From 7a9b5514b88923ae342a2bf140a534244791a6ff Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 15 Nov 2012 16:28:32 +0100 Subject: public_key: Add PKCS-10 documentation and PKCS-7 test case Note that PKCS-7 is an undocumented feature for now. Also added some minor enhancements to the documentation. --- lib/public_key/doc/src/cert_records.xml | 43 ++++++++++++++++++++-- lib/public_key/doc/src/introduction.xml | 14 +++---- lib/public_key/doc/src/public_key.xml | 4 +- lib/public_key/test/public_key_SUITE.erl | 18 ++++++++- .../test/public_key_SUITE_data/pkcs7_cert.pem | 23 ++++++++++++ 5 files changed, 89 insertions(+), 13 deletions(-) create mode 100644 lib/public_key/test/public_key_SUITE_data/pkcs7_cert.pem diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml index ad4f5812cb..edef664245 100644 --- a/lib/public_key/doc/src/cert_records.xml +++ b/lib/public_key/doc/src/cert_records.xml @@ -5,7 +5,7 @@
2008 - 2011 + 2012 Ericsson AB, All Rights Reserved @@ -37,7 +37,10 @@

This chapter briefly describes erlang records derived from asn1 specifications used to handle X509 certificates. The intent is to describe the data types and not to specify the meaning of each - component for this we refer you to RFC 5280. + component for this we refer you to RFC 5280. Also + descirbed is

CertificationRequest

that is defined by PKCS-10.

Use the following include directive to get access to the @@ -630,6 +633,40 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

aACompromise

- + +
+ + PKCS#10 Certification Request + +#'CertificationRequest'{ + certificationRequestInfo #'CertificationRequestInfo'{}, + signatureAlgorithm #'CertificationRequest_signatureAlgorithm'{}}. + signature {0, binary()} - asn1 compact bitstring + } + +#'CertificationRequestInfo'{ + version atom(), + subject {rdnSequence, [#AttributeTypeAndValue'{}]} , + subjectPKInfo #'CertificationRequestInfo_subjectPKInfo'{}, + attributes [#AttributeTypeAndValue'{}] + } + +#'CertificationRequestInfo_subjectPKInfo'{ + algorithm #'CertificationRequestInfo_subjectPKInfo_algorithm'{} + subjectPublicKey {0, binary()} - asn1 compact bitstring + } + +#'CertificationRequestInfo_subjectPKInfo_algorithm'{ + algorithm = oid(), + parameters = asn1_der_encoded() +} + +#'CertificationRequest_signatureAlgorithm'{ + algorithm = oid(), + parameters = asn1_der_encoded() + } + +
+ diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml index a21fcf3576..b1d1114a6c 100644 --- a/lib/public_key/doc/src/introduction.xml +++ b/lib/public_key/doc/src/introduction.xml @@ -1,11 +1,11 @@ - +
2008 - 2011 + 2012 Ericsson AB, All Rights Reserved @@ -37,15 +37,15 @@
Purpose

This application provides an API to public key infrastructure - from RFC 3280 (X.509 certificates) and public key formats defined - by the PKCS-standard.

+ from RFC + 5280 (X.509 certificates) and public key formats defined by + the PKCS-standard

Prerequisites -

It is assumed that the reader is familiar with the Erlang - programming language, concepts of OTP and has a basic understanding - of the concepts of using public keys.

+

It is assumed that the reader has a basic understanding + of the concepts of using public keys and digital certificates.

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 5c227557f2..2ec1fcff9d 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -34,7 +34,7 @@ API module for public key infrastructure.

This module provides functions to handle public key infrastructure - from RFC 5280 - X.509 certificates and some parts of the PKCS-standard. + from RFC 5280- X.509 certificates and some parts of the PKCS-standard.

