Bug 929043 - updated serverCert.profile with SAN results in SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration

Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
author: Christina Fu <cfu@redhat.com> 2013-04-03 19:02:40 -0700
committer: Christina Fu <cfu@redhat.com> 2013-04-03 19:06:32 -0700
commit: 2e0194dd7791eaf07d6e9eb26df57e5a4677f426 (patch)
tree: 210763f0b24bdbb16078b850db9483b629b0a53f
parent: 58af16ad10520d5a667427ec998127e45dd98612 (diff)
download: pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.tar.gz
pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.tar.xz
pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.zip
5 files changed, 61 insertions, 4 deletions
diff --git a/base/ca/shared/conf/serverCert.profile.exampleWithSAN b/base/ca/shared/conf/serverCert.profile.exampleWithSAN
new file mode 100644
index 000000000..3fd00f3d7
--- /dev/null
+++ b/base/ca/shared/conf/serverCert.profile.exampleWithSAN
@@ -0,0 +1,50 @@
+#
+# Server Certificate
+#
+id=serverCert.profile
+name=All Purpose SSL server cert Profile
+description=This profile creates an SSL server certificate that is valid for SSL servers
+profileIDMapping=caServerCert
+profileSetIDMapping=serverCertSet
+list=2,4,5,6,7,8
+2.default.class=com.netscape.cms.profile.def.ValidityDefault
+2.default.name=Validity Default
+2.default.params.range=720
+2.default.params.startTime=0
+4.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault
+4.default.name=Authority Key Identifier Default
+5.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault
+5.default.name=AIA Extension Default
+5.default.params.authInfoAccessADEnable_0=true
+5.default.params.authInfoAccessADLocationType_0=URIName
+5.default.params.authInfoAccessADLocation_0=
+5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+5.default.params.authInfoAccessCritical=false
+5.default.params.authInfoAccessNumADs=1
+6.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault
+6.default.name=Key Usage Default
+6.default.params.keyUsageCritical=true
+6.default.params.keyUsageDigitalSignature=true
+6.default.params.keyUsageNonRepudiation=true
+6.default.params.keyUsageDataEncipherment=true
+6.default.params.keyUsageKeyEncipherment=true
+6.default.params.keyUsageKeyAgreement=false
+6.default.params.keyUsageKeyCertSign=false
+6.default.params.keyUsageCrlSign=false
+6.default.params.keyUsageEncipherOnly=false
+6.default.params.keyUsageDecipherOnly=false
+7.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault
+7.default.name=Extended Key Usage Extension Default
+7.default.params.exKeyUsageCritical=false
+7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
+8.default.class=com.netscape.cms.profile.def.SubjectAltNameExtDefault
+8.default.name=Subject Alt Name Constraint
+8.default.params.subjAltNameExtCritical=false
+8.default.params.subjAltExtType_0=OtherName
+8.default.params.subjAltExtSource_0=UUID4
+8.default.params.subjAltExtPattern_0=(IA5String)1.2.3.4,$server.source$
+8.default.params.subjAltExtGNEnable_0=true
+8.default.params.subjAltExtType_1=DNSName
+8.default.params.subjAltExtPattern_1=myhost.example.com
+8.default.params.subjAltExtGNEnable_1=true
+8.default.params.subjAltNameNumGNs=2
diff --git a/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java b/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
index 38379c283..907d8d631 100644
--- a/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
+++ b/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
@@ -25,6 +25,7 @@ import netscape.security.x509.X509CertInfo;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.request.IRequest;
 
 public class CertInfoProfile {
     private Vector<ICertInfoPolicyDefault> mDefaults = new Vector<ICertInfoPolicyDefault>();
@@ -87,11 +88,15 @@ public class CertInfoProfile {
     }
 
     public void populate(X509CertInfo info) {
+        populate( null /* request */, info);
+    }
+
+    public void populate(IRequest request, X509CertInfo info) {
         Enumeration<ICertInfoPolicyDefault> e1 = mDefaults.elements();
         while (e1.hasMoreElements()) {
             ICertInfoPolicyDefault def = e1.nextElement();
             try {
-                def.populate(null /* request */, info);
+                def.populate( request, info);
             } catch (Exception e) {
                 CMS.debug(e);
                 CMS.debug("CertInfoProfile.populate: " + e.toString());
diff --git a/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
index 4bb1d0309..61c200a96 100644
--- a/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ b/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
@@ -462,7 +462,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                                 // call the mapPattern that does server-side gen
                                 // request is not used, but needed for the substitute
                                 // function
-                                gname = mapPattern(randUUID.toString(), request, pattern);
+                                if (request != null) {
+                                    gname = mapPattern(randUUID.toString(), request, pattern);
+                                }
                             } else { //expand more server-gen types here
                                 CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "
                                         + source + ". Supported: UUID4");
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index d94091210..789c0aab5 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -406,7 +406,7 @@ public class CertUtil {
                 CMS.debug("Creating local request exception:" + e.toString());
             }
 
-            processor.populate(info);
+            processor.populate(req, info);
 
             String caPriKeyID = config.getString(
                     prefix + "signing" + ".privkey.id");
diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in
index 126ea3684..564368413 100644
--- a/base/kra/shared/conf/CS.cfg.in
+++ b/base/kra/shared/conf/CS.cfg.in
@@ -84,7 +84,7 @@ preop.cert.transport.keysize.custom_size=2048
 preop.cert.transport.keysize.size=2048
 preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_ID]
 preop.cert.transport.profile=caInternalAuthTransportCert
-preop.cert.transport.signing.required=true
+preop.cert.transport.signing.required=false
 preop.cert.transport.subsystem=kra
 preop.cert.transport.type=remote
 preop.cert.transport.userfriendlyname=Transport Certificate
author	Christina Fu <cfu@redhat.com>	2013-04-03 19:02:40 -0700
committer	Christina Fu <cfu@redhat.com>	2013-04-03 19:06:32 -0700
commit	2e0194dd7791eaf07d6e9eb26df57e5a4677f426 (patch)
tree	210763f0b24bdbb16078b850db9483b629b0a53f
parent	58af16ad10520d5a667427ec998127e45dd98612 (diff)
download	pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.tar.gz pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.tar.xz pki-2e0194dd7791eaf07d6e9eb26df57e5a4677f426.zip