|
|
eb29d7 |
From a8fe431dc77f03a8237ec0820c02c542762ecb9f Mon Sep 17 00:00:00 2001
|
|
|
eb29d7 |
From: Christina Fu <cfu@redhat.com>
|
|
|
eb29d7 |
Date: Wed, 15 Oct 2014 10:30:31 -0700
|
|
|
eb29d7 |
Subject: [PATCH] Bug1151147 issuerDN encoding correction
|
|
|
eb29d7 |
|
|
|
eb29d7 |
---
|
|
|
eb29d7 |
base/ca/src/com/netscape/ca/CAService.java | 13 ++++++--
|
|
|
eb29d7 |
.../src/com/netscape/ca/CertificateAuthority.java | 39 +++++++++++++++++++++-
|
|
|
eb29d7 |
.../netscape/certsrv/ca/ICertificateAuthority.java | 5 +++
|
|
|
eb29d7 |
.../netscape/cms/profile/common/EnrollProfile.java | 16 +++++++--
|
|
|
eb29d7 |
.../com/netscape/cms/servlet/csadmin/CertUtil.java | 16 +++++++--
|
|
|
eb29d7 |
.../com/netscape/cmsutil/crypto/CryptoUtil.java | 18 ++++++++--
|
|
|
eb29d7 |
.../src/netscape/security/x509/X509CertImpl.java | 8 +++++
|
|
|
eb29d7 |
.../src/netscape/security/x509/X509CertInfo.java | 8 +++++
|
|
|
eb29d7 |
8 files changed, 114 insertions(+), 9 deletions(-)
|
|
|
eb29d7 |
|
|
|
eb29d7 |
diff --git a/base/ca/src/com/netscape/ca/CAService.java b/base/ca/src/com/netscape/ca/CAService.java
|
|
|
eb29d7 |
index 1977850..6edaf2a 100644
|
|
|
eb29d7 |
--- a/base/ca/src/com/netscape/ca/CAService.java
|
|
|
eb29d7 |
+++ b/base/ca/src/com/netscape/ca/CAService.java
|
|
|
eb29d7 |
@@ -821,8 +821,17 @@ public class CAService implements ICAService, IService {
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
try {
|
|
|
eb29d7 |
- certi.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
- new CertificateIssuerName(mCA.getX500Name()));
|
|
|
eb29d7 |
+ if (mCA.getIssuerObj() != null) {
|
|
|
eb29d7 |
+ // this ensures the isserDN has the same encoding as the
|
|
|
eb29d7 |
+ // subjectDN of the CA signing cert
|
|
|
eb29d7 |
+ CMS.debug("CAService: issueX509Cert: setting issuerDN using exact CA signing cert subjectDN encoding");
|
|
|
eb29d7 |
+ certi.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
+ mCA.getIssuerObj());
|
|
|
eb29d7 |
+ } else {
|
|
|
eb29d7 |
+ CMS.debug("CAService: issueX509Cert: mCA.getIssuerObj() is null, creating new CertificateIssuerName");
|
|
|
eb29d7 |
+ certi.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
+ new CertificateIssuerName(mCA.getX500Name()));
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
} catch (CertificateException e) {
|
|
|
eb29d7 |
mCA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CA_SET_ISSUER", e.toString()));
|
|
|
eb29d7 |
throw new ECAException(CMS.getUserMessage("CMS_CA_SET_ISSUER_FAILED", rid));
|
|
|
eb29d7 |
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
|
|
|
eb29d7 |
index 73ce6df..6529611 100644
|
|
|
eb29d7 |
--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
|
|
|
eb29d7 |
+++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
|
|
|
eb29d7 |
@@ -43,6 +43,8 @@ import netscape.security.util.DerOutputStream;
|
|
|
eb29d7 |
import netscape.security.util.DerValue;
|
|
|
eb29d7 |
import netscape.security.x509.AlgorithmId;
|
|
|
eb29d7 |
import netscape.security.x509.CertificateChain;
