aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/test
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/test')
-rw-r--r--lib/public_key/test/Makefile2
-rw-r--r--lib/public_key/test/erl_make_certs.erl (renamed from lib/public_key/test/pkey_test.erl)83
-rw-r--r--lib/public_key/test/pkits_SUITE.erl6
-rw-r--r--lib/public_key/test/public_key_SUITE.erl348
4 files changed, 268 insertions, 171 deletions
diff --git a/lib/public_key/test/Makefile b/lib/public_key/test/Makefile
index 5544339ff2..e20b903942 100644
--- a/lib/public_key/test/Makefile
+++ b/lib/public_key/test/Makefile
@@ -28,7 +28,7 @@ INCLUDES= -I. -I ../include
# ----------------------------------------------------
MODULES= \
- pkey_test \
+ erl_make_certs \
public_key_SUITE \
pkits_SUITE
diff --git a/lib/public_key/test/pkey_test.erl b/lib/public_key/test/erl_make_certs.erl
index 4cf20f0174..e31e5552d3 100644
--- a/lib/public_key/test/pkey_test.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -19,7 +19,7 @@
%% Create test certificates
--module(pkey_test).
+-module(erl_make_certs).
-include_lib("public_key/include/public_key.hrl").
-export([make_cert/1, gen_rsa/1, verify_signature/3, write_pem/3]).
@@ -34,7 +34,7 @@
%% version 3
%% subject [] list of the following content
%% {name, Name}
-%% {email, Email}
+%% {email, Email}
%% {city, City}
%% {state, State}
%% {org, Org}
@@ -56,7 +56,7 @@
make_cert(Opts) ->
SubjectPrivateKey = get_key(Opts),
{TBSCert, IssuerKey} = make_tbs(SubjectPrivateKey, Opts),
- Cert = public_key:sign(TBSCert, IssuerKey),
+ Cert = public_key:pkix_sign(TBSCert, IssuerKey),
true = verify_signature(Cert, IssuerKey, undef), %% verify that the keys where ok
{Cert, encode_key(SubjectPrivateKey)}.
@@ -66,8 +66,9 @@ make_cert(Opts) ->
%% @end
%%--------------------------------------------------------------------
write_pem(Dir, FileName, {Cert, Key = {_,_,not_encrypted}}) when is_binary(Cert) ->
- ok = public_key:der_to_pem(filename:join(Dir, FileName ++ ".pem"), [{cert, Cert, not_encrypted}]),
- ok = public_key:der_to_pem(filename:join(Dir, FileName ++ "_key.pem"), [Key]).
+ ok = der_to_pem(filename:join(Dir, FileName ++ ".pem"),
+ [{'Certificate', Cert, not_encrypted}]),
+ ok = der_to_pem(filename:join(Dir, FileName ++ "_key.pem"), [Key]).
%%--------------------------------------------------------------------
%% @doc Creates a rsa key (OBS: for testing only)
@@ -94,18 +95,14 @@ gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
%% @spec (::binary(), ::tuple()) -> ::boolean()
%% @end
%%--------------------------------------------------------------------
-verify_signature(DerEncodedCert, DerKey, KeyParams) ->
+verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
Key = decode_key(DerKey),
case Key of
#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} ->
- public_key:verify_signature(DerEncodedCert,
- #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
- 'NULL');
+ public_key:pkix_verify(DerEncodedCert,
+ #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
- public_key:verify_signature(DerEncodedCert, Y, #'Dss-Parms'{p=P, q=Q, g=G});
-
- _ ->
- public_key:verify_signature(DerEncodedCert, Key, KeyParams)
+ public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
end.
