diff options
author | Adrian Egloff | 2021-05-27 13:30:40 +0000 |
---|---|---|
committer | Adrian Egloff | 2021-05-28 05:34:07 +0000 |
commit | bf6d82e0339e9ee17ba9e19b8a321caee9658491 (patch) | |
tree | 10696ef23d084ae1c9437bd3ea1e76925d778a6b | |
parent | 39192bb0e5bc5c5e03f174c31765e543d33f52ef (diff) | |
download | org.eclipse.scout.rt-bf6d82e0339e9ee17ba9e19b8a321caee9658491.tar.gz org.eclipse.scout.rt-bf6d82e0339e9ee17ba9e19b8a321caee9658491.tar.xz org.eclipse.scout.rt-bf6d82e0339e9ee17ba9e19b8a321caee9658491.zip |
Adds given common-name, localhost and localhost-ip to alternative names
The SubjectAlternativeNameExtension may be checked by browsers to verify
the ssl certificate. Therefore the common-name or localhost (depends on
how the server is accessed) should be added to the generated cert.
Change-Id: I320c3a0de189d7dec1fdf5628c4d1b5ca7de089e
Reviewed-on: https://git.eclipse.org/r/c/scout/org.eclipse.scout.rt/+/181106
Tested-by: Scout Bot <scout-bot@eclipse.org>
Reviewed-by: Ivan Motsch <ivan.motsch@bsiag.com>
(cherry picked from commit 41b9895012af3a6b1cac91b95a876f0eb35b2912)
Reviewed-on: https://git.eclipse.org/r/c/scout/org.eclipse.scout.rt/+/180983
Reviewed-by: Adrian Egloff <adrian.egloff@bsi-software.com>
-rw-r--r-- | org.eclipse.scout.rt.platform/src/main/java/org/eclipse/scout/rt/platform/security/SunSecurityProvider.java | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/org.eclipse.scout.rt.platform/src/main/java/org/eclipse/scout/rt/platform/security/SunSecurityProvider.java b/org.eclipse.scout.rt.platform/src/main/java/org/eclipse/scout/rt/platform/security/SunSecurityProvider.java index 1c76b35c77..6501efc14d 100644 --- a/org.eclipse.scout.rt.platform/src/main/java/org/eclipse/scout/rt/platform/security/SunSecurityProvider.java +++ b/org.eclipse.scout.rt.platform/src/main/java/org/eclipse/scout/rt/platform/security/SunSecurityProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2020 BSI Business Systems Integration AG. + * Copyright (c) 2010-2021 BSI Business Systems Integration AG. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -41,6 +41,7 @@ import java.security.spec.KeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Collections; +import java.util.Date; import javax.crypto.Cipher; import javax.crypto.CipherOutputStream; @@ -55,7 +56,14 @@ import javax.crypto.spec.SecretKeySpec; import org.eclipse.scout.rt.platform.Order; import org.eclipse.scout.rt.platform.exception.ProcessingException; import org.eclipse.scout.rt.platform.util.Base64Utility; -import org.eclipse.scout.rt.platform.util.Assertions.*; +import org.eclipse.scout.rt.platform.util.StringUtility; + +import sun.security.x509.CertificateExtensions; +import sun.security.x509.DNSName; +import sun.security.x509.GeneralName; +import sun.security.x509.GeneralNames; +import sun.security.x509.IPAddressName; +import sun.security.x509.SubjectAlternativeNameExtension; /** * Utility class for encryption/decryption, hashing, random number generation and digital signatures.<br> @@ -474,7 +482,15 @@ public class SunSecurityProvider implements ISecurityProvider { certGen.generate(keyBits); sun.security.x509.X500Name name = new sun.security.x509.X500Name(x500Name); long validSecs = (long) validDays * 24L * 3600L; - X509Certificate cert = certGen.getSelfCertificate(name, validSecs); + GeneralNames generalNames = new GeneralNames() + .add(new GeneralName(new DNSName("localhost"))) + .add(new GeneralName(new IPAddressName("127.0.0.1"))); + if (!StringUtility.isNullOrEmpty(name.getCommonName())) { + generalNames.add(new GeneralName(new DNSName(name.getCommonName()))); + } + CertificateExtensions extensions = new CertificateExtensions(); + extensions.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames)); + X509Certificate cert = certGen.getSelfCertificate(name, new Date(), validSecs, extensions); PrivateKey privateKey = certGen.getPrivateKey(); KeyStore ks = KeyStore.getInstance("jks"); |