aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/test
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/test')
-rw-r--r--lib/public_key/test/Makefile2
-rw-r--r--lib/public_key/test/erl_make_certs.erl (renamed from lib/public_key/test/pkey_test.erl)41
-rw-r--r--lib/public_key/test/pkits_SUITE.erl4
-rw-r--r--lib/public_key/test/public_key_SUITE.erl96
4 files changed, 88 insertions, 55 deletions
diff --git a/lib/public_key/test/Makefile b/lib/public_key/test/Makefile
index 5544339ff2..e20b903942 100644
--- a/lib/public_key/test/Makefile
+++ b/lib/public_key/test/Makefile
@@ -28,7 +28,7 @@ INCLUDES= -I. -I ../include
# ----------------------------------------------------
MODULES= \
- pkey_test \
+ erl_make_certs \
public_key_SUITE \
pkits_SUITE
diff --git a/lib/public_key/test/pkey_test.erl b/lib/public_key/test/erl_make_certs.erl
index deb4defd29..e31e5552d3 100644
--- a/lib/public_key/test/pkey_test.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -19,7 +19,7 @@
%% Create test certificates
--module(pkey_test).
+-module(erl_make_certs).
-include_lib("public_key/include/public_key.hrl").
-export([make_cert/1, gen_rsa/1, verify_signature/3, write_pem/3]).
@@ -144,34 +144,39 @@ encode_key(Key = #'DSAPrivateKey'{}) ->
make_tbs(SubjectKey, Opts) ->
Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
- {Issuer, IssuerKey} = issuer(Opts, SubjectKey),
+
+ IssuerProp = proplists:get_value(issuer, Opts, true),
+ {Issuer, IssuerKey} = issuer(IssuerProp, Opts, SubjectKey),
{Algo, Parameters} = sign_algorithm(IssuerKey, Opts),
SignAlgo = #'SignatureAlgorithm'{algorithm = Algo,
parameters = Parameters},
-
+ Subject = case IssuerProp of
+ true -> %% Is a Root Ca
+ Issuer;
+ _ ->
+ subject(proplists:get_value(subject, Opts),false)
+ end,
+
{#'OTPTBSCertificate'{serialNumber = trunc(random:uniform()*100000000)*10000 + 1,
signature = SignAlgo,
issuer = Issuer,
validity = validity(Opts),
- subject = subject(proplists:get_value(subject, Opts),false),
+ subject = Subject,
subjectPublicKeyInfo = publickey(SubjectKey),
version = Version,
extensions = extensions(Opts)
}, IssuerKey}.
-issuer(Opts, SubjectKey) ->
- IssuerProp = proplists:get_value(issuer, Opts, true),
- case IssuerProp of
- true -> %% Self signed
- {subject(proplists:get_value(subject, Opts), true), SubjectKey};
- {Issuer, IssuerKey} when is_binary(Issuer) ->
- {issuer_der(Issuer), decode_key(IssuerKey)};
- {File, IssuerKey} when is_list(File) ->
- {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
- {issuer_der(Cert), decode_key(IssuerKey)}
- end.
+issuer(true, Opts, SubjectKey) ->
+ %% Self signed
+ {subject(proplists:get_value(subject, Opts), true), SubjectKey};
+issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
+ {issuer_der(Issuer), decode_key(IssuerKey)};
+issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
+ {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+ {issuer_der(Cert), decode_key(IssuerKey)}.
issuer_der(Issuer) ->
Decoded = public_key:pkix_decode_cert(Issuer, otp),
@@ -179,8 +184,8 @@ issuer_der(Issuer) ->
#'OTPTBSCertificate'{subject=Subject} = Tbs,
Subject.
