Bug1151147 issuerDN encoding correction

author: Christina Fu <cfu@redhat.com> 2014-10-15 10:30:31 -0700
committer: Christina Fu <cfu@redhat.com> 2014-10-23 11:01:23 -0700
commit: 5bbd06e6e77729c63d65b77445f71f63ea0cdd1f (patch)
tree: 5c580f2390ef5d9dc164a161e6b82a025dbd2184 /base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
parent: 223c483d1bc6b3425a86439f73bcf5031a2af4d6 (diff)
download: pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.gz
pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.xz
pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.zip
1 files changed, 14 insertions, 2 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index ede632ee5..22f092973 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import netscape.security.pkcs.PKCS10;
 import netscape.security.x509.CertificateExtensions;
+import netscape.security.x509.CertificateIssuerName;
 import netscape.security.x509.X500Name;
 import netscape.security.x509.X509CertImpl;
 import netscape.security.x509.X509CertInfo;
@@ -390,6 +391,7 @@ public class CertUtil {
             cr = ca.getCertificateRepository();
             BigInteger serialNo = cr.getNextSerialNumber();
             if (type.equals("selfsign")) {
+                CMS.debug("Creating local certificate... selfsign cert");
                 CMS.debug("Creating local certificate... issuerdn=" + dn);
                 CMS.debug("Creating local certificate... dn=" + dn);
                 info = CryptoUtil.createX509CertInfo(x509key, serialNo, dn, dn, date, date, keyAlgorithm);
@@ -397,8 +399,18 @@ public class CertUtil {
                 String issuerdn = config.getString("preop.cert.signing.dn", "");
                 CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
                 CMS.debug("Creating local certificate... dn=" + dn);
-
-                info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
+                if (ca.getIssuerObj() != null) {
+                    // this ensures the isserDN has the same encoding as the
+                    // subjectDN of the CA signing cert
+                    CMS.debug("Creating local certificate...  setting issuerDN using exact CA signing cert subjectDN encoding");
+                    CertificateIssuerName issuerdnObj =
+                        ca.getIssuerObj();
+
+                    info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdnObj, dn, date, date, keyAlgorithm);
+                } else {
+                    CMS.debug("Creating local certificate... ca.getIssuerObj() is null, creating new CertificateIssuerName");
+                    info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
+                }
             }
             CMS.debug("Cert Template: " + info.toString());
author	Christina Fu <cfu@redhat.com>	2014-10-15 10:30:31 -0700
committer	Christina Fu <cfu@redhat.com>	2014-10-23 11:01:23 -0700
commit	5bbd06e6e77729c63d65b77445f71f63ea0cdd1f (patch)
tree	5c580f2390ef5d9dc164a161e6b82a025dbd2184 /base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
parent	223c483d1bc6b3425a86439f73bcf5031a2af4d6 (diff)
download	pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.gz pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.xz pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.zip