%%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -132,59 +129,63 @@ decode_key(#'RSAPrivateKey'{} = Key,_) ->
Key;
decode_key(#'DSAPrivateKey'{} = Key,_) ->
Key;
-decode_key(Der = {_,_,_}, Pw) ->
- {ok, Key} = public_key:decode_private_key(Der, Pw),
- Key;
-decode_key(FileOrDer, Pw) ->
- {ok, [KeyInfo]} = public_key:pem_to_der(FileOrDer),
+decode_key(PemEntry = {_,_,_}, Pw) ->
+ public_key:pem_entry_decode(PemEntry, Pw);
+decode_key(PemBin, Pw) ->
+ [KeyInfo] = public_key:pem_decode(PemBin),
decode_key(KeyInfo, Pw).
encode_key(Key = #'RSAPrivateKey'{}) ->
{ok, Der} = 'OTP-PUB-KEY':encode('RSAPrivateKey', Key),
- {rsa_private_key, list_to_binary(Der), not_encrypted};
+ {'RSAPrivateKey', list_to_binary(Der), not_encrypted};
encode_key(Key = #'DSAPrivateKey'{}) ->
{ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
- {dsa_private_key, list_to_binary(Der), not_encrypted}.
+ {'DSAPrivateKey', list_to_binary(Der), not_encrypted}.
make_tbs(SubjectKey, Opts) ->
Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
- {Issuer, IssuerKey} = issuer(Opts, SubjectKey),
+
+ IssuerProp = proplists:get_value(issuer, Opts, true),
+ {Issuer, IssuerKey} = issuer(IssuerProp, Opts, SubjectKey),
{Algo, Parameters} = sign_algorithm(IssuerKey, Opts),
SignAlgo = #'SignatureAlgorithm'{algorithm = Algo,
parameters = Parameters},
-
+ Subject = case IssuerProp of
+ true -> %% Is a Root Ca
+ Issuer;
+ _ ->
+ subject(proplists:get_value(subject, Opts),false)
+ end,
+
{#'OTPTBSCertificate'{serialNumber = trunc(random:uniform()*100000000)*10000 + 1,
signature = SignAlgo,
issuer = Issuer,
validity = validity(Opts),
- subject = subject(proplists:get_value(subject, Opts),false),
+ subject = Subject,
subjectPublicKeyInfo = publickey(SubjectKey),
version = Version,
extensions = extensions(Opts)
}, IssuerKey}.
-issuer(Opts, SubjectKey) ->
- IssuerProp = proplists:get_value(issuer, Opts, true),
- case IssuerProp of
- true -> %% Self signed
- {subject(proplists:get_value(subject, Opts), true), SubjectKey};
- {Issuer, IssuerKey} when is_binary(Issuer) ->
- {issuer_der(Issuer), decode_key(IssuerKey)};
- {File, IssuerKey} when is_list(File) ->
- {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
- {issuer_der(Cert), decode_key(IssuerKey)}
- end.
+issuer(true, Opts, SubjectKey) ->
+ %% Self signed
+ {subject(proplists:get_value(subject, Opts), true), SubjectKey};
+issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
+ {issuer_der(Issuer), decode_key(IssuerKey)};
+issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
+ {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+ {issuer_der(Cert), decode_key(IssuerKey)}.
issuer_der(Issuer) ->
- {ok, Decoded} = public_key:pkix_decode_cert(Issuer, otp),
+ Decoded = public_key:pkix_decode_cert(Issuer, otp),
#'OTPCertificate'{tbsCertificate=Tbs} = Decoded,
#'OTPTBSCertificate'{subject=Subject} = Tbs,
Subject.
-subject(undefined, IsCA) ->
- User = if IsCA -> "CA"; true -> os:getenv("USER") end,
+subject(undefined, IsRootCA) ->
+ User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
Opts = [{email, User ++ "@erlang.org"},
{name, User},
{city, "Stockholm"},
@@ -410,3 +411,11 @@ extended_gcd(A, B) ->
{X, Y} = extended_gcd(B, N),
{Y, X-Y*(A div B)}
end.
+
+pem_to_der(File) ->
+ {ok, PemBin} = file:read_file(File),
+ public_key:pem_decode(PemBin).
+
+der_to_pem(File, Entries) ->
+ PemBin = public_key:pem_encode(Entries),
+ file:write_file(File, PemBin).
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index 5d58b39e26..1d75e1aed2 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -187,9 +187,9 @@ run([],_) -> ok.
read_certs(Test) ->
File = test_file(Test),
%% io:format("Read ~p ",[File]),
- {ok, Ders} = public_key:pem_to_der(File),
+ Ders = erl_make_certs:pem_to_der(File),
%% io:format("Ders ~p ~n",[length(Ders)]),
- [Cert || {cert,Cert,not_encrypted} <- Ders].
