directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [directory-server] kwart commented on a change in pull request #40: DIRSERVER-2326 Use Bouncy Castle to generate certificates
Date Mon, 14 Sep 2020 07:20:41 GMT

kwart commented on a change in pull request #40:
URL: https://github.com/apache/directory-server/pull/40#discussion_r487700355



##########
File path: core/src/main/java/org/apache/directory/server/core/security/CertificateUtil.java
##########
@@ -81,94 +75,33 @@ private CertificateUtil()
         // Nothing to do
     }
     
-    
-    private static void setInfo( X509CertInfo info, X500Name subject, X500Name issuer, KeyPair
keyPair, int days, 
-        String algoStr, boolean isCA ) 
-        throws CertificateException, IOException, NoSuchAlgorithmException
+    public static X509Certificate generateX509Certificate( X500Principal subjectDn, X500Principal
issuerDn, KeyPair keyPair,
+            long daysValidity, String sigAlgorithm, boolean isCa )
+                    throws CertificateException
     {
-        Date from = new Date();
-        Date to = new Date( from.getTime() + days * 86_400_000L );
-        CertificateValidity interval = new CertificateValidity( from, to );
-
-        // Feed the certificate info structure
-        // version         [0]  EXPLICIT Version DEFAULT v1
-        // Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
-        info.set( X509CertInfo.VERSION, new CertificateVersion( CertificateVersion.V3 ) );
-        
-        // serialNumber         CertificateSerialNumber
-        // CertificateSerialNumber  ::=  INTEGER
+        Instant from = Instant.now();
+        Instant to = from.plus( Duration.ofDays( daysValidity ) );
         BigInteger serialNumber = new BigInteger( 64, new SecureRandom() );
-        info.set( X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( serialNumber )
);
-
-        // signature            AlgorithmIdentifier
-        AlgorithmId algo = AlgorithmId.get( algoStr );
-        info.set( X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( algo ) );
-
-        // issuer               Name
-        // Name ::= CHOICE {
-        //          RDNSequence }
-        // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-        // RelativeDistinguishedName ::=
-        //          SET OF AttributeTypeAndValue
-        // AttributeTypeAndValue ::= SEQUENCE {
-        //          type     AttributeType,
-        //          value    AttributeValue }
-        // AttributeType ::= OBJECT IDENTIFIER
-        // AttributeValue ::= ANY DEFINED BY AttributeType
-        info.set( X509CertInfo.ISSUER, issuer );
-        
-        // validity             Validity,
-        // Validity ::= SEQUENCE {
-        //          notBefore      Time,
-        //          notAfter       Time }
-        info.set( X509CertInfo.VALIDITY, interval );
-        
-        // subject              Name
-        // Name ::= CHOICE {
-        //          RDNSequence }
-        // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-        // RelativeDistinguishedName ::=
-        //          SET OF AttributeTypeAndValue
-        // AttributeTypeAndValue ::= SEQUENCE {
-        //          type     AttributeType,
-        //          value    AttributeValue }
-        // AttributeType ::= OBJECT IDENTIFIER
-        // AttributeValue ::= ANY DEFINED BY AttributeType
-        info.set( X509CertInfo.SUBJECT, subject );
-        
-        // subjectPublicKeyInfo SubjectPublicKeyInfo,
-        // SubjectPublicKeyInfo  ::=  SEQUENCE  {
-        //          algorithm            AlgorithmIdentifier,
-        //          subjectPublicKey     BIT STRING  }
-        info.set( X509CertInfo.KEY, new CertificateX509Key( keyPair.getPublic() ) );
-
-        // Extensions. Basically, a subjectAltName and a Basic-Constraint 
-        CertificateExtensions extensions = new CertificateExtensions();
-
-        // SubjectAltName
-        GeneralNames names = new GeneralNames();
-        names.add( new GeneralName( new DNSName( InetAddress.getLocalHost().getHostName()
) ) );
-        String ipAddress = InetAddress.getLocalHost().getHostAddress();
-        names.add( new GeneralName( new IPAddressName( ipAddress ) ) );

Review comment:
       Added the SAN extension in the new commit.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org


Mime
View raw message