From c594a578076390ff0fff91e1b96374e92ee0d80d Mon Sep 17 00:00:00 2001 From: 5HT Date: Wed, 13 Nov 2024 10:29:48 +0200 Subject: [PATCH] rename CSR attr management --- lib/oid/rdn.ex | 16 ++++++++-------- lib/services/cmp.ex | 4 ++-- lib/services/crt.ex | 4 ++-- lib/services/csr.ex | 2 +- lib/services/http/post.ex | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/oid/rdn.ex b/lib/oid/rdn.ex index 35aec88..25454a9 100644 --- a/lib/oid/rdn.ex +++ b/lib/oid/rdn.ex @@ -1,14 +1,14 @@ defmodule CA.RDN do @moduledoc "CA RDN OIDs." - def subj({:rdnSequence, attrs}) do + def encodeAttrs({:rdnSequence, attrs}) do {:rdnSequence, :lists.map(fn [{t,oid,{:uTF8String,x}}] -> [{t,oid,:asn1rt_nif.encode_ber_tlv({12, :erlang.iolist_to_binary(x)})}] [{t,oid,x}] when is_list(x) -> [{t,oid,:asn1rt_nif.encode_ber_tlv({19, :erlang.iolist_to_binary(x)})}] [{t,oid,x}] -> [{t,oid,x}] end, attrs)} end - def unsubj({:rdnSequence, attrs}) do + def decodeAttrs({:rdnSequence, attrs}) do {:rdnSequence, :lists.map(fn [{t,oid,x}] when is_binary(x) -> case :asn1rt_nif.decode_ber_tlv(x) do {{12,a},_} -> [{t,oid,{:uTF8String,a}}] @@ -28,25 +28,25 @@ defmodule CA.RDN do def parseSubj(csr) do {:CertificationRequest, {:CertificationRequestInfo, v, subj, x, y}, b, c} = csr - {:CertificationRequest, {:CertificationRequestInfo, v, subj(subj), x, y}, b, c} + {:CertificationRequest, {:CertificationRequestInfo, v, encodeAttrs(subj), x, y}, b, c} end def parseUnSubj(csr) do {:CertificationRequest, {:CertificationRequestInfo, v, subj, x, y}, b, c} = csr - {:CertificationRequest, {:CertificationRequestInfo, v, unsubj(subj), x, y}, b, c} + {:CertificationRequest, {:CertificationRequestInfo, v, decodeAttrs(subj), x, y}, b, c} end - def convertOTPtoPKIX(cert) do + def decodeAttrsCert(cert) do {:Certificate,{:TBSCertificate,:v3,a,ai,rdn1,v,rdn2,{p1,{p21,p22,_pki},p3},b,c,ext},ai,code} = :public_key.pkix_decode_cert(:public_key.pkix_encode(:OTPCertificate, cert, :otp), :plain) - {:Certificate,{:TBSCertificate,:v3,a,ai,unsubj(rdn1),v,unsubj(rdn2), + {:Certificate,{:TBSCertificate,:v3,a,ai,decodeAttrs(rdn1),v,decodeAttrs(rdn2), {p1,{p21,p22,{:namedCurve,{1,3,132,0,34}}},p3},b,c,ext},ai,code} end - def convertOTPtoPKIX_subj(cert) do + def encodeAttrsCert(cert) do {:Certificate,{:TBSCertificate,:v3,a,ai,rdn1,v,rdn2,{p1,{p21,p22,pki},p3},b,c,ext},ai,code} = :public_key.pkix_decode_cert(:public_key.pkix_encode(:OTPCertificate, cert, :otp), :plain) - {:Certificate,{:TBSCertificate,:v3,a,ai,subj(rdn1),v,subj(rdn2), + {:Certificate,{:TBSCertificate,:v3,a,ai,encodeAttrs(rdn1),v,encodeAttrs(rdn2), {p1,{p21,p22,pki},p3},b,c,ext},ai,code} end diff --git a/lib/services/cmp.ex b/lib/services/cmp.ex index 706a2f7..4649e24 