Author: bblfish
Date: Wed Apr 6 22:21:46 2011
New Revision: 1089650
URL: http://svn.apache.org/viewvc?rev=1089650&view=rev
Log:
CLEREZZA-487: "deal with Certificates that contain mailto and other URIs in SAN
field". The first thing is to make it easy to create certificates with mailtos
in the URL field in order then be able to test behavior.
Modified:
incubator/clerezza/trunk/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/Certificate.java
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.java
incubator/clerezza/trunk/parent/ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java
incubator/clerezza/trunk/parent/ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java
Modified:
incubator/clerezza/trunk/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala?rev=1089650&r1=1089649&r2=1089650&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
(original)
+++
incubator/clerezza/trunk/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
Wed Apr 6 22:21:46 2011
@@ -30,7 +30,6 @@ import org.apache.clerezza.jaxrs.utils.R
import org.apache.clerezza.jaxrs.utils.TrailingSlash
import org.apache.clerezza.platform.accountcontrolpanel.ontologies.CONTROLPANEL
import org.apache.clerezza.platform.config.PlatformConfig
-import org.apache.clerezza.platform.typerendering.RenderletManager
import org.apache.clerezza.platform.usermanager.UserManager
import org.apache.clerezza.rdf.core._
import org.apache.clerezza.rdf.core.impl.SimpleMGraph
@@ -56,6 +55,7 @@ import java.security.interfaces.RSAPubli
import org.apache.clerezza.rdf.ontologies.RDFS
import org.apache.clerezza.ssl.keygen.KeygenService
import org.apache.clerezza.platform.users.WebIdGraphsService
+import java.net.URI
object ProfilePanel {
private val logger: Logger =
LoggerFactory.getLogger(classOf[ProfilePanel])
@@ -75,7 +75,7 @@ class ProfilePanel {
@GET
def getPersonalProfilePage(@Context uriInfo: UriInfo,
-
@PathParam(value = "id") userName: String): GraphNode = {
+ @PathParam(value = "id") userName: String):
GraphNode = {
TrailingSlash.enforceNotPresent(uriInfo)
var resultNode: GraphNode = getPersonalProfile(userName, new
UriRef(uriInfo.getAbsolutePath.toString))
resultNode.addProperty(RDF.`type`, PLATFORM.HeadedPage)
@@ -84,7 +84,7 @@ class ProfilePanel {
}
private def getPersonalProfile(userName: String,
-
profile: UriRef): GraphNode = {
+ profile: UriRef): GraphNode = {
return AccessController.doPrivileged(new
PrivilegedAction[GraphNode] {
def run: GraphNode = {
var userInSystemGraph: GraphNode =
userManager.getUserInSystemGraph(userName)
@@ -135,8 +135,8 @@ class ProfilePanel {
@POST
@Path("set-existing-webid")
def setExistingWebId(@Context uriInfo: UriInfo,
-
@FormParam("webid") webId: UriRef,
-
@PathParam(value = "id") userName: String): Response = {
+ @FormParam("webid") webId: UriRef,
+ @PathParam(value = "id") userName: String):
Response = {
return AccessController.doPrivileged(new
PrivilegedAction[Response] {
def run: Response = {
var userInSystemGraph: GraphNode =
userManager.getUserInSystemGraph(userName)
@@ -149,14 +149,14 @@ class ProfilePanel {
@POST
@Path("create-new-web-id")
def createNewWebId(@Context uriInfo: UriInfo,
- @PathParam(value =
"id") userName: String): Response = {
+ @PathParam(value = "id") userName: String): Response
= {
val ppd: UriRef = getSuggestedPPDUri(userName)
val webId: UriRef = new UriRef(ppd.getUnicodeString + "#me")
val webIDInfo = webIdGraphsService.getWebIDInfo(webId)