@@ -61,7 +61,7 @@

string = [bytes()]

pki_asn1_type() = 'Certificate' | 'RSAPrivateKey'| 'RSAPublicKey' - 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'| 'PrivateKeyInfo'

+ 'DSAPrivateKey' | 'DSAPublicKey' | 'DHParameter' | 'SubjectPublicKeyInfo'| 'PrivateKeyInfo' | 'CertificationRequest'

pem_entry () = {pki_asn1_type(), binary(), %% DER or encrypted DER not_encrypted | cipher_info()}

diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl index 8dfd068d91..1db3b9df90 100644 --- a/lib/public_key/test/public_key_SUITE.erl +++ b/lib/public_key/test/public_key_SUITE.erl @@ -268,7 +268,23 @@ pkcs10_pem(Config) when is_list(Config) -> Entry = public_key:pem_entry_encode('CertificationRequest', PKCS10). - +%%-------------------------------------------------------------------- +pkcs7_pem(doc) -> + [""]; +pkcs7_pem(suite) -> + []; +pkcs7_pem(Config) when is_list(Config) -> + Datadir = ?config(data_dir, Config), + [{'ContentInfo', DerPKCS7, not_encrypted} = Entry] = + erl_make_certs:pem_to_der(filename:join(Datadir, "pkcs7_cert.pem")), + + erl_make_certs:der_to_pem(filename:join(Datadir, "new_pkcs7_cert.pem"), [Entry]), + + PKCS7 = public_key:der_decode('ContentInfo', DerPKCS7), + PKCS7 = public_key:pem_entry_decode(Entry), + + Entry = public_key:pem_entry_encode('ContentInfo', PKCS7). + %%-------------------------------------------------------------------- cert_pem(doc) -> [""]; diff --git a/lib/public_key/test/public_key_SUITE_data/pkcs7_cert.pem b/lib/public_key/test/public_key_SUITE_data/pkcs7_cert.pem new file mode 100644 index 0000000000..9b450a22c5 --- /dev/null +++ b/lib/public_key/test/public_key_SUITE_data/pkcs7_cert.pem @@ -0,0 +1,23 @@ +-----BEGIN PKCS7----- +MIID6QYJKoZIhvcNAQcCoIID2jCCA9YCAQExADALBgkqhkiG9w0BBwGgggO8MIID +uDCCAyGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgzEOMAwGA1UEAxMFb3RwQ0Ex +EzARBgNVBAsTCkVybGFuZyBPVFAxFDASBgNVBAoTC0VyaWNzc29uIEFCMQswCQYD +VQQGEwJTRTESMBAGA1UEBxMJU3RvY2tob2xtMSUwIwYJKoZIhvcNAQkBFhZwZXRl +ckBlcml4LmVyaWNzc29uLnNlMB4XDTA4MDEwOTA4MjkzMFoXDTE3MTExNzA4Mjkz +MFowgYQxDzANBgNVBAMTBnNlcnZlcjETMBEGA1UECxMKRXJsYW5nIE9UUDEUMBIG +A1UEChMLRXJpY3Nzb24gQUIxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hv +bG0xJTAjBgkqhkiG9w0BCQEWFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAKR20HPrkDGdiavHUyWwFEQwta2dmtF2eQZZ +i9Xk68UJYbuU7CikHs2srkrwzj0OPIqbp/xOBNzJ7Kch0o4yO6vcEAiSCJ6AB4uS +M742hrYW4qXgc18K6PqTwSuKr94sn3qQuo4hF/ymCxLrnSicrNpzGOz9A0Lf2+Vk +6hV0BtdHAgMBAAGjggE3MIIBMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV +HQ4EFgQUi19l/qhEwHP/CUeaEjWy4GhOBRIwgbMGA1UdIwSBqzCBqIAUBquANDqk +uHayvZ0uKOVtkd59AZuhgYykgYkwgYYxETAPBgNVBAMTCGVybGFuZ0NBMRMwEQYD +VQQLEwpFcmxhbmcgT1RQMRQwEgYDVQQKEwtFcmljc3NvbiBBQjESMBAGA1UEBxMJ +U3RvY2tob2xtMQswCQYDVQQGEwJTRTElMCMGCSqGSIb3DQEJARYWcGV0ZXJAZXJp +eC5lcmljc3Nvbi5zZYIBATAhBgNVHREEGjAYgRZwZXRlckBlcml4LmVyaWNzc29u +LnNlMCEGA1UdEgQaMBiBFnBldGVyQGVyaXguZXJpY3Nzb24uc2UwDQYJKoZIhvcN +AQEFBQADgYEAzHGutrGMSeC3Di7Z8d65SM7jZLrkkusmL+D2oPVIOGrfZbVuyfDK +U/nImm99z+lhC/N3JEEpB6PgAYSskfVdBL3LoxbUTaCn/+G3A/G8NfRVIYyANTBe +NW6ueNpjnauLzcwpyXpu3vp1VBg8wBePtGTBIbRHRgtwwHRXAddE/WuhADEA +-----END PKCS7----- -- cgit v1.2.3