diff options
author | Christina Fu <cfu@redhat.com> | 2014-10-15 10:30:31 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-10-23 11:01:23 -0700 |
commit | 5bbd06e6e77729c63d65b77445f71f63ea0cdd1f (patch) | |
tree | 5c580f2390ef5d9dc164a161e6b82a025dbd2184 /base/server/cms/src/com | |
parent | 223c483d1bc6b3425a86439f73bcf5031a2af4d6 (diff) | |
download | pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.gz pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.tar.xz pki-5bbd06e6e77729c63d65b77445f71f63ea0cdd1f.zip |
Bug1151147 issuerDN encoding correction
Diffstat (limited to 'base/server/cms/src/com')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java | 16 | ||||
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 16 |
2 files changed, 28 insertions, 4 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java index ca665baf1..9e89e693f 100644 --- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -88,6 +88,7 @@ import com.netscape.certsrv.authority.IAuthority; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.SessionContext; +import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.profile.EDeferException; import com.netscape.certsrv.profile.EProfileException; @@ -220,8 +221,19 @@ public abstract class EnrollProfile extends BasicProfile new CertificateVersion(CertificateVersion.V3)); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, - new CertificateIssuerName(issuerName)); + ICertificateAuthority authority = + (ICertificateAuthority) getAuthority(); + if (authority.getIssuerObj() != null) { + // this ensures the isserDN has the same encoding as the + // subjectDN of the CA signing cert + CMS.debug("EnrollProfile: setDefaultCertInfo: setting issuerDN using exact CA signing cert subjectDN encoding"); + info.set(X509CertInfo.ISSUER, + authority.getIssuerObj()); + } else { + CMS.debug("EnrollProfile: setDefaultCertInfo: authority.getIssuerObj() is null, creating new CertificateIssuerName"); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); + } info.set(X509CertInfo.KEY, new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); info.set(X509CertInfo.SUBJECT, diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java index ede632ee5..22f092973 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import netscape.security.pkcs.PKCS10; import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateIssuerName; import netscape.security.x509.X500Name; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; @@ -390,6 +391,7 @@ public class CertUtil { cr = ca.getCertificateRepository(); BigInteger serialNo = cr.getNextSerialNumber(); if (type.equals("selfsign")) { + CMS.debug("Creating local certificate... selfsign cert"); CMS.debug("Creating local certificate... issuerdn=" + dn); CMS.debug("Creating local certificate... dn=" + dn); info = CryptoUtil.createX509CertInfo(x509key, serialNo, dn, dn, date, date, keyAlgorithm); @@ -397,8 +399,18 @@ public class CertUtil { String issuerdn = config.getString("preop.cert.signing.dn", ""); CMS.debug("Creating local certificate... issuerdn=" + issuerdn); CMS.debug("Creating local certificate... dn=" + dn); - - info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm); + if (ca.getIssuerObj() != null) { + // this ensures the isserDN has the same encoding as the + // subjectDN of the CA signing cert + CMS.debug("Creating local certificate... setting issuerDN using exact CA signing cert subjectDN encoding"); + CertificateIssuerName issuerdnObj = + ca.getIssuerObj(); + + info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdnObj, dn, date, date, keyAlgorithm); + } else { + CMS.debug("Creating local certificate... ca.getIssuerObj() is null, creating new CertificateIssuerName"); + info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm); + } } CMS.debug("Cert Template: " + info.toString()); |