webIDInfo.localGraph.addAll(
Arrays.asList(
- new TripleImpl(ppd, RDF.`type`,
FOAF.PersonalProfileDocument),
- new TripleImpl(ppd, FOAF.primaryTopic, webId))
+ new TripleImpl(ppd, RDF.`type`,
FOAF.PersonalProfileDocument),
+ new TripleImpl(ppd, FOAF.primaryTopic, webId))
)
return AccessController.doPrivileged(new
PrivilegedAction[Response] {
def run: Response = {
@@ -170,9 +170,9 @@ class ProfilePanel {
@POST
@Path("addContact")
def addContact(@Context uriInfo: UriInfo,
- @FormParam("webId")
newContacts: java.util.List[UriRef]): Response = {
+ @FormParam("webId") newContacts:
java.util.List[UriRef]): Response = {
import collection.JavaConversions._
- if (newContacts.size >0) {
+ if (newContacts.size > 0) {
val userName: String = UserUtil.getCurrentUserName
var me: GraphNode = AccessController.doPrivileged(new
PrivilegedAction[GraphNode] {
def run: GraphNode = {
@@ -188,24 +188,27 @@ class ProfilePanel {
return RedirectUtil.createSeeOtherResponse("../profile",
uriInfo)
}
-
+ /**
+ * @parm webId: A list of WebIDs to be added as Subject Alternative
Names
+ * @param cn Common Name, the name that usually appears in the
certificate selection box
+ * @param spkac key request in format generated by Netscape, Safari,
Opera
+ * @param crmf hey request in format generated by M$ Explorer
+ * @param csr key request as generated by Javascript of Netscape
+ * @param hours the certificate should last (hours and days add up)
+ * @param days the certificate should last
+ * @param comment a comment to be attached to the public key in the
database
+ */
@POST
@Path("keygen")
- def createCert(@FormParam("webId") webId: UriRef,
- @FormParam("cn") commonName:
String,
- @FormParam("spkac") spkac:
String,
- @FormParam("crmf") crmf: String,
- @FormParam("hours") hours:
String,
- @FormParam("days") days: String,
- @FormParam("csr") csr: String,
- @FormParam("comment") comment:
String): Response = {
- logger.info("in keygen code. webId={}", webId)
- logger.info("cn={}", commonName)
- logger.info("hours={}", hours)
- logger.info("days={}", days)
- logger.info("spkac={}", spkac)
- logger.info("crmf={}", crmf)
- logger.info("csr={}", csr)
+ def createCert(@FormParam("webId") webIds: java.util.List[URI],
+ @FormParam("cn") commonName: String,
+ @FormParam("spkac") spkac: String,
+ @FormParam("crmf") crmf: String,
+ @FormParam("csr") csr: String,
+ @FormParam("hours") hours: String,
+ @FormParam("days") days: String,
+ @FormParam("comment") comment: String): Response = {
+ import scala.collection.JavaConversions._
var cert: Certificate = null
if (spkac != null && spkac.length > 0) {
cert = keygenSrvc.createFromSpkac(spkac)
@@ -232,7 +235,9 @@ class ProfilePanel {
cert.addDurationInHours(hours)
cert.addDurationInDays(days)
cert.startEarlier("2")
- cert.setSubjectWebID(webId.getUnicodeString)
+ for(san: URI<-webIds) {
+ cert.addSubjectAlternativeName(san.toString)
+ }
var ser: CertSerialisation = null
try {
ser = cert.getSerialisation
@@ -245,16 +250,23 @@ class ProfilePanel {
var pubKey: RSAPublicKey =
cert.getSubjectPublicKey.getPublicKey.asInstanceOf[RSAPublicKey]
var publicExponent: BigInteger = pubKey.getPublicExponent
var modulus: BigInteger = pubKey.getModulus
- val webIdInfo: WebIdGraphsService#WebIDInfo =
webIdGraphsService.getWebIDInfo(webId)
- val certNode: GraphNode = new GraphNode(new BNode,
webIdInfo.localGraph)
- certNode.addProperty(RDF.`type`, RSA.RSAPublicKey)