100644 --- a/lib/services/cmp.ex +++ b/lib/services/cmp.ex @@ -108,7 +108,7 @@ defmodule CA.CMP do [ CA."CertResponse"(certReqId: 0, certifiedKeyPair: CA."CertifiedKeyPair"(certOrEncCert: - {:certificate, {:x509v3PKCert, CA.RDN.convertOTPtoPKIX(cert)}}), + {:certificate, {:x509v3PKCert, CA.RDN.decodeAttrsCert(cert)}}), status: CA."PKIStatusInfo"(status: 0)) ] end @@ -133,7 +133,7 @@ defmodule CA.CMP do subject = X509.CSR.subject(csr) :logger.info 'P10CR from ~tp~n', [CA.RDN.rdn(subject)] true = X509.CSR.valid?(CA.RDN.parseSubj(csr)) - cert = X509.Certificate.new(X509.CSR.public_key(csr), CA.RDN.subj(subject), ca, ca_key, + cert = X509.Certificate.new(X509.CSR.public_key(csr), CA.RDN.encodeAttrs(subject), ca, ca_key, extensions: [subject_alt_name: X509.Certificate.Extension.subject_alt_name(["synrc.com"]) ]) reply = case Keyword.get(CA.RDN.rdn(subject), :cn) do diff --git a/lib/services/crt.ex b/lib/services/crt.ex index 3ce20fd..49e388d 100644 --- a/lib/services/crt.ex +++ b/lib/services/crt.ex @@ -142,8 +142,8 @@ defmodule CA.CRT do [ resourceType: :Certificate, version: ver, signatureAlgorithm: CA.AT.code(alg), - subject: CA.RDN.rdn(CA.RDN.unsubj(issuee)), - issuer: CA.RDN.rdn(CA.RDN.unsubj(issuer)), + subject: CA.RDN.rdn(CA.RDN.decodeAttrs(issuee)), + issuer: CA.RDN.rdn(CA.RDN.decodeAttrs(issuer)), serial: :base64.encode(CA.EST.integer(serial)), validity: [from: nb, to: na], publicKey: decodePublicKey(agreement, params, publicKey), diff --git a/lib/services/csr.ex b/lib/services/csr.ex index c5bf895..585b906 100644 --- a/lib/services/csr.ex +++ b/lib/services/csr.ex @@ -80,7 +80,7 @@ defmodule CA.CSR do {:ok, ca_bin} = :file.read_file "#{CA.CSR.dir(profile)}/ca.pem" {:ok, ca} = X509.Certificate.from_pem ca_bin # {:ok, bin} = :"PKIX1Explicit-2009".encode(:Certificate, CA.RDN.convertOTPtoPKIX(ca)) - {:ok, bin} = :"PKIX1Explicit88".encode(:Certificate, CA.RDN.convertOTPtoPKIX_subj(ca)) + {:ok, bin} = :"PKIX1Explicit88".encode(:Certificate, CA.RDN.encodeAttrsCert(ca)) bin end diff --git a/lib/services/http/post.ex b/lib/services/http/post.ex index 43887b8..16bdd30 100644 --- a/lib/services/http/post.ex +++ b/lib/services/http/post.ex @@ -19,7 +19,7 @@ defmodule CA.EST.Post do :logger.info 'HTTP P10CR from ~tp template ~tp profile ~p~n', [CA.RDN.rdn(subject), template, CA.RDN.profile(csr)] true = X509.CSR.valid?(CA.RDN.parseSubj(csr)) - cert = X509.Certificate.new(X509.CSR.public_key(csr), CA.RDN.subj(subject), ca, ca_key, + cert = X509.Certificate.new(X509.CSR.public_key(csr), CA.RDN.encodeAttrs(subject), ca, ca_key, extensions: [subject_alt_name: X509.Certificate.Extension.subject_alt_name(["synrc.com"]) ]) reply = case Keyword.get(CA.RDN.rdn(subject), :cn) do