(airavata-custos) 04/04: Updated the principal extraction

Thu, 11 Dec 2025 13:57:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

lahirujayathilake pushed a commit to branch custos-signer
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git

commit a82fc6e20753a910792ad5ba052e467501af02c3
Author: lahiruj <[email protected]>
AuthorDate: Thu Dec 11 16:56:34 2025 -0500

    Updated the principal extraction
---
 .../signer/service/ca/SshCertificateSigner.java    | 39 ++++++++++++++++------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git 
a/signer/signer-service/src/main/java/org/apache/custos/signer/service/ca/SshCertificateSigner.java
 
b/signer/signer-service/src/main/java/org/apache/custos/signer/service/ca/SshCertificateSigner.java
index bf5db240e..ad7d3ae6e 100644
--- 
a/signer/signer-service/src/main/java/org/apache/custos/signer/service/ca/SshCertificateSigner.java
+++ 
b/signer/signer-service/src/main/java/org/apache/custos/signer/service/ca/SshCertificateSigner.java
@@ -95,10 +95,7 @@ public class SshCertificateSigner {
             String keyId = String.format("%s@%s-%d", principal, clientId, 
now.getEpochSecond());
 
             // Build certificate
-            SshCertificate certificate = buildSshCertificate(
-                    publicKey, caKeyPair, serialNumber, keyId, principal,
-                    validAfter, validBefore, caFingerprint
-            );
+            SshCertificate certificate = buildSshCertificate(publicKey, 
caKeyPair, serialNumber, keyId, principal, validAfter, validBefore);
 
             // Sign the certificate
             byte[] signature = signCertificate(certificate, 
caKeyPair.getPrivate());
@@ -186,10 +183,7 @@ public class SshCertificateSigner {
     /**
      * Build SSH certificate structure
      */
-    private SshCertificate buildSshCertificate(SshPublicKey publicKey, KeyPair 
caKeyPair,
-                                               long serialNumber, String 
keyId, String principal,
-                                               Instant validAfter, Instant 
validBefore,
-                                               String caFingerprint) {
+    private SshCertificate buildSshCertificate(SshPublicKey publicKey, KeyPair 
caKeyPair, long serialNumber, String keyId, String principal, Instant 
validAfter, Instant validBefore) {
         SshCertificate cert = new SshCertificate();
 
         // Certificate header
@@ -199,6 +193,7 @@ public class SshCertificateSigner {
         cert.setPublicKey(publicKey.getKeyData()); // For Ed25519, raw 32-byte 
public key
         cert.setSerial(serialNumber);
         cert.setKeyId(keyId);
+        cert.setPrincipal(principal);
 
         // Validity period
         cert.setValidAfter(validAfter.getEpochSecond());
@@ -285,7 +280,7 @@ public class SshCertificateSigner {
         writeString(out, certificate.getKeyId());
 
         // Principals (list encoded inside a single string)
-        writeBytes(out, 
encodePrincipals(Collections.singletonList(certificate.getKeyId().split("@")[0])));
+        writeBytes(out, 
encodePrincipals(Collections.singletonList(resolvePrincipal(certificate))));
 
         // Validity
         writeUint64(out, certificate.getValidAfter());
@@ -338,7 +333,7 @@ public class SshCertificateSigner {
         writeString(out, certificate.getKeyId());
 
         // Principals
-        writeBytes(out, 
encodePrincipals(Collections.singletonList(certificate.getKeyId().split("@")[0])));
+        writeBytes(out, 
encodePrincipals(Collections.singletonList(resolvePrincipal(certificate))));
 
         // Validity period
         writeUint64(out, certificate.getValidAfter());
@@ -386,6 +381,21 @@ public class SshCertificateSigner {
         return optionsBuf.toByteArray();
     }
 
+    private String resolvePrincipal(SshCertificate certificate) {
+        String principal = certificate.getPrincipal();
+        if (principal != null && !principal.isEmpty()) {
+            return principal;
+        }
+
+        String keyId = certificate.getKeyId();
+        if (keyId == null || keyId.isEmpty()) {
+            return "";
+        }
+
+        int at = keyId.indexOf('@');
+        return at > 0 ? keyId.substring(0, at) : keyId;
+    }
+
     private byte[] toSshPublicKeyBlob(PublicKey publicKey) throws Exception {
         String algorithm = publicKey.getAlgorithm();
         ByteArrayOutputStream buf = new ByteArrayOutputStream();
@@ -577,6 +587,7 @@ public class SshCertificateSigner {
         private long serial;
         private int certType;
         private String keyId;
+        private String principal;
         private long validAfter;
         private long validBefore;
         private Map<String, String> criticalOptions;
@@ -634,6 +645,14 @@ public class SshCertificateSigner {
             this.keyId = keyId;
         }
 
+        public String getPrincipal() {
+            return principal;
+        }
+
+        public void setPrincipal(String principal) {
+            this.principal = principal;
+        }
+
         public long getValidAfter() {
             return validAfter;
         }

Reply via email to