|
|
abcaba |
From 833c060b26756a17d0b85a19846888d71e4bdd5d Mon Sep 17 00:00:00 2001
|
|
|
abcaba |
From: "Endi S. Dewata" <edewata@redhat.com>
|
|
|
abcaba |
Date: Wed, 24 Jul 2019 17:46:30 -0500
|
|
|
abcaba |
Subject: [PATCH] Fixed missing SAN extension for CA clone
|
|
|
abcaba |
|
|
|
abcaba |
The CertUtil.buildSANSSLserverURLExtension() has been modified
|
|
|
abcaba |
to include SAN parameters in the request to generate the SSL
|
|
|
abcaba |
server certificate for CA clone.
|
|
|
abcaba |
|
|
|
abcaba |
https://bugzilla.redhat.com/show_bug.cgi?id=1732637
|
|
|
abcaba |
---
|
|
|
abcaba |
.../src/com/netscape/cms/servlet/csadmin/CertUtil.java | 16 +++++++---------
|
|
|
abcaba |
.../netscape/cms/servlet/csadmin/ConfigurationUtils.java | 16 ++++++++--------
|
|
|
abcaba |
2 files changed, 15 insertions(+), 17 deletions(-)
|
|
|
abcaba |
|
|
|
abcaba |
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
abcaba |
index 12d4ac1..e77be32 100644
|
|
|
abcaba |
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
abcaba |
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
|
|
|
abcaba |
@@ -228,34 +228,32 @@ public class CertUtil {
|
|
|
abcaba |
// embed a certificate extension into
|
|
|
abcaba |
// a PKCS #10 certificate request.
|
|
|
abcaba |
//
|
|
|
abcaba |
- public static String buildSANSSLserverURLExtension(IConfigStore config)
|
|
|
abcaba |
+ public static void buildSANSSLserverURLExtension(IConfigStore config, MultivaluedMap<String, String> content)
|
|
|
abcaba |
throws Exception {
|
|
|
abcaba |
- String url = "";
|
|
|
abcaba |
- String entries = "";
|
|
|
abcaba |
|
|
|
abcaba |
CMS.debug("CertUtil: buildSANSSLserverURLExtension() " +
|
|
|
abcaba |
"building SAN SSL Server Certificate URL extension . . .");
|
|
|
abcaba |
- int i = 0;
|
|
|
abcaba |
+
|
|
|
abcaba |
if (config == null) {
|
|
|
abcaba |
throw new EBaseException("injectSANextensionIntoRequest: parameter config cannot be null");
|
|
|
abcaba |
}
|
|
|
abcaba |
+
|
|
|
abcaba |
String sanHostnames = config.getString("service.sslserver.san");
|
|
|
abcaba |
String sans[] = StringUtils.split(sanHostnames, ",");
|
|
|
abcaba |
+
|
|
|
abcaba |
+ int i = 0;
|
|
|
abcaba |
for (String san : sans) {
|
|
|
abcaba |
CMS.debug("CertUtil: buildSANSSLserverURLExtension() processing " +
|
|
|
abcaba |
"SAN hostname: " + san);
|
|
|
abcaba |
// Add the DNSName for all SANs
|
|
|
abcaba |
- entries = entries +
|
|
|
abcaba |
- "&req_san_pattern_" + i + "=" + san;
|
|
|
abcaba |
+ content.putSingle("req_san_pattern_" + i, san);
|
|
|
abcaba |
i++;
|
|
|
abcaba |
}
|
|
|
abcaba |
|
|
|
abcaba |
- url = "&req_san_entries=" + i + entries;
|
|
|
abcaba |
+ content.putSingle("req_san_entries", "" + i);
|
|
|
abcaba |
|
|
|
abcaba |
CMS.debug("CertUtil: buildSANSSLserverURLExtension() " + "placed " +
|
|
|
abcaba |
i + " SAN entries into SSL Server Certificate URL.");
|
|
|
abcaba |
-
|
|
|
abcaba |
- return url;
|
|
|
abcaba |
}
|
|
|
abcaba |
|
|
|
abcaba |
|
|
|
abcaba |
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
abcaba |
index cc65c78..5395b06 100644
|
|
|
abcaba |
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
abcaba |
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
|
|
|
abcaba |
@@ -2685,16 +2685,9 @@ public class ConfigurationUtils {
|
|
|
abcaba |
} catch (Exception ee) {
|
|
|
abcaba |
}
|
|
|
abcaba |
|
|
|
abcaba |
- String sslserver_extension = "";
|
|
|
abcaba |
- Boolean injectSAN = config.getBoolean("service.injectSAN", false);
|
|
|
abcaba |
- CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
|
|
|
abcaba |
-
|
|
|
abcaba |
- if (certTag.equals("sslserver") && injectSAN == true) {
|
|
|
abcaba |
- sslserver_extension = CertUtil.buildSANSSLserverURLExtension(config);
|
|
|
abcaba |
- }
|
|
|
abcaba |
-
|
|
|
abcaba |
MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
|
|
|
abcaba |
content.putSingle("requestor_name", sysType + "-" + machineName + "-" + securePort);
|
|
|
abcaba |
+
|
|
|
abcaba |
//Get the correct profile id to send in case it's sslserver type:
|
|
|
abcaba |
CMS.debug("configRemoteCert: tag: " + certTag + " : setting profileId to: " + profileId);
|
|
|
abcaba |
String actualProfileId = request.getSystemCertProfileID(certTag, profileId);
|
|
|
abcaba |
@@ -2706,6 +2699,13 @@ public class ConfigurationUtils {
|
|
|
abcaba |
content.putSingle("xmlOutput", "true");
|
|
|
abcaba |
content.putSingle("sessionID", session_id);
|
|
|
abcaba |
|
|
|
abcaba |
+ Boolean injectSAN = config.getBoolean("service.injectSAN", false);
|
|
|
abcaba |
+ CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
|
|
|
abcaba |
+
|
|
|
abcaba |
+ if (certTag.equals("sslserver") && injectSAN) {
|
|
|
abcaba |
+ CertUtil.buildSANSSLserverURLExtension(config, content);
|
|
|
abcaba |
+ }
|
|
|
abcaba |
+
|
|
|
abcaba |
cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response);
|
|
|
abcaba |
|
|
|
abcaba |
if (cert == null) {
|
|
|
abcaba |
--
|
|
|
abcaba |
1.8.3.1
|
|
|
abcaba |
|