|
|
|
eb29d7 |
+import netscape.security.x509.CertificateIssuerName;
|
|
|
eb29d7 |
+import netscape.security.x509.CertificateSubjectName;
|
|
|
eb29d7 |
import netscape.security.x509.CertificateVersion;
|
|
|
eb29d7 |
import netscape.security.x509.X500Name;
|
|
|
eb29d7 |
import netscape.security.x509.X509CRLImpl;
|
|
|
eb29d7 |
@@ -143,6 +145,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
|
|
|
eb29d7 |
protected SigningUnit mOCSPSigningUnit;
|
|
|
eb29d7 |
protected SigningUnit mCRLSigningUnit;
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ protected CertificateIssuerName mIssuerObj = null;
|
|
|
eb29d7 |
+ protected CertificateSubjectName mSubjectObj = null;
|
|
|
eb29d7 |
protected X500Name mName = null;
|
|
|
eb29d7 |
protected X500Name mCRLName = null;
|
|
|
eb29d7 |
protected X500Name mOCSPName = null;
|
|
|
eb29d7 |
@@ -888,6 +892,14 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
|
|
|
eb29d7 |
return mName;
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ public CertificateIssuerName getIssuerObj() {
|
|
|
eb29d7 |
+ return mIssuerObj;
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
+ public CertificateSubjectName getSubjectObj() {
|
|
|
eb29d7 |
+ return mSubjectObj;
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
public X500Name getCRLX500Name() {
|
|
|
eb29d7 |
return mCRLName;
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
@@ -1199,6 +1211,21 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
|
|
|
eb29d7 |
IConfigStore caSigningCfg =
|
|
|
eb29d7 |
mConfig.getSubStore(PROP_SIGNING_SUBSTORE);
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ String caSigningCertStr = caSigningCfg.getString("cert", "");
|
|
|
eb29d7 |
+ if (caSigningCertStr.equals("")) {
|
|
|
eb29d7 |
+ CMS.debug("CertificateAuthority:initSigUnit: ca.signing.cert not found");
|
|
|
eb29d7 |
+ } else { //ca cert found
|
|
|
eb29d7 |
+ CMS.debug("CertificateAuthority:initSigUnit: ca cert found");
|
|
|
eb29d7 |
+ mCaCert = new X509CertImpl(CMS.AtoB(caSigningCertStr));
|
|
|
eb29d7 |
+ // this ensures the isserDN and subjectDN have the same encoding
|
|
|
eb29d7 |
+ // as that of the CA signing cert
|
|
|
eb29d7 |
+ CMS.debug("CertificateAuthority: initSigUnit 1- setting mIssuerObj and mSubjectObj");
|
|
|
eb29d7 |
+ mSubjectObj = mCaCert.getSubjectObj();
|
|
|
eb29d7 |
+ // this mIssuerObj is the "issuerDN" obj for the certs this CA
|
|
|
eb29d7 |
+ // issues, NOT necessarily the isserDN obj of the CA signing cert
|
|
|
eb29d7 |
+ mIssuerObj = new CertificateIssuerName((X500Name)mSubjectObj.get(CertificateIssuerName.DN_NAME));
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
mSigningUnit.init(this, caSigningCfg);
|
|
|
eb29d7 |
CMS.debug("CA signing unit inited");
|
|
|
eb29d7 |
|
|
|
eb29d7 |
@@ -1295,11 +1322,21 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
mOCSPCertChain = new CertificateChain(ocspImplchain);
|
|
|
eb29d7 |
CMS.debug("in init - got OCSP chain from JSS.");
|
|
|
eb29d7 |
- // init issuer name - take name from the cert.