-subject(undefined, IsCA) ->
- User = if IsCA -> "CA"; true -> os:getenv("USER") end,
+subject(undefined, IsRootCA) ->
+ User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
Opts = [{email, User ++ "@erlang.org"},
{name, User},
{city, "Stockholm"},
@@ -267,7 +272,7 @@ publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
#'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
validity(Opts) ->
- DefFrom0 = date(),
+ DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
DefTo0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())+7),
{DefFrom, DefTo} = proplists:get_value(validity, Opts, {DefFrom0, DefTo0}),
Format = fun({Y,M,D}) -> lists:flatten(io_lib:format("~w~2..0w~2..0w000000Z",[Y,M,D])) end,
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index cd7b2d77db..1d75e1aed2 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -187,7 +187,7 @@ run([],_) -> ok.
read_certs(Test) ->
File = test_file(Test),
%% io:format("Read ~p ",[File]),
- Ders = pkey_test:pem_to_der(File),
+ Ders = erl_make_certs:pem_to_der(File),
%% io:format("Ders ~p ~n",[length(Ders)]),
[Cert || {'Certificate', Cert, not_encrypted} <- Ders].
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 1d32e989a9..ea6a925139 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -131,36 +131,36 @@ pk_decode_encode(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
[{'DSAPrivateKey', DerDSAKey, not_encrypted} = Entry0 ] =
- pkey_test:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
DSAKey = public_key:der_decode('DSAPrivateKey', DerDSAKey),
DSAKey = public_key:pem_entry_decode(Entry0),
[{'RSAPrivateKey', DerRSAKey, not_encrypted} = Entry1 ] =
- pkey_test:pem_to_der(filename:join(Datadir, "client_key.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "client_key.pem")),
RSAKey0 = public_key:der_decode('RSAPrivateKey', DerRSAKey),
RSAKey0 = public_key:pem_entry_decode(Entry1),
[{'RSAPrivateKey', _, {_,_}} = Entry2] =
- pkey_test:pem_to_der(filename:join(Datadir, "rsa.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "rsa.pem")),
true = check_entry_type(public_key:pem_entry_decode(Entry2, "abcd1234"),
'RSAPrivateKey'),
Salt0 = crypto:rand_bytes(8),
Entry3 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
- {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
+ {{"DES-EDE3-CBC", Salt0}, "1234abcd"}),
RSAKey0 = public_key:pem_entry_decode(Entry3,"1234abcd"),
Des3KeyFile = filename:join(Datadir, "des3_client_key.pem"),
- pkey_test:der_to_pem(Des3KeyFile, [Entry3]),
+ erl_make_certs:der_to_pem(Des3KeyFile, [Entry3]),
- [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = pkey_test:pem_to_der(Des3KeyFile),
+ [{'RSAPrivateKey', _, {"DES-EDE3-CBC", Salt0}}] = erl_make_certs:pem_to_der(Des3KeyFile),
Salt1 = crypto:rand_bytes(8),
Entry4 = public_key:pem_entry_encode('RSAPrivateKey', RSAKey0,
@@ -169,18 +169,18 @@ pk_decode_encode(Config) when is_list(Config) ->
DesKeyFile = filename:join(Datadir, "des_client_key.pem"),
- pkey_test:der_to_pem(DesKeyFile, [Entry4]),
+ erl_make_certs:der_to_pem(DesKeyFile, [Entry4]),
- [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry5] = pkey_test:pem_to_der(DesKeyFile),
+ [{'RSAPrivateKey', _, {"DES-CBC", Salt1}} =Entry5] = erl_make_certs:pem_to_der(DesKeyFile),
true = check_entry_type(public_key:pem_entry_decode(Entry5, "4567efgh"),
'RSAPrivateKey'),
