5.10.4

synrc · Oct 28, 2024 · 213e318 · 213e318
1 parent 5d8a17f
commit 213e318
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/lib/services/csr.ex b/lib/services/csr.ex
@@ -14,7 +14,6 @@ defmodule CA.CSR do
   end
 
   def read_ca() do
-#      {:ok, ca_key_bin} = :file.read_file "~/.chat/secp384r1/ca.key"
       {:ok, ca_key_bin} = :file.read_file "ca.key"
       {:ok, ca_bin} = :file.read_file "ca.pem"
       {:ok, ca_key} = X509.PrivateKey.from_pem ca_key_bin
@@ -24,11 +23,8 @@ defmodule CA.CSR do
 
   def read_ca_public() do
       {:ok, ca_bin} = :file.read_file "ca.pem"
-      list = String.split(ca_bin, "\n", trim: true)
-      list = :lists.reverse(tl(:lists.reverse(tl(list))))
-      bin  = :base64.decode(:erlang.iolist_to_binary(list))
-      :io.format '~p~n', [:asn1rt_nif.decode_ber_tlv bin]
-      {:ok, _cader} = :"DSTU-Cert".decode(:Certificate, bin)
+      {:ok, ca} = X509.Certificate.from_pem ca_bin
+      {:ok, bin} = :"PKIX1Explicit-2009".encode(:Certificate, CA.CMP.convertOTPtoPKIX(ca))
       bin
   end
 

diff --git a/lib/services/est.ex b/lib/services/est.ex
@@ -20,13 +20,17 @@ defmodule CA.EST do
 
   # Authority PKI X.509 EST RFC 7030 3.2.2
 
-  get  "/.well-known/est/cacerts"        do CA.EST.Get.get(conn,   [], "Authority", [], "ROOT") end
+  get  "/.well-known/est/cacerts"        do CA.EST.Get.get(conn,   [], "Authority", [], "CONTENT") end
   get  "/.well-known/est/csrattrs"       do CA.EST.Get.get(conn,   [], "Authority", [], "ABAC") end
   post "/.well-known/est/simpleenroll"   do CA.EST.Post.post(conn, [], "Authority", [], "ENROLL") end
   post "/.well-known/est/simplereenroll" do CA.EST.Post.post(conn, [], "Authority", [], "RE-ENROLL") end
   post "/.well-known/est/serverkeygen"   do CA.EST.Post.post(conn, [], "Authority", [], "KEYGEN") end
   post "/.well-known/est/fullcmc"        do CA.EST.Post.post(conn, [], "Authority", [], "CMC") end
 
+  # Authority PKI X.509 EST SYNRC 5.10.4
+
+  get  "/.well-known/est/ca"             do CA.EST.Get.get(conn,   [], "Authority", [], "CA") end
+
   # See Page 36 of RFC 7030
   # [1] https://www.rfc-editor.org/rfc/rfc7030
   # [2] https://www.ietf.org/archive/id/draft-ietf-lamps-rfc7030-csrattrs-07.html

diff --git a/lib/services/http/get.ex b/lib/services/http/get.ex
@@ -1,6 +1,6 @@
 defmodule CA.EST.Get do
   import Plug.Conn
-  def get(conn, [], "Authority", [], "ROOT") do
+  def get(conn, [], "Authority", [], "CA") do
       body = :base64.encode(CA.CSR.read_ca_public())
       conn |> put_resp_content_type("application/pkcs7-mime")
            |> put_resp_header("Content-Transfer-Encoding", "base64")

diff --git a/priv/kep/DSTU-Cert.asn1 b/priv/kep/DSTU-Cert.asn1
@@ -8,6 +8,8 @@ Certificate ::= SEQUENCE {
  signatureAlgorithm AlgorithmIdentifier,
  signatureValue BIT STRING }
 
+Certificates ::= SEQUENCE OF Certificate
+
 TBSCertificate ::= SEQUENCE {
  version [0] Version,
  serialNumber CertificateSerialNumber,