+ [Cert || {'Certificate', Cert, not_encrypted} <- Ders].
test_file(Test) ->
file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem").
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index dc1015969a..46b8c3db8b 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -101,13 +101,12 @@ all(doc) ->
all(suite) ->
[app,
- dh,
- pem_to_der,
- decode_private_key,
+ pk_decode_encode,
encrypt_decrypt,
sign_verify,
pkix,
- pkix_path_validation
+ pkix_path_validation,
+ deprecated
].
%% Test cases starts here.
@@ -120,85 +119,100 @@ app(suite) ->
app(Config) when is_list(Config) ->
ok = test_server:app_test(public_key).
-dh(doc) ->
- "Test diffie-hellman functions file is ok";
-dh(suite) ->
+pk_decode_encode(doc) ->
+ ["Tests pem_decode/1, pem_encode/1, "
+ "der_decode/2, der_encode/2, "
+ "pem_entry_decode/1, pem_entry_decode/2,"
+ "pem_entry_encode/2, pem_entry_encode/3."];
+
+pk_decode_encode(suite) ->
[];
-dh(Config) when is_list(Config) ->
+pk_decode_encode(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- {ok,[DerDHparams = {dh_params, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dh.pem")),
- {ok, DHps = #'DHParameter'{prime=P,base=G}} = public_key:decode_dhparams(DerDHparams),
- DHKeys = {Private,_Public} = public_key:gen_key(DHps),
- test_server:format("DHparams = ~p~nDH Keys~p~n", [DHps, DHKeys]),
- {_Private,_Public2} = pubkey_crypto:gen_key(diffie_hellman, [crypto:erlint(Private), P, G]),
- ok.
+
+ [{'DSAPrivateKey', DerDSAKey, not_encrypted} = Entry0 ] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
+
+ DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),
+
+ DSAKey = public_key:pem_entry_decode(Entry0),
+
+ [{'RSAPrivateKey', DerRSAKey, not_encrypted} = Entry1 ] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")),
+
+ RSAKey0 = public_key:der_decode('RSAPrivateKey', DerRSAKey),
+
+ RSAKey0 = public_key:pem_entry_decode(Entry1),
+
+ [{'RSAPrivateKey', _, {_,_}} = Entry2] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "rsa.pem")),
+ true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"),
+ 'RSAPrivateKey'),
-pem_to_der(doc) ->
- ["Check that supported PEM files are decoded into the expected entry type"];
-pem_to_der(suite) ->
- [];
-pem_to_der(Config) when is_list(Config) ->
- Datadir = ?config(data_dir, Config),
- {ok,DSAKey =[{dsa_private_key, _, not_encrypted}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok,[{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
- {ok, [{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
- {ok,[{rsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"),
- {ok, Bin0} = file:read_file(filename:join(Datadir, "rsa.pem")),
- {ok, [{rsa_private_key, _, _}]} = public_key:pem_to_der(Bin0, "abcd1234"),
-
- {ok,[{dh_params, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dh.pem")),
- {ok,[{cert, _, not_encrypted}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")),
- {ok,[{cert_req, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "req.pem")),
- {ok, Certs = [{cert, _, _}, {cert, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")),
-
- {ok, Bin1} = file:read_file(filename:join(Datadir, "cacerts.pem")),
- {ok, [{cert, _, _}, {cert, _, _}]} = public_key:pem_to_der(Bin1),
-
- ok = public_key:der_to_pem(filename:join(Datadir, "wcacerts.pem"), Certs),
- ok = public_key:der_to_pem(filename:join(Datadir, "wdsa.pem"), DSAKey),
+ Salt0 = crypto:rand_bytes(8),
+ Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
+ {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
+
+ RSAKey0 = public_key:pem_entry_decode(Entry3,"1234abcd"),
- {ok, Certs} = public_key:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
- {ok, DSAKey} = public_key:pem_to_der(filename:join(Datadir, "wdsa.pem")),
+ Des3KeyFile = filename:join(Datadir, "des3_client_key.pem"),
- ok.
-%%--------------------------------------------------------------------
-decode_private_key(doc) ->
- ["Check that private keys are decode to the expected key type."];
-decode_private_key(suite) ->
- [];
-decode_private_key(Config) when is_list(Config) ->
- Datadir = ?config(data_dir, Config),
- {ok,[DsaKey = {dsa_private_key, _DsaKey, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok,[RsaKey = {rsa_private_key, _RsaKey,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
- {ok,[ProtectedRsaKey1 = {rsa_private_key, _ProtectedRsaKey1,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem"), "abcd1234"),
- {ok,[ProtectedRsaKey2 = {rsa_private_key, _ProtectedRsaKey2,_}]} =
- public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
+ erl_make_certs:der_to_pem(Des3KeyFile, [Entry3]),
- {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey1),
- {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey2, "abcd1234"),
+ [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = erl_make_certs:pem_to_der(Des3KeyFile),
+
+ Salt1 = crypto:rand_bytes(8),
+ Entry4 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
+ {{"DES-CBC", Salt1}, "4567efgh"}),
+
+
+ DesKeyFile = filename:join(Datadir, "des_client_key.pem"),
+
+ erl_make_certs:der_to_pem(DesKeyFile, [Entry4]),
+
+ [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry5] = erl_make_certs:pem_to_der(DesKeyFile),
+
+
+ true = check_entry_type(public_key:pem_entry_decode(Entry5, "4567efgh"),
+ 'RSAPrivateKey'),
+
+ [{'DHParameter', DerDH, not_encrypted} = Entry6] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dh.pem")),
+
+ erl_make_certs:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry6]),
+
+ DHParameter = public_key:der_decode('DHParameter', DerDH),
+ DHParameter = public_key:pem_entry_decode(Entry6),
+
+ Entry6 = public_key:pem_entry_encode('DHParameter', DHParameter),
+
+ [{'Certificate', DerCert, not_encrypted} = Entry7] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+
+ Cert = public_key:der_decode('Certificate', DerCert),
+ Cert = public_key:pem_entry_decode(Entry7),
+
+ CertEntries = [{'Certificate', _, not_encrypted} = CertEntry0,
+ {'Certificate', _, not_encrypted} = CertEntry1] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+
+ ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries),
+ ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]),
+
+ NewCertEntries = erl_make_certs:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
+ true = lists:member(CertEntry0, NewCertEntries),
+ true = lists:member(CertEntry1, NewCertEntries),
+ [Entry0] = erl_make_certs:pem_to_der(filename:join(Datadir, "wdsa.pem")),
ok.
+
%%--------------------------------------------------------------------
encrypt_decrypt(doc) ->
[""];
encrypt_decrypt(suite) ->
[];
encrypt_decrypt(Config) when is_list(Config) ->
- {PrivateKey, _DerKey} = pkey_test:gen_rsa(64),
+ {PrivateKey, _DerKey} = erl_make_certs:gen_rsa(64),
#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} = PrivateKey,
PublicKey = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
Msg = list_to_binary(lists:duplicate(5, "Foo bar 100")),
@@ -219,69 +233,81 @@ sign_verify(suite) ->
[];
sign_verify(Config) when is_list(Config) ->
%% Make cert signs and validates the signature using RSA and DSA
- Ca = {_, CaKey} = pkey_test:make_cert([]),
- {ok, PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp}} =
- public_key:decode_private_key(CaKey),
+ Ca = {_, CaKey} = erl_make_certs:make_cert([]),
+ PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} =
+ public_key:pem_entry_decode(CaKey),
- CertInfo = {Cert1,CertKey1} = pkey_test:make_cert([{key, dsa}, {issuer, Ca}]),
+ CertInfo = {Cert1,CertKey1} = erl_make_certs:make_cert([{key, dsa}, {issuer, Ca}]),
PublicRSA = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
- true = public_key:verify_signature(Cert1, PublicRSA, undefined),
+ true = public_key:pkix_verify(Cert1, PublicRSA),
- {Cert2,_CertKey} = pkey_test:make_cert([{issuer, CertInfo}]),
+ {Cert2,_CertKey} = erl_make_certs:make_cert([{issuer, CertInfo}]),
- {ok, #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X}} =
- public_key:decode_private_key(CertKey1),
- true = public_key:verify_signature(Cert2, Y, #'Dss-Parms'{p=P, q=Q, g=G}),
+ #'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X} =
+ public_key:pem_entry_decode(CertKey1),
+ true = public_key:pkix_verify(Cert2, {Y, #'Dss-Parms'{p=P, q=Q, g=G}}),
%% RSA sign
Msg0 = lists:duplicate(5, "Foo bar 100"),
Msg = list_to_binary(Msg0),
- RSASign = public_key:sign(sha, Msg0, PrivateRSA),
- RSASign = public_key:sign(Msg, PrivateRSA),
- true = public_key:verify_signature(Msg, sha, RSASign, PublicRSA),
- false = public_key:verify_signature(<<1:8, Msg/binary>>, sha, RSASign, PublicRSA),
- false = public_key:verify_signature(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA),
- RSASign = public_key:sign(sha, Msg, PrivateRSA),
-
- RSASign1 = public_key:sign(md5, Msg, PrivateRSA),
- true = public_key:verify_signature(Msg, md5, RSASign1, PublicRSA),
+
+ RSASign = public_key:sign(Msg0, sha, PrivateRSA),
+ RSASign = public_key:sign(Msg, sha, PrivateRSA),
+ true = public_key:verify(Msg, sha, RSASign, PublicRSA),
+ false = public_key:verify(<<1:8, Msg/binary>>, sha, RSASign, PublicRSA),
+ false = public_key:verify(Msg, sha, <<1:8, RSASign/binary>>, PublicRSA),
+
+ RSASign1 = public_key:sign(Msg, md5, PrivateRSA),
+ true = public_key:verify(Msg, md5, RSASign1, PublicRSA),
%% DSA sign
Datadir = ?config(data_dir, Config),
- {ok,[DsaKey = {dsa_private_key, _, _}]} =
- public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
- {ok, DSAPrivateKey} = public_key:decode_private_key(DsaKey),
+ [DsaKey = {'DSAPrivateKey', _, _}] =
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ DSAPrivateKey = public_key:pem_entry_decode(DsaKey),
#'DSAPrivateKey'{p=P1, q=Q1, g=G1, y=Y1, x=_X1} = DSAPrivateKey,
- DSASign = public_key:sign(Msg, DSAPrivateKey),
+ DSASign = public_key:sign(Msg, sha, DSAPrivateKey),
DSAPublicKey = Y1,
DSAParams = #'Dss-Parms'{p=P1, q=Q1, g=G1},
- true = public_key:verify_signature(Msg, sha, DSASign, DSAPublicKey, DSAParams),
- false = public_key:verify_signature(<<1:8, Msg/binary>>, sha, DSASign, DSAPublicKey, DSAParams),
- false = public_key:verify_signature(Msg, sha, <<1:8, DSASign/binary>>, DSAPublicKey, DSAParams),
+ true = public_key:verify(Msg, sha, DSASign, {DSAPublicKey, DSAParams}),
+ false = public_key:verify(<<1:8, Msg/binary>>, sha, DSASign,
+ {DSAPublicKey, DSAParams}),
+ false = public_key:verify(Msg, sha, <<1:8, DSASign/binary>>,
+ {DSAPublicKey, DSAParams}),
+
+ Digest = crypto:sha(Msg),
+ DigestSign = public_key:sign(Digest, none, DSAPrivateKey),
+ true = public_key:verify(Digest, none, DigestSign, {DSAPublicKey, DSAParams}),
+ <<_:8, RestDigest/binary>> = Digest,
+ false = public_key:verify(<<1:8, RestDigest/binary>>, none, DigestSign,
+ {DSAPublicKey, DSAParams}),
+ false = public_key:verify(Digest, none, <<1:8, DigestSign/binary>>,
+ {DSAPublicKey, DSAParams}),
ok.