- certNode.addProperty(CERT.identity, webId)
- certNode.addPropertyValue(RSA.modulus, modulus)
- certNode.addPropertyValue(RSA.public_exponent, publicExponent)
- if (comment != null && comment.length > 0) {
- certNode.addPropertyValue(RDFS.comment, comment)
+
+ for (webid: URI<-webIds
+ if (webid.getScheme=="https"||webid.getScheme=="http");
+ val webidRef = new UriRef(webid.toString);
+ val webIdInfo = webIdGraphsService.getWebIDInfo(webidRef);
+ if (webIdInfo.isLocal)
+ ) {
+ val certNode: GraphNode = new GraphNode(new BNode,
webIdInfo.localGraph)
+ certNode.addProperty(RDF.`type`, RSA.RSAPublicKey)
+ certNode.addProperty(CERT.identity, webidRef)
+ certNode.addPropertyValue(RSA.modulus, modulus)
+ certNode.addPropertyValue(RSA.public_exponent,
publicExponent)
+ if (comment != null && comment.length > 0) {
+ certNode.addPropertyValue(RDFS.comment, comment)
+ }
+ certNode.addPropertyValue(DC.date, cert.getStartDate)
}
- certNode.addPropertyValue(DC.date, cert.getStartDate)
var resBuild: Response.ResponseBuilder =
Response.ok(ser.getContent, MediaType.valueOf(ser.getMimeType))
return resBuild.build
}
@@ -262,8 +274,8 @@ class ProfilePanel {
@POST
@Path("deletekey")
def deleteKey(@Context uriInfo: UriInfo,
- @FormParam("webId") webId: UriRef,
- @FormParam("keyhash") keys:
List[String]): Response = {
+ @FormParam("webId") webId: UriRef,
+ @FormParam("keyhash") keys: List[String]): Response = {
val webIDInfo = webIdGraphsService.getWebIDInfo(webId)
val agent: GraphNode = new GraphNode(webId,
webIDInfo.localGraph)
var subjects: Iterator[GraphNode] =
agent.getSubjectNodes(CERT.identity)
@@ -295,10 +307,10 @@ class ProfilePanel {
@POST
@Path("modify")
def modifyProfile(@Context uriInfo: UriInfo,
- @PathParam(value =
"id") userName: String,
- @FormParam("webId")
webId: UriRef,
- @FormParam("name")
name: String,
-
@FormParam("description") description: String): Response = {
+ @PathParam("id") userName: String,
+ @FormParam("webId") webId: UriRef,
+ @FormParam("name") name: String,
+ @FormParam("description") description: String):
Response = {
val webIDInfo = webIdGraphsService.getWebIDInfo(webId)
val agent: GraphNode = new GraphNode(webId,
webIDInfo.localGraph)
agent.deleteProperties(FOAF.name)
Modified:
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/Certificate.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/Certificate.java?rev=1089650&r1=1089649&r2=1089650&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/Certificate.java
(original)
+++
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/Certificate.java
Wed Apr 6 22:21:46 2011
@@ -55,10 +55,11 @@ public interface Certificate {
/**
* Set the <a href="http://esw.w3.org/topic/webid";>WebID</a> for the
certificate.
+ * The first SAN added will appear in the Distinguished Name
*
- * @param url the webID. Must be a full URL
+ * @param san, a Subject Alternative Name to add. Must be a full URL,
usually the WebID
*/
- public void setSubjectWebID(String url);
+ public void addSubjectAlternativeName(String san);
/**
Modified:
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.java?rev=1089650&r1=1089649&r2=1089650&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.java
(original)
+++
incubator/clerezza/trunk/parent/ssl.keygen/base/src/main/java/org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.java
Wed Apr 6 22:21:46 2011
@@ -30,12 +30,14 @@ POSSIBILITY OF SUCH DAMAGE.