[{'DHParameter', DerDH, not_encrypted} = Entry6] =
- pkey_test:pem_to_der(filename:join(Datadir, "dh.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dh.pem")),
- pkey_test:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry6]),
+ erl_make_certs:der_to_pem(filename:join(Datadir, "new_dh.pem"), [Entry6]),
DHParameter = public_key:der_decode('DHParameter', DerDH),
DHParameter = public_key:pem_entry_decode(Entry6),
@@ -188,22 +188,22 @@ pk_decode_encode(Config) when is_list(Config) ->
Entry6 = public_key:pem_entry_encode('DHParameter', DHParameter),
[{'Certificate', DerCert, not_encrypted} = Entry7] =
- pkey_test:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
Cert = public_key:der_decode('Certificate', DerCert),
Cert = public_key:pem_entry_decode(Entry7),
CertEntries = [{'Certificate', _, not_encrypted} = CertEntry0,
{'Certificate', _, not_encrypted} = CertEntry1] =
- pkey_test:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
- ok = pkey_test:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries),
- ok = pkey_test:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]),
+ ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wcacerts.pem"), CertEntries),
+ ok = erl_make_certs:der_to_pem(filename:join(Datadir, "wdsa.pem"), [Entry0]),
- NewCertEntries = pkey_test:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
+ NewCertEntries = erl_make_certs:pem_to_der(filename:join(Datadir, "wcacerts.pem")),
true = lists:member(CertEntry0, NewCertEntries),
true = lists:member(CertEntry1, NewCertEntries),
- [Entry0] = pkey_test:pem_to_der(filename:join(Datadir, "wdsa.pem")),
+ [Entry0] = erl_make_certs:pem_to_der(filename:join(Datadir, "wdsa.pem")),
ok.
%%--------------------------------------------------------------------
@@ -212,7 +212,7 @@ encrypt_decrypt(doc) ->
encrypt_decrypt(suite) ->
[];
encrypt_decrypt(Config) when is_list(Config) ->
- {PrivateKey, _DerKey} = pkey_test:gen_rsa(64),
+ {PrivateKey, _DerKey} = erl_make_certs:gen_rsa(64),
#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} = PrivateKey,
PublicKey = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
Msg = list_to_binary(lists:duplicate(5, "Foo bar 100")),
@@ -233,16 +233,16 @@ sign_verify(suite) ->
[];
sign_verify(Config) when is_list(Config) ->
%% Make cert signs and validates the signature using RSA and DSA
- Ca = {_, CaKey} = pkey_test:make_cert([]),
+ Ca = {_, CaKey} = erl_make_certs:make_cert([]),
PrivateRSA = #'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} =
public_key:pem_entry_decode(CaKey),
- CertInfo = {Cert1,CertKey1} = pkey_test:make_cert([{key, dsa}, {issuer, Ca}]),
+ CertInfo = {Cert1,CertKey1} = erl_make_certs:make_cert([{key, dsa}, {issuer, Ca}]),
PublicRSA = #'RSAPublicKey'{modulus=Mod, publicExponent=Exp},
true = public_key:pkix_verify(Cert1, PublicRSA),
- {Cert2,_CertKey} = pkey_test:make_cert([{issuer, CertInfo}]),
+ {Cert2,_CertKey} = erl_make_certs:make_cert([{issuer, CertInfo}]),
#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y, x=_X} =
public_key:pem_entry_decode(CertKey1),
@@ -264,7 +264,7 @@ sign_verify(Config) when is_list(Config) ->
%% DSA sign
Datadir = ?config(data_dir, Config),
[DsaKey = {'DSAPrivateKey', _, _}] =
- pkey_test:pem_to_der(filename:join(Datadir, "dsa.pem")),
+ erl_make_certs:pem_to_der(filename:join(Datadir, "dsa.pem")),
