Commit e08055a5 authored by André Berenguel's avatar André Berenguel Committed by Guus der Kinderen

Self-Signed certificates are created only with CN in the SubjectDN

Conflicts:
	src/java/org/jivesoftware/openfire/keystore/IdentityStore.java
parent 234bb479
...@@ -403,7 +403,6 @@ public class IdentityStore extends CertificateStore ...@@ -403,7 +403,6 @@ public class IdentityStore extends CertificateStore
final String name = JiveGlobals.getProperty( "xmpp.domain" ).toLowerCase(); final String name = JiveGlobals.getProperty( "xmpp.domain" ).toLowerCase();
final String alias = name + "_" + algorithm.toLowerCase(); final String alias = name + "_" + algorithm.toLowerCase();
final String distinctName = "cn=" + name;
final int validityInDays = 5*365; final int validityInDays = 5*365;
Log.info( "Generating a new private key and corresponding self-signed certificate for domain name '{}', using the {} algorithm (sign-algorithm: {} with a key size of {} bits). Certificate will be valid for {} days.", name, algorithm, signAlgorithm, keySize, validityInDays ); Log.info( "Generating a new private key and corresponding self-signed certificate for domain name '{}', using the {} algorithm (sign-algorithm: {} with a key size of {} bits). Certificate will be valid for {} days.", name, algorithm, signAlgorithm, keySize, validityInDays );
...@@ -413,7 +412,7 @@ public class IdentityStore extends CertificateStore ...@@ -413,7 +412,7 @@ public class IdentityStore extends CertificateStore
final KeyPair keyPair = generateKeyPair( algorithm.toUpperCase(), keySize ); final KeyPair keyPair = generateKeyPair( algorithm.toUpperCase(), keySize );
// Create X509 certificate with keys and specified domain // Create X509 certificate with keys and specified domain
final X509Certificate cert = CertificateManager.createX509V3Certificate( keyPair, validityInDays, distinctName, distinctName, name, signAlgorithm ); final X509Certificate cert = CertificateManager.createX509V3Certificate( keyPair, validityInDays, name, name, name, signAlgorithm );
// Store new certificate and private key in the key store // Store new certificate and private key in the key store
store.setKeyEntry( alias, keyPair.getPrivate(), configuration.getPassword(), new X509Certificate[]{cert} ); store.setKeyEntry( alias, keyPair.getPrivate(), configuration.getPassword(), new X509Certificate[]{cert} );
......
...@@ -970,16 +970,16 @@ public class CertificateManager { ...@@ -970,16 +970,16 @@ public class CertificateManager {
* *
* @param kp KeyPair that keeps the public and private keys for the new certificate. * @param kp KeyPair that keeps the public and private keys for the new certificate.
* @param days time to live * @param days time to live
* @param issuerDN Issuer string e.g "O=Grid,OU=OGSA,CN=ACME" * @param issuerCommonName Issuer CN string
* @param subjectDN Subject string e.g "O=Grid,OU=OGSA,CN=John Doe" * @param subjectCommonName Subject CN string
* @param domain Domain of the server. * @param domain Domain of the server.
* @param signAlgoritm Signature algorithm. This can be either a name or an OID. * @param signAlgoritm Signature algorithm. This can be either a name or an OID.
* @return X509 V3 Certificate * @return X509 V3 Certificate
* @throws GeneralSecurityException * @throws GeneralSecurityException
* @throws IOException * @throws IOException
*/ */
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, String issuerDN, public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, String issuerCommonName,
String subjectDN, String domain, String subjectCommonName, String domain,
String signAlgoritm) String signAlgoritm)
throws GeneralSecurityException, IOException { throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic(); PublicKey pubKey = kp.getPublic();
...@@ -993,11 +993,11 @@ public class CertificateManager { ...@@ -993,11 +993,11 @@ public class CertificateManager {
// subjectDN // subjectDN
X500NameBuilder subjectBuilder = new X500NameBuilder(); X500NameBuilder subjectBuilder = new X500NameBuilder();
subjectBuilder.addRDN(BCStyle.CN, subjectDN); subjectBuilder.addRDN(BCStyle.CN, subjectCommonName);
// issuerDN // issuerDN
X500NameBuilder issuerBuilder = new X500NameBuilder(); X500NameBuilder issuerBuilder = new X500NameBuilder();
issuerBuilder.addRDN(BCStyle.CN, issuerDN); issuerBuilder.addRDN(BCStyle.CN, issuerCommonName);
// builder // builder
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( // JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( //
...@@ -1010,7 +1010,7 @@ public class CertificateManager { ...@@ -1010,7 +1010,7 @@ public class CertificateManager {
); );
// add subjectAlternativeName extension // add subjectAlternativeName extension
boolean critical = subjectDN == null || "".equals(subjectDN.trim()); boolean critical = subjectCommonName == null || "".equals(subjectCommonName.trim());
ASN1Sequence othernameSequence = new DERSequence(new ASN1Encodable[]{ ASN1Sequence othernameSequence = new DERSequence(new ASN1Encodable[]{
new ASN1ObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERTaggedObject(true, 0, new DERUTF8String(domain))}); new ASN1ObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERTaggedObject(true, 0, new DERUTF8String(domain))});
GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence); GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment