From 601246b87b7df5247fc5ab1cf39e665935e335ae Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 4 Nov 2014 15:41:16 +0100 Subject: public_key: Improve CRL handling support --- lib/public_key/doc/src/public_key.xml | 71 ++++++++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 9 deletions(-) (limited to 'lib/public_key/doc/src') diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index e3473f80d7..e8902c6da9 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -5,7 +5,7 @@
2008 - 2014 + 2015 Ericsson AB, All Rights Reserved @@ -127,6 +127,8 @@ affiliationChanged | superseded | cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise

+

issuer_name() = {rdnSequence,[#'AttributeTypeAndValue'{}]}

+

ssh_file() = openssh_public_key | rfc4716_public_key | known_hosts | auth_keys

@@ -404,22 +406,23 @@ Cert = der_encode() | #'OTPCertificate'{} IssuedBy = self | other - IssuerID = {integer(), {rdnSequence, [#'AttributeTypeAndValue'{}]}} + IssuerID = {integer(), issuer_name()} The issuer id consists of the serial number and the issuers name. Reason = term() - - -

Returns the issuer id.

- + + +

Returns the issuer id.

+ - + + pkix_normalize_name(Issuer) -> Normalized Normalizes a issuer name so that it can be easily compared to another issuer name. - Issuer = {rdnSequence,[#'AttributeTypeAndValue'{}]} - Normalized = {rdnSequence, [#'AttributeTypeAndValue'{}]} + Issuer = issuer_name() + Normalized = issuer_name()

Normalizes a issuer name so that it can be easily @@ -527,6 +530,17 @@ fun(OtpCert :: #'OTPCertificate'{}, + + pkix_crl_issuer(CRL) -> issuer_name() + Returns the issuer of the CRL. + + CRL = der_encoded() | #'CertificateList'{} + + +

Returns the issuer of the CRL.

+ + + pkix_crls_validate(OTPCertificate, DPAndCRLs, Options) -> CRLStatus() Performs CRL validation. @@ -574,7 +588,46 @@ fun(#'DistributionPoint'{}, #'CertificateList'{}, + + + pkix_crl_verify(CRL, Cert) -> boolean() + Verify that Cert is the CRL signer. + + CRL = der_encoded() | #'CertificateList'{} + Cert = der_encoded() | #'OTPCertificate'{} + + +

Verify that Cert is the CRL signer.

+ + + + pkix_dist_point(Cert) -> DistPoint + Creates a distribution point for CRLs issued by the same issuer as Cert. + + Cert = der_encoded() | #'OTPCertificate'{} + DistPoint = #'DistributionPoint'{} + + +

Creates a distribution point for CRLs issued by the same issuer as Cert. + Can be used as input to pkix_crls_validate/3 +

+ + + + + pkix_dist_points(Cert) -> DistPoints + Extracts distribution points from the certificates extensions. + + Cert = der_encoded() | #'OTPCertificate'{} + DistPoints = [#'DistributionPoint'{}] + + +

Extracts distribution points from the certificates extensions.

+ + + pkix_sign(#'OTPTBSCertificate'{}, Key) -> der_encode() Signs certificate. -- cgit v1.2.3