Author: Henry Story
*/
+
package org.apache.clerezza.ssl.keygen.bouncy;
import org.apache.clerezza.ssl.keygen.CertSerialisation;
import org.apache.clerezza.ssl.keygen.Certificate;
import org.apache.clerezza.ssl.keygen.PubKey;
import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x509.*;
@@ -46,6 +48,8 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -53,13 +57,16 @@ import java.util.logging.Logger;
/**
* Default implementation of Certificate
*
+ * useful reference: "X.509 Style Guide" by Peter Gutmann
+ * http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
+ *
* @author Henry Story
*/
public class DefaultCertificate implements Certificate {
static final Logger log =
Logger.getLogger(DefaultCertificate.class.getName());
- String webId;
+ LinkedList<String> sans = new LinkedList<String>();
String CN;
Date startDate;
Date endDate;
@@ -82,7 +89,7 @@ public class DefaultCertificate implemen
@Override
- public void setSubjectWebID(String urlStr) {
+ public void addSubjectAlternativeName(String urlStr) {
URL url = null;
try {
url = new URL(urlStr);
@@ -91,13 +98,13 @@ public class DefaultCertificate implemen
//everything probably ok, though really https
should be the default
} else {
//could very well be a mistake
- log.log(Level.WARNING, "using WebId with
protocol " + protocol + ". Could be a mistake. WebId=" + url);
+ log.log(Level.INFO, "using WebId with protocol
" + protocol + ". Could be a mistake. WebId=" + url);
}
} catch (MalformedURLException e) {
log.log(Level.WARNING, "Malformed URL " + url, e);
}
- this.webId = urlStr;
+ sans.add(urlStr);
}
@Override
@@ -129,7 +136,7 @@ public class DefaultCertificate implemen
@Override
public void startEarlier(String hours) {
- if (null == hours || "".equals(hours)) return;
+ if (null == hours || "".equals(hours)) return;
try {
this.earlier += Double.valueOf(hours);
} catch (NumberFormatException e) {
@@ -139,7 +146,7 @@ public class DefaultCertificate implemen
@Override
public void addDurationInHours(String hours) {
- if (null ==hours || "".equals(hours)) return;
+ if (null == hours || "".equals(hours)) return;
try {
this.numHours += Double.valueOf(hours);
} catch (NumberFormatException e) {
@@ -176,14 +183,21 @@ public class DefaultCertificate implemen
return serialization;
}
+ /**
+ * see:
http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation
+ *
+ * @throws Exception
+ */
public void generate() throws Exception {
X509V3CertificateGenerator certGenerator = new
X509V3CertificateGenerator();
certGenerator.reset();
- /*
- * Sets up the subject distinguished
name. Since it's a self-signed
- * certificate, issuer and subject are
the same.
- */
+
+/*
+ Sets up the subject distinguished name.
+ The issuer should be the same for all self signed CAs as this
then allows selection of acceptable certificates
+ by the server
+*/
certGenerator.setIssuerDN(new
X509Name(BouncyKeygenService.issuer));
@@ -194,7 +208,11 @@ public class DefaultCertificate implemen
subjectDnValues.add("FOAF+SSL");
subjectDnOids.add(X509Name.OU);
subjectDnValues.add("The Community Of Self Signers");
+
+ //DNs have to be unique, so we put a webID here. The first one
+ String webId = sans.getFirst();
subjectDnOids.add(X509Name.UID);
+
subjectDnValues.add(webId);
subjectDnOids.add(X509Name.CN);
subjectDnValues.add(CN);
@@ -202,26 +220,25 @@ public class DefaultCertificate implemen
X509Name DName = new X509Name(subjectDnOids, subjectDnValues);
certGenerator.setSubjectDN(DName);
- /*
- * Sets up the validity dates.
- */
+/*
+ Sets up the validity dates.
+*/
certGenerator.setNotBefore(getStartDate());
-
certGenerator.setNotAfter(getEndDate());
- /*
- * The serial-number of this certificate
is 1. It makes sense because
- * it's self-signed.
- */
+/*
+ set a random number for the serial number
+*/
certGenerator.setSerialNumber(service.nextRandom());
- /*
- * Sets the public-key to embed in this
certificate.
