Fixed support for generic CSR extensions.

The deployment tool has been modified to support adding Subordinate CA extension into the CSR for Microsoft CA, and also adding generic extensions to any system certificate. https://fedorahosted.org/pki/ticket/2312
author: Endi S. Dewata <edewata@redhat.com> 2016-05-11 19:33:51 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2016-05-25 00:21:54 +0200
commit: 4950f167d628b04c3859baf512328bff8538bd2d (patch)
tree: 6cdb0cd9947c48a19b5752ffc82d2c599bf11f97 /base/server/cms/src/com
parent: 4bf6c1abb6159c795493991c31f7f3ef24d7c5a6 (diff)
1 files changed, 16 insertions, 13 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 131f565ad..2da4e4865 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -2936,12 +2936,15 @@ public class ConfigurationUtils {
 
         cert.setDN(caDN);
 
-        Extensions exts = null;
+        Extensions exts = new Extensions();
         if (certTag.equals("signing")) {
             CMS.debug("generateCertRequest: generating basic CA extensions");
-            exts = createBasicCAExtensions(config);
+            createBasicCAExtensions(config, exts);
         }
 
+        CMS.debug("generateCertRequest: generating generic extensions");
+        createGenericExtensions(config, certTag, exts);
+
         CMS.debug("generateCertRequest: generating PKCS #10 request");
         PKCS10 certReq = CryptoUtil.createCertificationRequest(caDN, pubk, privk, algorithm, exts);
 
@@ -2961,8 +2964,7 @@ public class ConfigurationUtils {
      * createBasicCAExtensions creates the basic Extensions needed for a CSR to a
      * CA signing certificate
      */
-    private static Extensions createBasicCAExtensions(IConfigStore config) throws Exception {
-        Extensions exts = new Extensions();
+    private static void createBasicCAExtensions(IConfigStore config, Extensions exts) throws Exception {
         CMS.debug("ConfigurationUtils: createBasicCAExtensions: begins");
 
         // create BasicConstraintsExtension
@@ -2991,15 +2993,18 @@ public class ConfigurationUtils {
         NSCertTypeExtension nsctExt = new NSCertTypeExtension(false, nsBits);
         exts.add(nsctExt);
         */
+    }
 
-        // add a generic extension
+    private static void createGenericExtensions(IConfigStore config, String tag, Extensions exts) throws Exception {
+        CMS.debug("ConfigurationUtils: createGenericExtensions: begins");
+        // if specified, add a generic extension
         try {
-            String oidString = config.getString(PCERT_PREFIX + "signing.ext.oid");
-            String dataString = config.getString(PCERT_PREFIX + "signing.ext.data");
+            String oidString = config.getString(PCERT_PREFIX + tag + ".ext.oid");
+            String dataString = config.getString(PCERT_PREFIX + tag + ".ext.data");
 
             if (oidString != null && dataString != null) {
-                CMS.debug("ConfigurationUtils: createBasicCAExtensions: processing generic extension");
-                boolean critical = config.getBoolean("preop.cert.signing.ext.critical");
+                CMS.debug("ConfigurationUtils: createGenericExtensions: adding generic extension for " + tag);
+                boolean critical = config.getBoolean(PCERT_PREFIX + tag + ".ext.critical");
                 ObjectIdentifier oid = new ObjectIdentifier(oidString);
 
                 byte data[] = CryptoUtil.hexString2Bytes(dataString);
@@ -3010,18 +3015,16 @@ public class ConfigurationUtils {
                 out.close();
 
                 exts.add(genExt);
-                CMS.debug("ConfigurationUtils: createBasicCAExtensions: generic extension added: " + oidString);
+                CMS.debug("ConfigurationUtils: createGenericExtensions: generic extension added: " + oidString);
             }
 
         } catch (EPropertyNotFound e) {
             // generic extension not specified, ignore
 
         } catch (EBaseException e) {
-            CMS.debug("ConfigurationUtils: createBasicCAExtensions: Unable to add generic extension: " + e);
+            CMS.debug("ConfigurationUtils: createGenericExtensions: Unable to add generic extension: " + e);
             throw new BadRequestException("Unable to add generic certificate extension: " + e, e);
         }
-
-        return exts;
     }
 
     public static X509Key getECCX509Key(IConfigStore config, String certTag) throws EPropertyNotFound, EBaseException,
author	Endi S. Dewata <edewata@redhat.com>	2016-05-11 19:33:51 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2016-05-25 00:21:54 +0200
commit	4950f167d628b04c3859baf512328bff8538bd2d (patch)
tree	6cdb0cd9947c48a19b5752ffc82d2c599bf11f97 /base/server/cms/src/com
parent	4bf6c1abb6159c795493991c31f7f3ef24d7c5a6 (diff)