Fixed bugzilla bug #493765

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1053 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-04-22 00:54:49 +0000
committer: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-04-22 00:54:49 +0000
commit: e230d764fb27b8a406ddca5987bd708e219bd8dd (patch)
tree: 35031368cc7f30ee7e46f72949d9272629642dea /pki/base/common/src/com/netscape/cmscore
parent: 353f5ec6af4756e1b36f0ef98e0b04b28d9c5af3 (diff)
download: pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.tar.gz
pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.tar.xz
pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index c0967ea18..5b36f4bc2 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -833,6 +833,13 @@ public class KeyCertUtil {
             anyExt = true;
         }
 
+        String ocspSigning = properties.getOCSPSigning();
+
+        if ((ocspSigning != null) && (ocspSigning.equals(Constants.TRUE))) {
+            ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.9"));
+            anyExt = true;
+        }
+
         if (anyExt)
             ext.set(ExtendedKeyUsageExtension.NAME, ns);
     }
@@ -925,6 +932,25 @@ public class KeyCertUtil {
         }
     }
 
+    public static void setAuthInfoAccess(KeyPair keypair, 
+        CertificateExtensions ext, KeyCertData properties) throws IOException,
+            NoSuchAlgorithmException, InvalidKeyException {
+        String aia = properties.getAIA();
+
+        if ((aia != null) && (aia.equals(Constants.TRUE))) {
+            String hostname = CMS.getEENonSSLHost();
+            String port = CMS.getEENonSSLPort();
+            AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
+            if (hostname != null && port != null) {
+                String location = "http://"+hostname+":"+port+"/ca/ocsp";
+                GeneralName ocspName = new GeneralName(new URIName(location));
+                aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
+            }
+
+            ext.set(AuthInfoAccessExtension.NAME, aiaExt);
+        }
+    }
+
     public static void setAuthorityKeyIdentifier(KeyPair keypair, 
         CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
author	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-04-22 00:54:49 +0000
committer	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-04-22 00:54:49 +0000
commit	e230d764fb27b8a406ddca5987bd708e219bd8dd (patch)
tree	35031368cc7f30ee7e46f72949d9272629642dea /pki/base/common/src/com/netscape/cmscore
parent	353f5ec6af4756e1b36f0ef98e0b04b28d9c5af3 (diff)
download	pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.tar.gz pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.tar.xz pki-e230d764fb27b8a406ddca5987bd708e219bd8dd.zip