|
|
|
eb29d7 |
|
|
|
eb29d7 |
mCaX509Cert = mSigningUnit.getCert();
|
|
|
eb29d7 |
mCaCert = new X509CertImpl(mCaX509Cert.getEncoded());
|
|
|
eb29d7 |
getCASigningAlgorithms();
|
|
|
eb29d7 |
+ mSubjectObj = mCaCert.getSubjectObj();
|
|
|
eb29d7 |
+ if (mSubjectObj != null) {
|
|
|
eb29d7 |
+ // this ensures the isserDN and subjectDN have the same encoding
|
|
|
eb29d7 |
+ // as that of the CA signing cert
|
|
|
eb29d7 |
+ CMS.debug("CertificateAuthority: initSigUnit - setting mIssuerObj and mSubjectObj");
|
|
|
eb29d7 |
+ // this mIssuerObj is the "issuerDN" obj for the certs this CA
|
|
|
eb29d7 |
+ // issues, NOT necessarily the isserDN obj of the CA signing cert
|
|
|
eb29d7 |
+ // unless the CA is self-signed
|
|
|
eb29d7 |
+ mIssuerObj =
|
|
|
eb29d7 |
+ new CertificateIssuerName((X500Name)mSubjectObj.get(CertificateIssuerName.DN_NAME));
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
mName = (X500Name) mCaCert.getSubjectDN();
|
|
|
eb29d7 |
|
|
|
eb29d7 |
mCRLX509Cert = mCRLSigningUnit.getCert();
|
|
|
eb29d7 |
diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
|
|
|
eb29d7 |
index 39f336b..f87f154 100644
|
|
|
eb29d7 |
--- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
|
|
|
eb29d7 |
+++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
|
|
|
eb29d7 |
@@ -23,6 +23,8 @@ import java.util.Map;
|
|
|
eb29d7 |
import javax.servlet.http.HttpServletRequest;
|
|
|
eb29d7 |
|
|
|
eb29d7 |
import netscape.security.x509.CertificateChain;
|
|
|
eb29d7 |
+import netscape.security.x509.CertificateIssuerName;
|
|
|
eb29d7 |
+import netscape.security.x509.CertificateSubjectName;
|
|
|
eb29d7 |
import netscape.security.x509.CertificateVersion;
|
|
|
eb29d7 |
import netscape.security.x509.X500Name;
|
|
|
eb29d7 |
import netscape.security.x509.X509CRLImpl;
|
|
|
eb29d7 |
@@ -510,4 +512,7 @@ public interface ICertificateAuthority extends ISubsystem {
|
|
|
eb29d7 |
* @return processed times for OCSP requests
|
|
|
eb29d7 |
*/
|
|
|
eb29d7 |
public long getOCSPTotalData();
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
+ public CertificateIssuerName getIssuerObj();
|
|
|
eb29d7 |
+ public CertificateSubjectName getSubjectObj();
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
|
|
|
eb29d7 |
index ca665ba..9e89e69 100644
|
|
|
eb29d7 |
--- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
|
|
|
eb29d7 |
+++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
|
|
|
eb29d7 |
@@ -88,6 +88,7 @@ import com.netscape.certsrv.authority.IAuthority;
|
|
|
eb29d7 |
import com.netscape.certsrv.base.EBaseException;
|
|
|
eb29d7 |
import com.netscape.certsrv.base.EPropertyNotFound;
|
|
|
eb29d7 |
import com.netscape.certsrv.base.SessionContext;
|
|
|
eb29d7 |
+import com.netscape.certsrv.ca.ICertificateAuthority;
|
|
|
eb29d7 |
import com.netscape.certsrv.logging.ILogger;
|
|
|
eb29d7 |
import com.netscape.certsrv.profile.EDeferException;
|
|
|
eb29d7 |
import com.netscape.certsrv.profile.EProfileException;
|
|
|
eb29d7 |
@@ -220,8 +221,19 @@ public abstract class EnrollProfile extends BasicProfile
|
|
|
eb29d7 |
new CertificateVersion(CertificateVersion.V3));
|
|
|
eb29d7 |
info.set(X509CertInfo.SERIAL_NUMBER,
|
|
|
eb29d7 |
new CertificateSerialNumber(new BigInteger("0")));
|
|
|
eb29d7 |
- info.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
- new CertificateIssuerName(issuerName));
|
|
|
eb29d7 |
+ ICertificateAuthority authority =
|
|
|
eb29d7 |
+ (ICertificateAuthority) getAuthority();
|
|
|
eb29d7 |
+ if (authority.getIssuerObj() != null) {
|
|
|
eb29d7 |
+ // this ensures the isserDN has the same encoding as the
|
|
|
eb29d7 |
+ // subjectDN of the CA signing cert
|
|
|
eb29d7 |
