You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by xy...@apache.org on 2020/10/19 20:08:59 UTC
[hadoop-ozone] branch master updated: HDDS-4301. SCM CA certificate
does not encode KeyUsage extension properly (#1468)
This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 049793d HDDS-4301. SCM CA certificate does not encode KeyUsage extension properly (#1468)
049793d is described below
commit 049793ddabe895532c95d0af0ca3de9ec940066a
Author: Xiaoyu Yao <xy...@apache.org>
AuthorDate: Mon Oct 19 13:08:45 2020 -0700
HDDS-4301. SCM CA certificate does not encode KeyUsage extension properly (#1468)
---
.../hdds/security/x509/certificates/utils/CertificateSignRequest.java | 2 +-
.../hdds/security/x509/certificates/utils/SelfSignedCertificate.java | 4 +---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java
index f740e43..bee64e1 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java
@@ -265,7 +265,7 @@ public final class CertificateSignRequest {
}
KeyUsage keyUsage = new KeyUsage(keyUsageFlag);
return new Extension(Extension.keyUsage, true,
- new DEROctetString(keyUsage));
+ keyUsage.getEncoded());
}
private Optional<Extension> getSubjectAltNameExtension() throws
diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java
index a7edfde..daf0e26 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java
@@ -42,7 +42,6 @@ import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
@@ -145,8 +144,7 @@ public final class SelfSignedCertificate {
new BasicConstraints(true));
int keyUsageFlag = KeyUsage.keyCertSign | KeyUsage.cRLSign;
KeyUsage keyUsage = new KeyUsage(keyUsageFlag);
- builder.addExtension(Extension.keyUsage, false,
- new DEROctetString(keyUsage));
+ builder.addExtension(Extension.keyUsage, true, keyUsage);
if (altNames != null && altNames.size() >= 1) {
builder.addExtension(new Extension(Extension.subjectAlternativeName,
false, new GeneralNames(altNames.toArray(
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-commits-help@hadoop.apache.org