DSAPrivateKey = public_key:pem_entry_decode(DsaKey),
#'DSAPrivateKey'{p=P1, q=Q1, g=G1, y=Y1, x=_X1} = DSAPrivateKey,
DSASign = public_key:sign(Msg, sha, DSAPrivateKey),
@@ -293,8 +293,8 @@ pkix(suite) ->
[];
pkix(Config) when is_list(Config) ->
Datadir = ?config(data_dir, Config),
- Certs0 = pkey_test:pem_to_der(filename:join(Datadir, "cacerts.pem")),
- Certs1 = pkey_test:pem_to_der(filename:join(Datadir, "client_cert.pem")),
+ Certs0 = erl_make_certs:pem_to_der(filename:join(Datadir, "cacerts.pem")),
+ Certs1 = erl_make_certs:pem_to_der(filename:join(Datadir, "client_cert.pem")),
TestTransform = fun({'Certificate', CertDer, not_encrypted}) ->
PlainCert = public_key:pkix_decode_cert(CertDer, plain),
OtpCert = public_key:pkix_decode_cert(CertDer, otp),
@@ -340,7 +340,7 @@ pkix_path_validation(suite) ->
[];
pkix_path_validation(Config) when is_list(Config) ->
CaK = {Trusted,_} =
- pkey_test:make_cert([{key, dsa},
+ erl_make_certs:make_cert([{key, dsa},
{subject, [
{name, "Public Key"},
{?'id-at-name', {printableString, "public_key"}},
@@ -351,12 +351,12 @@ pkix_path_validation(Config) when is_list(Config) ->
{org_unit, "testing dep"}
]}
]),
- ok = pkey_test:write_pem("./", "public_key_cacert", CaK),
+ ok = erl_make_certs:write_pem("./", "public_key_cacert", CaK),
- CertK1 = {Cert1, _} = pkey_test:make_cert([{issuer, CaK}]),
- CertK2 = {Cert2,_} = pkey_test:make_cert([{issuer, CertK1},
+ CertK1 = {Cert1, _} = erl_make_certs:make_cert([{issuer, CaK}]),
+ CertK2 = {Cert2,_} = erl_make_certs:make_cert([{issuer, CertK1},
{digest, md5}, {extensions, false}]),
- ok = pkey_test:write_pem("./", "public_key_cert", CertK2),
+ ok = erl_make_certs:write_pem("./", "public_key_cert", CertK2),
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1], []),
@@ -366,14 +366,42 @@ pkix_path_validation(Config) when is_list(Config) ->
{ok, _} = public_key:pkix_path_validation(Trusted, [Cert1, Cert2], []),
{error, issuer_not_found} = public_key:pkix_issuer_id(Cert2, other),
- CertK3 = {Cert3,_} = pkey_test:make_cert([{issuer, CertK1},
+ CertK3 = {Cert3,_} = erl_make_certs:make_cert([{issuer, CertK1},
{extensions, [{basic_constraints, false}]}]),
- {Cert4,_} = pkey_test:make_cert([{issuer, CertK3}]),
- {error, E={bad_cert,missing_basic_constraint}} =
+ {Cert4,_} = erl_make_certs:make_cert([{issuer, CertK3}]),
+ {error, {bad_cert,missing_basic_constraint}} =
public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4], []),
-
- {ok, {_,_,[E]}} = public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
- [{verify,false}]),
+
+ VerifyFunAndState0 = {fun(_,{bad_cert, missing_basic_constraint}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []},
+ {ok, _} =
+ public_key:pkix_path_validation(Trusted, [Cert1, Cert3,Cert4],
+ [{verify_fun, VerifyFunAndState0}]),
+
+ {error, {bad_cert, unknown_ca}} =
+ public_key:pkix_path_validation(unknown_ca, [Cert1, Cert3, Cert4], []),
+
+ VerifyFunAndState1 =
+ {fun(_,{bad_cert, unknown_ca}, UserState) ->
+ {valid, UserState};
+ (_,{bad_cert, _} = Reason, _) ->
+ {fail, Reason};
+ (_,{extension, _}, UserState) ->
+ {unknown, UserState};
+ (_, valid, UserState) ->
+ {valid, UserState}
+ end, []},
+
+ {ok, _} =
+ public_key:pkix_path_validation(unknown_ca, [Cert1], [{verify_fun,
+ VerifyFunAndState1}]),
ok.
%%--------------------------------------------------------------------