Loading projects/cadcCDP/src/ca/nrc/cadc/cred/CertUtil.java +13 −12 Original line number Diff line number Diff line Loading @@ -44,15 +44,16 @@ import ca.nrc.cadc.auth.X509CertificateChain; public class CertUtil { public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256WITHRSA"; public static final int DEFAULT_KEY_LENGTH = 1024; /** * Method that generates an X509 proxy certificate * * @param csr * CSR for the certificate * @param lifetime * lifetime of the certificate in SECONDS * @param chain * certificate used to sign the proxy certificate * @param csr CSR for the certificate * @param lifetime lifetime of the certificate in SECONDS * @param chain certificate used to sign the proxy certificate * @return generated proxy certificate * @throws NoSuchAlgorithmException * @throws NoSuchProviderException Loading Loading @@ -135,19 +136,19 @@ public class CertUtil } certGen.setPublicKey(csr.getPublicKey()); certGen.setSignatureAlgorithm(issuerCert.getSigAlgName()); // TODO: should be able to get signature algorithm from the csr, but... obtuse certGen.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM); // extensions // add ProxyCertInfo extension to the new cert certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(csr.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, Loading projects/cadcCDP/src/ca/nrc/cadc/cred/client/CredPublicClient.java +2 −2 Original line number Diff line number Diff line Loading @@ -105,8 +105,8 @@ public class CredPublicClient case HttpURLConnection.HTTP_CREATED: String location = connection.getHeaderField("Location"); X509Certificate cert = generateV3Certificate( readCSR(getEncodedCSR(location, userDN) .getBytes()), days * 24 * 60 * 60); readCSR(getEncodedCSR(location, userDN).getBytes()), days * 24 * 60 * 60); X509Certificate[] chain = createProxyCertChain(cert); putSignedCert(location, chain, userDN); Loading Loading
projects/cadcCDP/src/ca/nrc/cadc/cred/CertUtil.java +13 −12 Original line number Diff line number Diff line Loading @@ -44,15 +44,16 @@ import ca.nrc.cadc.auth.X509CertificateChain; public class CertUtil { public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256WITHRSA"; public static final int DEFAULT_KEY_LENGTH = 1024; /** * Method that generates an X509 proxy certificate * * @param csr * CSR for the certificate * @param lifetime * lifetime of the certificate in SECONDS * @param chain * certificate used to sign the proxy certificate * @param csr CSR for the certificate * @param lifetime lifetime of the certificate in SECONDS * @param chain certificate used to sign the proxy certificate * @return generated proxy certificate * @throws NoSuchAlgorithmException * @throws NoSuchProviderException Loading Loading @@ -135,19 +136,19 @@ public class CertUtil } certGen.setPublicKey(csr.getPublicKey()); certGen.setSignatureAlgorithm(issuerCert.getSigAlgName()); // TODO: should be able to get signature algorithm from the csr, but... obtuse certGen.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM); // extensions // add ProxyCertInfo extension to the new cert certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(csr.getPublicKey("BC"))); certGen.addExtension(X509Extensions.BasicConstraints, true, Loading
projects/cadcCDP/src/ca/nrc/cadc/cred/client/CredPublicClient.java +2 −2 Original line number Diff line number Diff line Loading @@ -105,8 +105,8 @@ public class CredPublicClient case HttpURLConnection.HTTP_CREATED: String location = connection.getHeaderField("Location"); X509Certificate cert = generateV3Certificate( readCSR(getEncodedCSR(location, userDN) .getBytes()), days * 24 * 60 * 60); readCSR(getEncodedCSR(location, userDN).getBytes()), days * 24 * 60 * 60); X509Certificate[] chain = createProxyCertChain(cert); putSignedCert(location, chain, userDN); Loading
