commit 7641105d8c6a325d520a8f107a627638298962fc
author Marri Devender Rao <devenrao@in.ibm.com> Wed Aug 07 01:25:07 2019 -0500
committer Marri Devender Rao <devenrao@in.ibm.com> Mon Aug 12 05:03:30 2019 -0500
tree 1b654875990a970828e5e5cf526af6abd23cdfc0
parent b57d75e2b1871fe048216ae98ae3a224ca3adb9e

Fix extended key usage value while generating CSR

At present extended key usage values are added as
key usage values while generating CSR fixed the same.

Tested:
Verified that key usage and extended key usage values are
displayed properly

[devenrao]$ openssl req -text -in n1.csr
Certificate Request:
    Data:
        Version: 1 (0x1)
        Subject: subjectAltName=an.com/subjectAltName=bm.com, L=NJ,
CN=w3.ibm.com/name=cp, C=US/emailAddress=abc.com,
GN=gn/initials=in/algorithm=EC/extendedKeyUsage=ServerAuthentication/keyUsage=KeyCertSign/keyUsage=DigitalSignature,
O=IBM, ST=NY, SN=sn/unstructuredName=un
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I80e2f82696a695ea551cbb01f6a0fd5a2a416663

certs_manager.cpp

diff --git a/certs_manager.cpp b/certs_manager.cpp
index 59808c1..a03088d 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -263,7 +263,14 @@
     {
         for (auto& usage : keyUsage)
         {
-            addEntry(x509Name, "keyUsage", usage);
+            if (isExtendedKeyUsage(usage))
+            {
+                addEntry(x509Name, "extendedKeyUsage", usage);
+            }
+            else
+            {
+                addEntry(x509Name, "keyUsage", usage);
+            }
         }
     }
     addEntry(x509Name, "O", organization);
@@ -313,6 +320,16 @@
     writeCSR(csrFilePath.string(), x509Req);
 }
 
+bool Manager::isExtendedKeyUsage(const std::string& usage)
+{
+    const static std::array<const char*, 6> usageList = {
+        "ServerAuthentication", "ClientAuthentication", "OCSPSigning",
+        "Timestamping",         "CodeSigning",          "EmailProtection"};
+    auto it = std::find_if(
+        usageList.begin(), usageList.end(),
+        [&usage](const char* s) { return (strcmp(s, usage.c_str()) == 0); });
+    return it != usageList.end();
+}
 EVP_PKEY_Ptr Manager::generateRSAKeyPair(const int64_t keyBitLength)
 {
     int ret = 0;

certs_manager.hpp

diff --git a/certs_manager.hpp b/certs_manager.hpp
index 355840d..da47d35 100644
--- a/certs_manager.hpp
+++ b/certs_manager.hpp
@@ -198,6 +198,12 @@
     void addEntry(X509_NAME* x509Name, const char* field,
                   const std::string& bytes);
 
+    /** @brief Check if usage is extended key usage
+     *  @param[in] usage - key usage value
+     *  @return true if part of extended key usage
+     */
+    bool isExtendedKeyUsage(const std::string& usage);
+
     /** @brief Create CSR D-Bus object by reading the data in the CSR file
      *  @param[in] statis - SUCCESSS/FAILURE In CSR generation.
      */