type, Der) when is_atom(Asn1Type), is_binary(Der) ->
 	    erlang:error(Error)
     end.
 
+der_priv_key_decode({'PrivateKeyInfo', v1,
+	{'PrivateKeyInfo_privateKeyAlgorithm', ?'id-ecPublicKey', {asn1_OPENTYPE, Parameters}}, PrivKey, _}) ->
+	EcPrivKey = der_decode('ECPrivateKey', PrivKey),
+	EcPrivKey#'ECPrivateKey'{parameters = der_decode('EcpkParameters', Parameters)};
+der_priv_key_decode({'PrivateKeyInfo', v1,
+	{'PrivateKeyInfo_privateKeyAlgorithm', ?'rsaEncryption', _}, PrivKey, _}) ->
+	der_decode('RSAPrivateKey', PrivKey);
+der_priv_key_decode({'PrivateKeyInfo', v1,
+	{'PrivateKeyInfo_privateKeyAlgorithm', ?'id-dsa', {asn1_OPENTYPE, Parameters}}, PrivKey, _}) ->
+	{params, #'Dss-Parms'{p=P, q=Q, g=G}} = der_decode('DSAParams', Parameters),
+	X = der_decode('Prime-p', PrivKey),
+	#'DSAPrivateKey'{p=P, q=Q, g=G, x=X};
+der_priv_key_decode(PKCS8Key) ->
+	PKCS8Key.
+
 %%--------------------------------------------------------------------
 -spec der_encode(asn1_type(), term()) -> Der::binary().
 %%
 %% Description: Encodes a public key entity with asn1 DER encoding.
 %%--------------------------------------------------------------------
-der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or 
+
+der_encode('PrivateKeyInfo', #'DSAPrivateKey'{p=P, q=Q, g=G, x=X}) ->
+    der_encode('PrivateKeyInfo',
+	{'PrivateKeyInfo', v1,
+	    {'PrivateKeyInfo_privateKeyAlgorithm', ?'id-dsa',
+		{asn1_OPENTYPE, der_encode('Dss-Parms', #'Dss-Parms'{p=P, q=Q, g=G})}},
+		der_encode('Prime-p', X), asn1_NOVALUE});
+der_encode('PrivateKeyInfo', #'RSAPrivateKey'{} = PrivKey) ->
+    der_encode('PrivateKeyInfo',
+	{'PrivateKeyInfo', v1,
+	    {'PrivateKeyInfo_privateKeyAlgorithm', ?'rsaEncryption', {asn1_OPENTYPE, ?DER_NULL}},
+		der_encode('RSAPrivateKey', PrivKey), asn1_NOVALUE});
+der_encode('PrivateKeyInfo', #'ECPrivateKey'{parameters = Parameters} = PrivKey) ->
+    der_encode('PrivateKeyInfo',
+	    {'PrivateKeyInfo', v1,
+		{'PrivateKeyInfo_privateKeyAlgorithm', ?'id-ecPublicKey',
+		{asn1_OPENTYPE, der_encode('EcpkParameters', Parameters)}},
+	der_encode('ECPrivateKey', PrivKey#'ECPrivateKey'{parameters = asn1_NOVALUE}), asn1_NOVALUE});
+der_encode(Asn1Type, Entity) when (Asn1Type == 'PrivateKeyInfo') or
 				  (Asn1Type == 'EncryptedPrivateKeyInfo') ->
      try
 	{ok, Encoded} = 'PKCS-FRAME':encode(Asn1Type, Entity),
@@ -1456,7 +1489,7 @@ ascii_to_lower(String) ->
 verify_hostname_extract_fqdn_default({dns_id,S}) ->
     S;
 verify_hostname_extract_fqdn_default({uri_id,URI}) ->
-    {ok,{https,_,Host,_,_,_}} = http_uri:parse(URI),
+    #{scheme := "https", host := Host} = uri_string:normalize(URI, [return_map]),
     Host.