+ CMS.debug("EnrollProfile: setDefaultCertInfo: setting issuerDN using exact CA signing cert subjectDN encoding");
|
|
|
eb29d7 |
+ info.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
+ authority.getIssuerObj());
|
|
|
eb29d7 |
+ } else {
|
|
|
eb29d7 |
+ CMS.debug("EnrollProfile: setDefaultCertInfo: authority.getIssuerObj() is null, creating new CertificateIssuerName");
|
|
|
eb29d7 |
+ info.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
+ new CertificateIssuerName(issuerName));
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
info.set(X509CertInfo.KEY,
|
|
|
eb29d7 |
new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
|
|
|
eb29d7 |
info.set(X509CertInfo.SUBJECT,
|
|
|
eb29d7 |
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
eb29d7 |
index ede632e..22f0929 100644
|
|
|
eb29d7 |
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
eb29d7 |
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
eb29d7 |
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
eb29d7 |
|
|
|
eb29d7 |
import netscape.security.pkcs.PKCS10;
|
|
|
eb29d7 |
import netscape.security.x509.CertificateExtensions;
|
|
|
eb29d7 |
+import netscape.security.x509.CertificateIssuerName;
|
|
|
eb29d7 |
import netscape.security.x509.X500Name;
|
|
|
eb29d7 |
import netscape.security.x509.X509CertImpl;
|
|
|
eb29d7 |
import netscape.security.x509.X509CertInfo;
|
|
|
eb29d7 |
@@ -390,6 +391,7 @@ public class CertUtil {
|
|
|
eb29d7 |
cr = ca.getCertificateRepository();
|
|
|
eb29d7 |
BigInteger serialNo = cr.getNextSerialNumber();
|
|
|
eb29d7 |
if (type.equals("selfsign")) {
|
|
|
eb29d7 |
+ CMS.debug("Creating local certificate... selfsign cert");
|
|
|
eb29d7 |
CMS.debug("Creating local certificate... issuerdn=" + dn);
|
|
|
eb29d7 |
CMS.debug("Creating local certificate... dn=" + dn);
|
|
|
eb29d7 |
info = CryptoUtil.createX509CertInfo(x509key, serialNo, dn, dn, date, date, keyAlgorithm);
|
|
|
eb29d7 |
@@ -397,8 +399,18 @@ public class CertUtil {
|
|
|
eb29d7 |
String issuerdn = config.getString("preop.cert.signing.dn", "");
|
|
|
eb29d7 |
CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
|
|
|
eb29d7 |
CMS.debug("Creating local certificate... dn=" + dn);
|
|
|
eb29d7 |
-
|
|
|
eb29d7 |
- info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
|
|
|
eb29d7 |
+ if (ca.getIssuerObj() != null) {
|
|
|
eb29d7 |
+ // this ensures the isserDN has the same encoding as the
|
|
|
eb29d7 |
+ // subjectDN of the CA signing cert
|
|
|
eb29d7 |
+ CMS.debug("Creating local certificate... setting issuerDN using exact CA signing cert subjectDN encoding");
|
|
|
eb29d7 |
+ CertificateIssuerName issuerdnObj =
|
|
|
eb29d7 |
+ ca.getIssuerObj();
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
+ info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdnObj, dn, date, date, keyAlgorithm);
|
|
|
eb29d7 |
+ } else {
|
|
|
eb29d7 |
+ CMS.debug("Creating local certificate... ca.getIssuerObj() is null, creating new CertificateIssuerName");
|
|
|
eb29d7 |
+ info = CryptoUtil.createX509CertInfo(x509key, serialNo, issuerdn, dn, date, date, keyAlgorithm);
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
CMS.debug("Cert Template: " + info.toString());
|
|
|
eb29d7 |
|
|
|
eb29d7 |
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
|
|
|
eb29d7 |
index 5e8e323..c87ebb1 100644
|
|
|
eb29d7 |
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
|
|
|
eb29d7 |
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
|
|
|
eb29d7 |
@@ -1050,14 +1050,28 @@ public class CryptoUtil {
|
|
|
eb29d7 |
CertificateException,
|
|
|
eb29d7 |
InvalidKeyException,
|
|
|
eb29d7 |
NoSuchAlgorithmException {
|
|
|
eb29d7 |
+ CertificateIssuerName issuernameObj =
|
|
|
