rpms / pki-core

Clone
Source Code
GIT

Blame SOURCES/pki-core-Fixed-Missing-SAN-extension-for-CA-Clone.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   feffdcb751cdb156e811d468951b4a97ef42a048
  2.   SOURCES
  3.   pki-core-Fixed-Missing-SAN-extension-for-CA-Clone.patch
Blob History Raw
abcaba 
From 833c060b26756a17d0b85a19846888d71e4bdd5d Mon Sep 17 00:00:00 2001
abcaba 
From: "Endi S. Dewata" <edewata@redhat.com>
abcaba 
Date: Wed, 24 Jul 2019 17:46:30 -0500
abcaba 
Subject: [PATCH] Fixed missing SAN extension for CA clone
abcaba
abcaba 
The CertUtil.buildSANSSLserverURLExtension() has been modified
abcaba 
to include SAN parameters in the request to generate the SSL
abcaba 
server certificate for CA clone.
abcaba
abcaba 
https://bugzilla.redhat.com/show_bug.cgi?id=1732637
abcaba 
---
abcaba 
 .../src/com/netscape/cms/servlet/csadmin/CertUtil.java   | 16 +++++++---------
abcaba 
 .../netscape/cms/servlet/csadmin/ConfigurationUtils.java | 16 ++++++++--------
abcaba 
 2 files changed, 15 insertions(+), 17 deletions(-)
abcaba
abcaba 
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
abcaba 
index 12d4ac1..e77be32 100644
abcaba 
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
abcaba 
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
abcaba 
@@ -228,34 +228,32 @@ public class CertUtil {
abcaba 
     //              embed a certificate extension into
abcaba 
     //              a PKCS #10 certificate request.
abcaba 
     //
abcaba 
-    public static String buildSANSSLserverURLExtension(IConfigStore config)
abcaba 
+    public static void buildSANSSLserverURLExtension(IConfigStore config, MultivaluedMap<String, String> content)
abcaba 
            throws Exception {
abcaba 
-        String url = "";
abcaba 
-        String entries = "";
abcaba
abcaba 
         CMS.debug("CertUtil: buildSANSSLserverURLExtension() " +
abcaba 
                   "building SAN SSL Server Certificate URL extension . . .");
abcaba 
-        int i = 0;
abcaba 
+
abcaba 
         if (config == null) {
abcaba 
             throw new EBaseException("injectSANextensionIntoRequest: parameter config cannot be null");
abcaba 
         }
abcaba 
+
abcaba 
         String sanHostnames = config.getString("service.sslserver.san");
abcaba 
         String sans[] = StringUtils.split(sanHostnames, ",");
abcaba 
+
abcaba 
+        int i = 0;
abcaba 
         for (String san : sans) {
abcaba 
             CMS.debug("CertUtil: buildSANSSLserverURLExtension() processing " +
abcaba 
                       "SAN hostname: " + san);
abcaba 
             // Add the DNSName for all SANs
abcaba 
-            entries = entries +
abcaba 
-                      "&req_san_pattern_" + i + "=" + san;
abcaba 
+            content.putSingle("req_san_pattern_" + i, san);
abcaba 
             i++;
abcaba 
         }
abcaba
abcaba 
-        url = "&req_san_entries=" + i + entries;
abcaba 
+        content.putSingle("req_san_entries", "" + i);
abcaba
abcaba 
         CMS.debug("CertUtil: buildSANSSLserverURLExtension() " + "placed " +
abcaba 
                   i + " SAN entries into SSL Server Certificate URL.");
abcaba 
-
abcaba 
-        return url;
abcaba 
     }
abcaba
abcaba
abcaba 
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
abcaba 
index cc65c78..5395b06 100644
abcaba 
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
abcaba 
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
abcaba 
@@ -2685,16 +2685,9 @@ public class ConfigurationUtils {
abcaba 
             } catch (Exception ee) {
abcaba 
             }
abcaba
abcaba 
-            String sslserver_extension = "";
abcaba 
-            Boolean injectSAN = config.getBoolean("service.injectSAN", false);
abcaba 
-            CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
abcaba 
-
abcaba 
-            if (certTag.equals("sslserver") && injectSAN == true) {
abcaba 
-                sslserver_extension = CertUtil.buildSANSSLserverURLExtension(config);
abcaba 
-            }
abcaba 
-
abcaba 
             MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
abcaba 
             content.putSingle("requestor_name", sysType + "-" + machineName + "-" + securePort);
abcaba 
+
abcaba 
             //Get the correct profile id to send in case it's sslserver type:
abcaba 
             CMS.debug("configRemoteCert: tag: " + certTag + " : setting profileId to: " + profileId);
abcaba 
             String actualProfileId = request.getSystemCertProfileID(certTag, profileId);
abcaba 
@@ -2706,6 +2699,13 @@ public class ConfigurationUtils {
abcaba 
             content.putSingle("xmlOutput", "true");
abcaba 
             content.putSingle("sessionID", session_id);
abcaba
abcaba 
+            Boolean injectSAN = config.getBoolean("service.injectSAN", false);
abcaba 
+            CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
abcaba 
+
abcaba 
+            if (certTag.equals("sslserver") && injectSAN) {
abcaba 
+                CertUtil.buildSANSSLserverURLExtension(config, content);
abcaba 
+            }
abcaba 
+
abcaba 
             cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response);
abcaba
abcaba 
             if (cert == null) {
abcaba 
--
abcaba 
1.8.3.1
abcaba

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation