diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-05-11 19:33:51 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-05-25 00:21:54 +0200 |
| commit | 4950f167d628b04c3859baf512328bff8538bd2d (patch) | |
| tree | 6cdb0cd9947c48a19b5752ffc82d2c599bf11f97 /base/server/cms/src/org | |
| parent | 4bf6c1abb6159c795493991c31f7f3ef24d7c5a6 (diff) | |
| download | pki-4950f167d628b04c3859baf512328bff8538bd2d.tar.gz pki-4950f167d628b04c3859baf512328bff8538bd2d.tar.xz pki-4950f167d628b04c3859baf512328bff8538bd2d.zip | |
Fixed support for generic CSR extensions.
The deployment tool has been modified to support adding Subordinate
CA extension into the CSR for Microsoft CA, and also adding generic
extensions to any system certificate.
https://fedorahosted.org/pki/ticket/2312
Diffstat (limited to 'base/server/cms/src/org')
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java index 57e037232..3720116b9 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/SystemConfigService.java @@ -327,15 +327,6 @@ public class SystemConfigService extends PKIService implements SystemConfigResou for (SystemCertData systemCert : request.getSystemCerts()) { if (systemCert.getTag().equals(tag)) { certData = systemCert; - CMS.debug("Found data for '" + tag + "'"); - if (tag.equals("signing") && - certData.getReqExtOID() != null && - certData.getReqExtData() != null) { - CMS.debug("SystemConfigService:processCerts: adding request extension to config"); - cs.putString("preop.cert.signing.ext.oid", certData.getReqExtOID()); - cs.putString("preop.cert.signing.ext.data", certData.getReqExtData()); - cs.putBoolean("preop.cert.signing.ext.critical", certData.getReqExtCritical()); - } break; } } @@ -399,16 +390,12 @@ public class SystemConfigService extends PKIService implements SystemConfigResou } String signingalgorithm = certData.getSigningAlgorithm() != null ? certData.getSigningAlgorithm() : keyalgorithm; - String nickname = certData.getNickname() != null ? certData.getNickname() : - cs.getString("preop.cert." + tag + ".nickname"); - String dn = certData.getSubjectDN() != null ? certData.getSubjectDN() : - cs.getString("preop.cert." + tag + ".dn"); + String nickname = cs.getString("preop.cert." + tag + ".nickname"); + String dn = cs.getString("preop.cert." + tag + ".dn"); cs.putString("preop.cert." + tag + ".keytype", keytype); cs.putString("preop.cert." + tag + ".keyalgorithm", keyalgorithm); cs.putString("preop.cert." + tag + ".signingalgorithm", signingalgorithm); - cs.putString("preop.cert." + tag + ".nickname", nickname); - cs.putString("preop.cert." + tag + ".dn", dn); // support injecting SAN into server cert if ( tag.equals("sslserver") && certData.getServerCertSAN() != null) { @@ -578,10 +565,8 @@ public class SystemConfigService extends PKIService implements SystemConfigResou cs.putString("preop.cert." + tag + ".pubkey.modulus", CryptoUtil.byte2string(modulus)); cs.putString("preop.cert." + tag + ".pubkey.exponent", CryptoUtil.byte2string(exponent)); cs.putString("preop.cert." + tag + ".privkey.id", CryptoUtil.byte2string(privk.getUniqueID())); - cs.putString("preop.cert." + tag + ".dn", cdata.getSubjectDN()); cs.putString("preop.cert." + tag + ".keyalgorithm", cdata.getKeyAlgorithm()); cs.putString("preop.cert." + tag + ".keytype", cdata.getKeyType()); - cs.putString("preop.cert." + tag + ".nickname", cdata.getNickname()); } private void updateConfiguration(ConfigurationRequest data, SystemCertData cdata, String tag) { |