eb29d7 |
+ new CertificateIssuerName(new X500Name(issuername));
|
|
|
eb29d7 |
+ return createX509CertInfo(x509key, serialno, issuernameObj, subjname, notBefore, notAfter, alg);
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
+ public static X509CertInfo createX509CertInfo(X509Key x509key,
|
|
|
eb29d7 |
+ BigInteger serialno, CertificateIssuerName issuernameObj, String subjname,
|
|
|
eb29d7 |
+ Date notBefore, Date notAfter, String alg)
|
|
|
eb29d7 |
+ throws IOException,
|
|
|
eb29d7 |
+ CertificateException,
|
|
|
eb29d7 |
+ InvalidKeyException,
|
|
|
eb29d7 |
+ NoSuchAlgorithmException {
|
|
|
eb29d7 |
X509CertInfo info = new X509CertInfo();
|
|
|
eb29d7 |
|
|
|
eb29d7 |
info.set(X509CertInfo.VERSION, new
|
|
|
eb29d7 |
CertificateVersion(CertificateVersion.V3));
|
|
|
eb29d7 |
info.set(X509CertInfo.SERIAL_NUMBER, new
|
|
|
eb29d7 |
CertificateSerialNumber(serialno));
|
|
|
eb29d7 |
- info.set(X509CertInfo.ISSUER, new
|
|
|
eb29d7 |
- CertificateIssuerName(new X500Name(issuername)));
|
|
|
eb29d7 |
+ if (issuernameObj != null) {
|
|
|
eb29d7 |
+ info.set(X509CertInfo.ISSUER,
|
|
|
eb29d7 |
+ issuernameObj);
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
info.set(X509CertInfo.SUBJECT, new
|
|
|
eb29d7 |
CertificateSubjectName(new X500Name(subjname)));
|
|
|
eb29d7 |
info.set(X509CertInfo.VALIDITY, new
|
|
|
eb29d7 |
diff --git a/base/util/src/netscape/security/x509/X509CertImpl.java b/base/util/src/netscape/security/x509/X509CertImpl.java
|
|
|
eb29d7 |
index 111cd3b..a021ee1 100755
|
|
|
eb29d7 |
--- a/base/util/src/netscape/security/x509/X509CertImpl.java
|
|
|
eb29d7 |
+++ b/base/util/src/netscape/security/x509/X509CertImpl.java
|
|
|
eb29d7 |
@@ -725,6 +725,10 @@ public class X509CertImpl extends X509Certificate
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ public CertificateSubjectName getSubjectObj() {
|
|
|
eb29d7 |
+ return info.getSubjectObj();
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
/**
|
|
|
eb29d7 |
* Gets the issuer distinguished name from the certificate.
|
|
|
eb29d7 |
*
|
|
|
eb29d7 |
@@ -743,6 +747,10 @@ public class X509CertImpl extends X509Certificate
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ public CertificateIssuerName getIssuerObj() {
|
|
|
eb29d7 |
+ return info.getIssuerObj();
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
/**
|
|
|
eb29d7 |
* Gets the notBefore date from the validity period of the certificate.
|
|
|
eb29d7 |
*
|
|
|
eb29d7 |
diff --git a/base/util/src/netscape/security/x509/X509CertInfo.java b/base/util/src/netscape/security/x509/X509CertInfo.java
|
|
|
eb29d7 |
index 2ad17eb..29757ec 100644
|
|
|
eb29d7 |
--- a/base/util/src/netscape/security/x509/X509CertInfo.java
|
|
|
eb29d7 |
+++ b/base/util/src/netscape/security/x509/X509CertInfo.java
|
|
|
eb29d7 |
@@ -873,6 +873,10 @@ public class X509CertInfo implements CertAttrSet, Serializable {
|
|
|
eb29d7 |
issuer = (CertificateIssuerName) val;
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ public CertificateIssuerName getIssuerObj() {
|
|
|
eb29d7 |
+ return issuer;
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
/**
|
|
|
eb29d7 |
* Set the validity interval of the certificate.
|
|
|
eb29d7 |
*
|
|
|
eb29d7 |
@@ -901,6 +905,10 @@ public class X509CertInfo implements CertAttrSet, Serializable {
|
|
|
eb29d7 |
subject = (CertificateSubjectName) val;
|
|
|
eb29d7 |
}
|
|
|
eb29d7 |
|
|
|
eb29d7 |
+ public CertificateSubjectName getSubjectObj() {
|
|
|
eb29d7 |
+ return subject;
|
|
|
eb29d7 |
+ }
|
|
|
eb29d7 |
+
|
|
|
eb29d7 |
/**
|
|
|
eb29d7 |
* Set the public key in the certificate.
|
|
|
eb29d7 |
*
|
|
|
eb29d7 |
--
|
|
|
eb29d7 |
1.8.3.1
|
|
|
eb29d7 |
|