- */
+/*
+ Sets the public-key to embed in this certificate.
+*/
certGenerator.setPublicKey(getSubjectPublicKey().getPublicKey());
+
/*
- * Sets the signature algorithm.
- */
+ * Sets the signature algorithm.
+ */
// String pubKeyAlgorithm = service.caPubKey.getAlgorithm();
// if (pubKeyAlgorithm.equals("DSA")) {
// certGenerator.setSignatureAlgorithm("SHA1WithDSA");
@@ -234,72 +251,93 @@ public class DefaultCertificate implemen
// throw re;
// }
- /*
- * Adds the Basic Constraint (CA: false)
extension.
- */
- certGenerator.addExtension(X509Extensions.BasicConstraints,
true,
- new BasicConstraints(false));
-
- /*
- * Adds the Key Usage extension.
- */
- certGenerator.addExtension(X509Extensions.KeyUsage, true, new
KeyUsage(
- KeyUsage.digitalSignature | KeyUsage.nonRepudiation
- | KeyUsage.keyEncipherment |
KeyUsage.keyAgreement
- | KeyUsage.keyCertSign));
-
- /*
- * Adds the Netscape certificate type
extension.
- */
+/*
+ Adds the Basic Constraint (CA: false) extension.
+*/
+ certGenerator.addExtension(X509Extension.basicConstraints, true,
+ new BasicConstraints(false));
+
+/*
+ Adds the Key Usage extension.
+*/
+ certGenerator.addExtension(X509Extension.keyUsage, true, new
KeyUsage(
+ KeyUsage.digitalSignature |
KeyUsage.nonRepudiation
+ | KeyUsage.keyEncipherment |
KeyUsage.keyAgreement
+ | KeyUsage.keyCertSign));
+
+/*
+ Adds the Netscape certificate type extension.
+ sslClient: the certificate is selectable by the client
+ the certificate can be used for mime encryption.
+ (perhaps the above should be settable. It is not clear that most certs
should be used that way, as their life
+ span could be very short)
+*/
certGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
- false, new NetscapeCertType(NetscapeCertType.sslClient
- | NetscapeCertType.smime));
-
- /*
- * Adds the authority key identifier
extension.
- * Bruno pointed out that this is not
needed, as the authority's key is never checked in this setup!
- * so I am commenting it out, to be
removed at a later date.
- *
-
- AuthorityKeyIdentifierStructure
authorityKeyIdentifier;
- try {
- authorityKeyIdentifier = new
AuthorityKeyIdentifierStructure(
-
service.certificate.getPublicKey());
- } catch (InvalidKeyException e) {
- throw new Exception("failed to
parse CA cert. This should never happen", e);
- }
-
-
certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier,
- false,
authorityKeyIdentifier);
- */
+ false, new
NetscapeCertType(NetscapeCertType.sslClient
+ | NetscapeCertType.smime));
/*
- * Adds the subject key identifier
extension.
- */
+ * Adds the authority key identifier extension.
+ * Bruno pointed out that this is not needed,
as the authority's key is never checked in this setup!
+ * so I am commenting it out, to be removed at
a later date.
+ *
+
+ AuthorityKeyIdentifierStructure
authorityKeyIdentifier;
+ try {
+ authorityKeyIdentifier = new
AuthorityKeyIdentifierStructure(
+
service.certificate.getPublicKey());
+ } catch (InvalidKeyException e) {
+ throw new Exception("failed to parse
CA cert. This should never happen", e);
+ }
+
+
certGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier,
+ false,
authorityKeyIdentifier);
+ */
+
+/*
+ Adds the subject key identifier extension.
+*/
SubjectKeyIdentifier subjectKeyIdentifier = new
SubjectKeyIdentifierStructure(
- getSubjectPublicKey().getPublicKey());
- certGenerator.addExtension(X509Extensions.SubjectKeyIdentifier,
false,
- subjectKeyIdentifier);
-
- /*
- * Adds the subject alternative-name
extension (critical).
