kwart commented on a change in pull request #40:
URL: https://github.com/apache/directory-server/pull/40#discussion_r487700355
##########
File path: core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java
##########
@@ -81,94 +75,33 @@ private CertificateUtil()
// Nothing to do
}
-
- private static void setInfo( X509CertInfo info, X500Name subject, X500Name issuer, KeyPair
keyPair, int days,
- String algoStr, boolean isCA )
- throws CertificateException, IOException, NoSuchAlgorithmException
+ public static X509Certificate generateX509Certificate( X500Principal subjectDn, X500Principal
issuerDn, KeyPair keyPair,
+ long daysValidity, String sigAlgorithm, boolean isCa )
+ throws CertificateException
{
- Date from = new Date();
- Date to = new Date( from.getTime() + days * 86_400_000L );
- CertificateValidity interval = new CertificateValidity( from, to );
-
- // Feed the certificate info structure
- // version [0] EXPLICIT Version DEFAULT v1
- // Version ::= INTEGER { v1(0), v2(1), v3(2) }
- info.set( X509CertInfo.VERSION, new CertificateVersion( CertificateVersion.V3 ) );
-
- // serialNumber CertificateSerialNumber
- // CertificateSerialNumber ::= INTEGER
+ Instant from = Instant.now();
+ Instant to = from.plus( Duration.ofDays( daysValidity ) );
BigInteger serialNumber = new BigInteger( 64, new SecureRandom() );
- info.set( X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( serialNumber )
);
-
- // signature AlgorithmIdentifier
- AlgorithmId algo = AlgorithmId.get( algoStr );
- info.set( X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( algo ) );
-
- // issuer Name
- // Name ::= CHOICE {
- // RDNSequence }
- // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- // RelativeDistinguishedName ::=
- // SET OF AttributeTypeAndValue
- // AttributeTypeAndValue ::= SEQUENCE {
- // type AttributeType,
- // value AttributeValue }
- // AttributeType ::= OBJECT IDENTIFIER
- // AttributeValue ::= ANY DEFINED BY AttributeType
- info.set( X509CertInfo.ISSUER, issuer );
-
- // validity Validity,
- // Validity ::= SEQUENCE {
- // notBefore Time,
- // notAfter Time }
- info.set( X509CertInfo.VALIDITY, interval );
-
- // subject Name
- // Name ::= CHOICE {
- // RDNSequence }
- // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- // RelativeDistinguishedName ::=
- // SET OF AttributeTypeAndValue
- // AttributeTypeAndValue ::= SEQUENCE {
- // type AttributeType,
- // value AttributeValue }
- // AttributeType ::= OBJECT IDENTIFIER
- // AttributeValue ::= ANY DEFINED BY AttributeType
- info.set( X509CertInfo.SUBJECT, subject );
-
- // subjectPublicKeyInfo SubjectPublicKeyInfo,
- // SubjectPublicKeyInfo ::= SEQUENCE {
- // algorithm AlgorithmIdentifier,
- // subjectPublicKey BIT STRING }
- info.set( X509CertInfo.KEY, new CertificateX509Key( keyPair.getPublic() ) );
-
- // Extensions. Basically, a subjectAltName and a Basic-Constraint
- CertificateExtensions extensions = new CertificateExtensions();
-
- // SubjectAltName
- GeneralNames names = new GeneralNames();
- names.add( new GeneralName( new DNSName( InetAddress.getLocalHost().getHostName()
) ) );
- String ipAddress = InetAddress.getLocalHost().getHostAddress();
- names.add( new GeneralName( new IPAddressName( ipAddress ) ) );
Review comment:
Added the SAN extension in the new commit.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
|