From 833c060b26756a17d0b85a19846888d71e4bdd5d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 24 Jul 2019 17:46:30 -0500
Subject: [PATCH] Fixed missing SAN extension for CA clone
The CertUtil.buildSANSSLserverURLExtension() has been modified
to include SAN parameters in the request to generate the SSL
server certificate for CA clone.
https://bugzilla.redhat.com/show_bug.cgi?id=1732637
---
.../src/com/netscape/cms/servlet/csadmin/CertUtil.java | 16 +++++++---------
.../netscape/cms/servlet/csadmin/ConfigurationUtils.java | 16 ++++++++--------
2 files changed, 15 insertions(+), 17 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 12d4ac1..e77be32 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -228,34 +228,32 @@ public class CertUtil {
// embed a certificate extension into
// a PKCS #10 certificate request.
//
- public static String buildSANSSLserverURLExtension(IConfigStore config)
+ public static void buildSANSSLserverURLExtension(IConfigStore config, MultivaluedMap<String, String> content)
throws Exception {
- String url = "";
- String entries = "";
CMS.debug("CertUtil: buildSANSSLserverURLExtension() " +
"building SAN SSL Server Certificate URL extension . . .");
- int i = 0;
+
if (config == null) {
throw new EBaseException("injectSANextensionIntoRequest: parameter config cannot be null");
}
+
String sanHostnames = config.getString("service.sslserver.san");
String sans[] = StringUtils.split(sanHostnames, ",");
+
+ int i = 0;
for (String san : sans) {
CMS.debug("CertUtil: buildSANSSLserverURLExtension() processing " +
"SAN hostname: " + san);
// Add the DNSName for all SANs
- entries = entries +
- "&req_san_pattern_" + i + "=" + san;
+ content.putSingle("req_san_pattern_" + i, san);
i++;
}
- url = "&req_san_entries=" + i + entries;
+ content.putSingle("req_san_entries", "" + i);
CMS.debug("CertUtil: buildSANSSLserverURLExtension() " + "placed " +
i + " SAN entries into SSL Server Certificate URL.");
-
- return url;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index cc65c78..5395b06 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -2685,16 +2685,9 @@ public class ConfigurationUtils {
} catch (Exception ee) {
}
- String sslserver_extension = "";
- Boolean injectSAN = config.getBoolean("service.injectSAN", false);
- CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
-
- if (certTag.equals("sslserver") && injectSAN == true) {
- sslserver_extension = CertUtil.buildSANSSLserverURLExtension(config);
- }
-
MultivaluedMap<String, String> content = new MultivaluedHashMap<String, String>();
content.putSingle("requestor_name", sysType + "-" + machineName + "-" + securePort);
+
//Get the correct profile id to send in case it's sslserver type:
CMS.debug("configRemoteCert: tag: " + certTag + " : setting profileId to: " + profileId);
String actualProfileId = request.getSystemCertProfileID(certTag, profileId);
@@ -2706,6 +2699,13 @@ public class ConfigurationUtils {
content.putSingle("xmlOutput", "true");
content.putSingle("sessionID", session_id);
+ Boolean injectSAN = config.getBoolean("service.injectSAN", false);
+ CMS.debug("ConfigurationUtils: injectSAN: " + injectSAN);
+
+ if (certTag.equals("sslserver") && injectSAN) {
+ CertUtil.buildSANSSLserverURLExtension(config, content);
+ }
+
cert = CertUtil.createRemoteCert(ca_hostname, ca_port, content, response);
if (cert == null) {
--
1.8.3.1