- */
- if (webId != null) {
+ getSubjectPublicKey().getPublicKey());
+ certGenerator.addExtension(X509Extension.subjectKeyIdentifier,
false,
+ subjectKeyIdentifier);
+
+/*
+ Adds the subject alternative-name extension (critical).
+*/
+ if (sans.size() == 0) {
+ throw new Exception("WebId not set!");
+ }
+ if (sans.size() == 1) {
GeneralNames subjectAltNames = new GeneralNames(new
GeneralName(
- GeneralName.uniformResourceIdentifier, webId));
-
certGenerator.addExtension(X509Extensions.SubjectAlternativeName,
- true, subjectAltNames);
- } else throw new Exception("WebId not set!");
+ GeneralName.uniformResourceIdentifier,
webId));
- /*
- * Creates and sign this certificate
with the private key corresponding
- * to the public key of the FOAF+SSL DN
- */
+
certGenerator.addExtension(X509Extension.subjectAlternativeName,
+ true, subjectAltNames);
+ } else {
+ // BouncyCastle has a pretty inflexible API. It would
have made more sense to just
+ // pass an array of Names to the constructor.
+ GeneralName[] names = new GeneralName[sans.size()];
+ Iterator<String> sanIt = sans.iterator();
+ int i = 0;
+ while (sanIt.hasNext()) {
+ names[i] = new
GeneralName(GeneralName.uniformResourceIdentifier, sanIt.next());
+ i++;
+ }
+
certGenerator.addExtension(X509Extension.subjectAlternativeName,
+ true, new DERSequence(names));
+
+ }
+
+/*
+ Creates and sign this certificate with the private key
corresponding
+ to the public key of the FOAF+SSL DN
+*/
cert = certGenerator.generate(service.privateKey);
- /*
- * Checks that this certificate has
indeed been correctly signed.
- */
+/*
+ Checks that this certificate has indeed been correctly signed.
+*/
cert.verify(service.certificate.getPublicKey());
}
Modified:
incubator/clerezza/trunk/parent/ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java?rev=1089650&r1=1089649&r2=1089650&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java
(original)
+++
incubator/clerezza/trunk/parent/ssl.keygen/base/src/test/java/org/apache/clerezza/ssl/keygen/bouncy/CertificateServiceTest.java
Wed Apr 6 22:21:46 2011
@@ -85,7 +85,7 @@ public class CertificateServiceTest exte
Date now = new Date();
cert.addDurationInDays("3");
cert.setSubjectCommonName("Test");
- cert.setSubjectWebID(WEBID);
+ cert.addSubjectAlternativeName(WEBID);
CertSerialisation certByte = cert.getSerialisation();
//test that the returned certificate contains the correct
values...
@@ -146,7 +146,7 @@ public class CertificateServiceTest exte
Date now = new Date();
cert.setSubjectCommonName("Test");
- cert.setSubjectWebID(WEBID);
+ cert.addSubjectAlternativeName(WEBID);
cert.startEarlier("2");
CertSerialisation certByte = cert.getSerialisation();
Modified:
incubator/clerezza/trunk/parent/ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/parent/ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java?rev=1089650&r1=1089649&r2=1089650&view=diff
==============================================================================
---
incubator/clerezza/trunk/parent/ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java
(original)
+++
incubator/clerezza/trunk/parent/ssl.keygen/samplewebapp/src/main/java/org/apache/clerezza/ssl/keygen/webapp/MiniCaServlet.java
Wed Apr 6 22:21:46 2011
@@ -96,7 +96,7 @@ public class MiniCaServlet extends HttpS
cert = keygen.createFromPEM(pemCsrData);
}
cert.setSubjectCommonName(cn);
- cert.setSubjectWebID(webId);
+ cert.addSubjectAlternativeName(webId);
cert.addDurationInDays("365");
cert.startEarlier("1"); //always start one hour earlier at least,
to avoid clock synchronisation issues
cert.getSerialisation().writeTo(response);
