From 748d1d453480df3108d1465b8c4b8893ca97c52b Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 19 Jan 2016 16:55:12 +0100 Subject: Add compatibility layer for digging around in non-public data structures. --- src/compat.erl | 29 +++++++++++++++++++++++++++++ src/x509.erl | 7 ++----- 2 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 src/compat.erl diff --git a/src/compat.erl b/src/compat.erl new file mode 100644 index 0000000..bc3101d --- /dev/null +++ b/src/compat.erl @@ -0,0 +1,29 @@ +-module(compat). +-export([unpack_issuer/1, unpack_signature/1]). +-include_lib("public_key/include/public_key.hrl"). + +unpack_issuer(Issuer) -> + unpack_issuer(erlang:system_info(otp_release), Issuer). +unpack_signature(Signature) -> + unpack_signature(erlang:system_info(otp_release), Signature). + +%% @doc Dig out alg, params and key from issuer. +unpack_issuer(17, Issuer) -> + #'SubjectPublicKeyInfo'{ + algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params}, + subjectPublicKey = {0, Key}} = Issuer, + {Alg, Params, Key}; +unpack_issuer(18, Issuer) -> + #'SubjectPublicKeyInfo'{ + algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params}, + subjectPublicKey = Key} = Issuer, + {Alg, Params, Key}. + +%% @doc Unpack a #'Certificate'.signature, return the signature. +unpack_signature(17, Signature) -> + {_, Sig} = Signature, + Sig; +unpack_signature(18, Signature) -> + Signature. + + diff --git a/src/x509.erl b/src/x509.erl index 279d9b9..2d4cffa 100644 --- a/src/x509.erl +++ b/src/x509.erl @@ -171,10 +171,7 @@ signed_by_p(SubjectDer, IssuerDer) -> end. verify_sig(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) -> - %% Dig out alg, params and key from issuer. - #'SubjectPublicKeyInfo'{ - algorithm = #'AlgorithmIdentifier'{algorithm = Alg, parameters = Params}, - subjectPublicKey = {0, Key0}} = IssuerSPKI, + {Alg, Params, Key0} = compat:unpack_issuer(IssuerSPKI), KeyType = pubkey_cert_records:supportedPublicKeyAlgorithms(Alg), IssuerKey = case KeyType of @@ -196,7 +193,7 @@ verify_sig(IssuerSPKI, {DigestOrPlainText, DigestType, Signature}) -> %% Code from pubkey_cert:extract_verify_data/2. extract_verify_data(Cert, DerCert) -> PlainText = encoded_tbs_cert(DerCert), - {_, Sig} = Cert#'Certificate'.signature, + Sig = compat:unpack_signature(Cert#'Certificate'.signature), SigAlgRecord = Cert#'Certificate'.signatureAlgorithm, SigAlg = SigAlgRecord#'AlgorithmIdentifier'.algorithm, try -- cgit v1.1