From 5bbd06e6e77729c63d65b77445f71f63ea0cdd1f Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Wed, 15 Oct 2014 10:30:31 -0700
Subject: Bug1151147 issuerDN encoding correction

---
 .../src/com/netscape/cms/servlet/csadmin/CertUtil.java   | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java')

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index ede632ee5..22f092973 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import netscape.security.pkcs.PKCS10;
 import netscape.security.x509.CertificateExtensions;
+import netscape.security.x509.CertificateIssuerName;
 import netscape.security.x509.X500Name;
 import netscape.security.x509.X509CertImpl;
 import netscape.security.x509.X509CertInfo;
@@ -390,6 +391,7 @@ public class CertUtil {
             cr = ca.getCertificateRepository();
             BigInteger serialNo = cr.getNextSerialNumber();
             if (type.equals("selfsign")) {
+                CMS.debug("Creating local certificate... selfsign cert");
                 CMS.debug("Creating local certificate... issuerdn=" + dn);
                 CMS.debug("Creating local certificate... dn=" + dn);
                 info = CryptoUtil.createX509CertInfo(x509key, serialNo, dn, dn, date, date, keyAlgorithm);
@@ -397,8 +399,18 @@ public class CertUtil {
                 String issuerdn = config.getString("preop.cert.signing.dn", "");
                 CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
                 CMS.debug("Creating local certificate... dn=" + dn);
-
-                info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
+                if (ca.getIssuerObj() != null) {
+                    // this ensures the isserDN has the same encoding as the
+                    // subjectDN of the CA signing cert
+                    CMS.debug("Creating local certificate...  setting issuerDN using exact CA signing cert subjectDN encoding");
+                    CertificateIssuerName issuerdnObj =
+                        ca.getIssuerObj();
+
+                    info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdnObj, dn, date, date, keyAlgorithm);
+                } else {
+                    CMS.debug("Creating local certificate... ca.getIssuerObj() is null, creating new CertificateIssuerName");
+                    info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
+                }
             }
             CMS.debug("Cert Template: " + info.toString());
 
-- 
cgit