-
+%%--------------------------------------------------------------------
pkix(doc) ->
"Misc pkix tests not covered elsewhere";
pkix(suite) ->
[];
pkix(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- {ok,Certs0} = public_key:pem_to_der(filename:join(Datadir, "cacerts.pem")),
- {ok,Certs1} = public_key:pem_to_der(filename:join(Datadir, "client_cert.pem")),
- TestTransform = fun({cert, CertDer, not_encrypted}) ->
- {ok, PlainCert} = public_key:pkix_decode_cert(CertDer, plain),
- {ok, OtpCert} = public_key:pkix_decode_cert(CertDer, otp),
- CertDer = public_key:pkix_encode_cert(OtpCert),
- CertDer = public_key:pkix_encode_cert(PlainCert),
-
- OTPSubj = (OtpCert#'OTPCertificate'.tbsCertificate)#'OTPTBSCertificate'.subject,
- Subj = public_key:pkix_transform(OTPSubj, encode),
- {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj),
- Subj2 = (PlainCert#'Certificate'.tbsCertificate)#'TBSCertificate'.subject,
- {ok, DNEncoded} = 'OTP-PUB-KEY':encode('Name', Subj2),
- OTPSubj = public_key:pkix_transform(Subj2, decode),
+ Certs0 = erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+ Certs1 = erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+ TestTransform = fun({'Certificate', CertDer, not_encrypted}) ->
+ PlainCert = public_key:pkix_decode_cert(CertDer, plain),
+ OtpCert = public_key:pkix_decode_cert(CertDer, otp),
+ CertDer =
+ public_key:pkix_encode('OTPCertificate', OtpCert, otp),
+ CertDer =
+ public_key:pkix_encode('Certificate', PlainCert, plain),
+ OTPTBS = OtpCert#'OTPCertificate'.tbsCertificate,
+ OTPSubj = OTPTBS#'OTPTBSCertificate'.subject,
+ DNEncoded = public_key:pkix_encode('Name', OTPSubj, otp),
+ PlainTBS = PlainCert#'Certificate'.tbsCertificate,
+ Subj2 = PlainTBS#'TBSCertificate'.subject,
+ DNEncoded = public_key:pkix_encode('Name', Subj2, plain),
false = public_key:pkix_is_fixed_dh_cert(CertDer)
end,
@@ -290,26 +316,31 @@ pkix(Config) when is_list(Config) ->
true = public_key:pkix_is_self_signed(element(2,hd(Certs0))),
false = public_key:pkix_is_self_signed(element(2,hd(Certs1))),
- CaIds = [element(2, public_key:pkix_issuer_id(Cert, self)) || {cert, Cert, _} <- Certs0],
- {ok, IssuerId = {_, IssuerName}} = public_key:pkix_issuer_id(element(2,hd(Certs1)), other),
+ CaIds = [element(2, public_key:pkix_issuer_id(Cert, self)) ||
+ {'Certificate', Cert, _} <- Certs0],
+ {ok, IssuerId = {_, _IssuerName}} =
+ public_key:pkix_issuer_id(element(2,hd(Certs1)), other),
+
true = lists:member(IssuerId, CaIds),
%% Should be normalized allready
- TestStr = {rdnSequence, [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"ERLANGCA"}}],
- [{'AttributeTypeAndValue', {2,5,4,3},{printableString," erlang ca "}}]]},
- VerifyStr = {rdnSequence, [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlang ca"}}],
- [{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlangca"}}]]},
- VerifyStr = public_key:pkix_normalize_general_name(TestStr),
+ TestStr = {rdnSequence,
+ [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"ERLANGCA"}}],
+ [{'AttributeTypeAndValue', {2,5,4,3},{printableString," erlang ca "}}]]},
+ VerifyStr = {rdnSequence,
+ [[{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlang ca"}}],
+ [{'AttributeTypeAndValue', {2,5,4,3},{printableString,"erlangca"}}]]},
+ VerifyStr = public_key:pkix_normalize_name(TestStr),
ok.
