You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/09/02 10:25:17 UTC
svn commit: r991852 - in
/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security:
CoreKeyStoreSpi.java TlsKeyGenerator.java
Author: kayyagari
Date: Thu Sep 2 08:25:17 2010
New Revision: 991852
URL: http://svn.apache.org/viewvc?rev=991852&view=rev
Log:
o added subject name based on the host name of server (fix for DIRSERVER-1164)
o changed the comparision condition in corekeyspi to use issuer DN instead of subject DN
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java?rev=991852&r1=991851&r2=991852&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/CoreKeyStoreSpi.java Thu Sep 2 08:25:17 2010
@@ -161,7 +161,7 @@ public class CoreKeyStoreSpi extends Key
{
LOG.debug( "Certificate in alias request is X.509 based." );
X509Certificate xcert = ( X509Certificate ) cert;
- if ( xcert.getSubjectDN().toString().equals( TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN ) )
+ if ( xcert.getIssuerDN().toString().equals( TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN ) )
{
return APACHEDS_ALIAS;
}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java?rev=991852&r1=991851&r2=991852&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java Thu Sep 2 08:25:17 2010
@@ -23,6 +23,7 @@ package org.apache.directory.server.core
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
+import java.net.InetAddress;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
@@ -43,8 +44,8 @@ import javax.security.auth.x500.X500Prin
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;
@@ -69,8 +70,10 @@ public class TlsKeyGenerator
public static final String PUBLIC_KEY_FORMAT_AT = "publicKeyFormat";
public static final String USER_CERTIFICATE_AT = "userCertificate";
- public static final String CERTIFICATE_PRINCIPAL_DN =
- "CN=ApacheDS, OU=Directory, O=ASF, C=US";
+ private static final String BASE_DN = "OU=Directory, O=ASF, C=US";
+
+ public static final String CERTIFICATE_PRINCIPAL_DN = "CN=ApacheDS," + BASE_DN;
+
private static final String ALGORITHM = "RSA";
/*
@@ -251,13 +254,27 @@ public class TlsKeyGenerator
BigInteger serialNumber = BigInteger.valueOf( System.currentTimeMillis() );
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
- X500Principal dnName = new X500Principal( CERTIFICATE_PRINCIPAL_DN );
-
+ X500Principal issuerDn = new X500Principal( CERTIFICATE_PRINCIPAL_DN );
+
+ X500Principal subjectDn = null;
+
+ try
+ {
+ String hostName = InetAddress.getLocalHost().getHostName();
+ subjectDn = new X500Principal( "CN=" + hostName + "," + BASE_DN );
+ }
+ catch( Exception e )
+ {
+ LOG.warn( "failed to create certificate subject name from host name", e );
+ subjectDn = issuerDn;
+ }
+
+
certGen.setSerialNumber( serialNumber );
- certGen.setIssuerDN( dnName );
+ certGen.setIssuerDN( issuerDn );
certGen.setNotBefore( startDate );
certGen.setNotAfter( expiryDate );
- certGen.setSubjectDN( dnName );
+ certGen.setSubjectDN( subjectDn );
certGen.setPublicKey( publicKey );
certGen.setSignatureAlgorithm( "SHA1With" + ALGORITHM );