Harmonize behaviour of different CertificateUtilsProvider implementations
Signed-off-by: coursar <coursar@gmail.com>
This commit is contained in:
parent
2bd9f09e29
commit
4a357223b3
3 changed files with 13 additions and 32 deletions
|
@ -29,7 +29,6 @@ import java.time.DateTimeException;
|
|||
import java.time.ZoneId;
|
||||
import java.time.ZonedDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Calendar;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
|
@ -61,7 +60,7 @@ import org.wildfly.security.x500.cert.util.KeyUtil;
|
|||
*
|
||||
* @author <a href="mailto:david.anderson@redhat.com">David Anderson</a>
|
||||
*/
|
||||
public class ElytronCertificateUtils implements CertificateUtilsProvider {
|
||||
public class ElytronCertificateUtilsProvider implements CertificateUtilsProvider {
|
||||
|
||||
Logger log = Logger.getLogger(getClass());
|
||||
|
||||
|
@ -84,10 +83,7 @@ public class ElytronCertificateUtils implements CertificateUtilsProvider {
|
|||
try {
|
||||
|
||||
X500Principal subjectdn = subjectToX500Principle(subject);
|
||||
X500Principal issuerdn = subjectdn;
|
||||
if (caCert != null) {
|
||||
issuerdn = caCert.getSubjectX500Principal();
|
||||
}
|
||||
X500Principal issuerdn = caCert.getSubjectX500Principal();
|
||||
|
||||
// Validity
|
||||
ZonedDateTime notBefore = ZonedDateTime.ofInstant(new Date(System.currentTimeMillis()).toInstant(),
|
||||
|
@ -105,22 +101,6 @@ public class ElytronCertificateUtils implements CertificateUtilsProvider {
|
|||
ekuList.add(X500.OID_KP_EMAIL_PROTECTION);
|
||||
ekuList.add(X500.OID_KP_SERVER_AUTH);
|
||||
|
||||
// Authority Key Identifier
|
||||
AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension;
|
||||
if (caCert != null) {
|
||||
authorityKeyIdentifierExtension = new AuthorityKeyIdentifierExtension(
|
||||
KeyUtil.getKeyIdentifier(caCert.getPublicKey()),
|
||||
Collections.singletonList(new GeneralName.DirectoryName(caCert.getIssuerX500Principal().getName())),
|
||||
caCert.getSerialNumber()
|
||||
);
|
||||
} else {
|
||||
authorityKeyIdentifierExtension = new AuthorityKeyIdentifierExtension(
|
||||
KeyUtil.getKeyIdentifier(keyPair.getPublic()),
|
||||
Collections.singletonList(new GeneralName.DirectoryName(issuerdn.getName())),
|
||||
serialNumber
|
||||
);
|
||||
}
|
||||
|
||||
X509CertificateBuilder cbuilder = new X509CertificateBuilder()
|
||||
.setSubjectDn(subjectdn)
|
||||
.setIssuerDn(issuerdn)
|
||||
|
@ -140,7 +120,11 @@ public class ElytronCertificateUtils implements CertificateUtilsProvider {
|
|||
.addExtension(new SubjectKeyIdentifierExtension(KeyUtil.getKeyIdentifier(keyPair.getPublic())))
|
||||
|
||||
// Authority Key Identifier
|
||||
.addExtension(authorityKeyIdentifierExtension)
|
||||
.addExtension(new AuthorityKeyIdentifierExtension(
|
||||
KeyUtil.getKeyIdentifier(caCert.getPublicKey()),
|
||||
Collections.singletonList(new GeneralName.DirectoryName(caCert.getIssuerX500Principal().getName())),
|
||||
caCert.getSerialNumber()
|
||||
))
|
||||
|
||||
// Key Usage
|
||||
.addExtension(
|
|
@ -34,7 +34,6 @@ import java.security.spec.ECGenParameterSpec;
|
|||
import java.security.spec.ECParameterSpec;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
|
@ -77,7 +76,7 @@ public class WildFlyElytronProvider implements CryptoProvider {
|
|||
|
||||
@Override
|
||||
public CertificateUtilsProvider getCertificateUtils() {
|
||||
return new ElytronCertificateUtils();
|
||||
return new ElytronCertificateUtilsProvider();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -27,14 +27,12 @@ import java.security.cert.CertificateException;
|
|||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.common.util.PemUtils;
|
||||
import org.keycloak.crypto.elytron.ElytronCertificateUtils;
|
||||
import org.keycloak.crypto.elytron.ElytronCertificateUtilsProvider;
|
||||
import org.wildfly.security.x500.GeneralName;
|
||||
import org.wildfly.security.x500.cert.CRLDistributionPoint;
|
||||
import org.wildfly.security.x500.cert.CRLDistributionPoint.DistributionPointName;
|
||||
|
@ -55,7 +53,7 @@ public class CRLDistributionPointTest {
|
|||
expect.add("http://crl0.test0.com");
|
||||
|
||||
|
||||
ElytronCertificateUtils bcutil = new ElytronCertificateUtils();
|
||||
ElytronCertificateUtilsProvider bcutil = new ElytronCertificateUtilsProvider();
|
||||
List<String> crldp = bcutil.getCRLDistributionPoints(cert);
|
||||
|
||||
assertArrayEquals(expect.toArray(), crldp.toArray());
|
||||
|
@ -70,7 +68,7 @@ public class CRLDistributionPointTest {
|
|||
expect.add("http://crl0.test0.com");
|
||||
expect.add("http://crl0.test1.com");
|
||||
|
||||
ElytronCertificateUtils bcutil = new ElytronCertificateUtils();
|
||||
ElytronCertificateUtilsProvider bcutil = new ElytronCertificateUtilsProvider();
|
||||
List<String> crldp = bcutil.getCRLDistributionPoints(cert);
|
||||
|
||||
assertArrayEquals(expect.toArray(), crldp.toArray());
|
||||
|
@ -87,7 +85,7 @@ public class CRLDistributionPointTest {
|
|||
expect.add("http://crl1.test0.com");
|
||||
expect.add("http://crl1.test1.com");
|
||||
|
||||
ElytronCertificateUtils bcutil = new ElytronCertificateUtils();
|
||||
ElytronCertificateUtilsProvider bcutil = new ElytronCertificateUtilsProvider();
|
||||
List<String> crldp = bcutil.getCRLDistributionPoints(cert);
|
||||
|
||||
assertArrayEquals(expect.toArray(), crldp.toArray());
|
||||
|
@ -101,7 +99,7 @@ public class CRLDistributionPointTest {
|
|||
expect.add("http://localhost:8889/empty.crl");
|
||||
expect.add("http://localhost:8889/intermediate-ca.crl");
|
||||
|
||||
ElytronCertificateUtils bcutil = new ElytronCertificateUtils();
|
||||
ElytronCertificateUtilsProvider bcutil = new ElytronCertificateUtilsProvider();
|
||||
List<String> crldp = bcutil.getCRLDistributionPoints(cert);
|
||||
|
||||
assertArrayEquals(expect.toArray(), crldp.toArray());
|
||||
|
|
Loading…
Reference in a new issue