-
+%%--------------------------------------------------------------------
pkix_path_validation(doc) ->
"Misc pkix tests not covered elsewhere";
pkix_path_validation(suite) ->
[];
pkix_path_validation(Config) when is_list(Config) ->
CaK = {Trusted,_} =
- pkey_test:make_cert([{key, dsa},
+ erl_make_certs:make_cert([{key, dsa},
{subject, [
{name, "Public Key"},
{?'id-at-name', {printableString, "public_key"}},
@@ -320,26 +351,83 @@ pkix_path_validation(Config) when is_list(Config) ->
{org_unit, "testing dep"}
]}
]),
- ok = pkey_test:write_pem("./", "public_key_cacert", CaK),
+ ok = erl_make_certs:write_pem("./", "public_key_cacert", CaK),
- CertK1 = {Cert1, _} = pkey_test:make_cert([{issuer, CaK}]),
- CertK2 = {Cert2,_} = pkey_test:make_cert([{issuer, CertK1}, {digest, md5}, {extensions, false}]),
- ok = pkey_test:write_pem("./", "public_key_cert", CertK2),
+ CertK1 = {Cert1, _} = erl_make_certs:make_cert([{issuer, CaK}]),
+ CertK2 = {Cert2,_} = erl_make_certs:make_cert([{issuer, CertK1},
+ {digest, md5}, {extensions, false}]),
+ ok = erl_make_certs:write_pem("./", "public_key_cert", CertK2),
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1], []),
- {error, {bad_cert,invalid_issuer}} = public_key:pkix_path_validation(Trusted, [Cert2], []),
- %%{error, {bad_cert,invalid_issuer}} = public_key:pkix_path_validation(Trusted, [Cert2], [{verify,false}]),
+ {error, {bad_cert,invalid_issuer}} =
+ public_key:pkix_path_validation(Trusted, [Cert2], []),
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1, Cert2], []),
{error, issuer_not_found} = public_key:pkix_issuer_id(Cert2, other),
- CertK3 = {Cert3,_} = pkey_test:make_cert([{issuer, CertK1}, {extensions, [{basic_constraints, false}]}]),
- {Cert4,_} = pkey_test:make_cert([{issuer, CertK3}]),
- {error, E={bad_cert,missing_basic_constraint}} =
+ CertK3 = {Cert3,_} = erl_make_certs:make_cert([{issuer, CertK1},
+ {extensions, [{basic_constraints, false}]}]),
+ {Cert4,_} = erl_make_certs:make_cert([{issuer, CertK3}]),
+ {error, {bad_cert,missing_basic_constraint}} =
public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4], []),
-
- {ok, {_,_,[E]}} = public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4], [{verify,false}]),
- % test_server:format("PV ~p ~n", [Result]),
+ VerifyFunAndState0 = {fun(_,{bad_cert, missing_basic_constraint}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState}
+ end, []},
+ {ok, _} =
+ public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
+ [{verify_fun, VerifyFunAndState0}]),
+
+ {error, {bad_cert, unknown_ca}} =
+ public_key:pkix_path_validation(unknown_ca, [Cert1, Cert3, Cert4], []),
+
+ VerifyFunAndState1 =
+ {fun(_,{bad_cert, unknown_ca}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState}
+ end, []},
+
+ {ok, _} =
+ public_key:pkix_path_validation(unknown_ca, [Cert1], [{verify_fun,
+ VerifyFunAndState1}]),
ok.
+
+%%--------------------------------------------------------------------
+deprecated(doc) ->
+ ["Check deprecated functions."];
+deprecated(suite) ->
+ [];
+deprecated(Config) when is_list(Config) ->
+ Datadir = ?config(data_dir, Config),
+ [DsaKey = {'DSAPrivateKey', _DsaKey, _}] =
+ public_key:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ [RsaKey = {'RSAPrivateKey', _RsaKey,_}] =
+ public_key:pem_to_der(filename:join(Datadir, "client_key.pem")),
+ [ProtectedRsaKey = {'RSAPrivateKey', _ProtectedRsaKey,_}] =
+ public_key:pem_to_der(filename:join(Datadir, "rsa.pem")),
+
+ {ok, #'DSAPrivateKey'{}} = public_key:decode_private_key(DsaKey),
+ {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(RsaKey),
+ {ok, #'RSAPrivateKey'{}} = public_key:decode_private_key(ProtectedRsaKey, "abcd1234"),
+ ok.
+
+%%--------------------------------------------------------------------
+
+check_entry_type(#'DSAPrivateKey'{}, 'DSAPrivateKey') ->
+ true;
+check_entry_type(#'RSAPrivateKey'{}, 'RSAPrivateKey') ->
+ true;
+check_entry_type(#'DHParameter'{}, 'DHParameter') ->
+ true;
+check_entry_type(#'Certificate'{}, 'Certificate') ->
+ true;
+check_entry_type(_,_) ->
+ false.