Changeset 673d765 for core/java


Ignore:
Timestamp:
Feb 19, 2018 7:36:30 PM (3 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
935ba77d
Parents:
c719410
Message:

Crypto: Add IP addresses to selfsigned cert SAN (ticket #2160)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/SelfSignedGenerator.java

    rc719410 r673d765  
    478478     *   3) Basic Constraints
    479479     *   4) Subject Alternative Name
     480     *      As of 0.9.34, adds 127.0.0.1 and ::1 to the SAN also
    480481     *   5) Authority Key Identifier
    481482     *  (not necessarily output in that order)
     
    516517        byte[] cnameBytes = DataHelper.getASCII(cname);
    517518        int wrap41len = spaceFor(cnameBytes.length);
     519        // only used for CA
     520        byte[] ipv4;
     521        byte[] ipv6;
     522        final boolean isCA = !cname.contains("@");
     523        if (isCA) {
     524            ipv4 = new byte[] { 127, 0, 0, 1 };
     525            ipv6 = new byte[16];
     526            ipv6[15] = 1;
     527            wrap41len += spaceFor(ipv4.length) + spaceFor(ipv6.length);
     528        } else {
     529            ipv4 = null;
     530            ipv6 = null;
     531        }
    518532        int wrap4len = spaceFor(wrap41len);
    519533        int ext4len = oid4.length + spaceFor(wrap4len);
     
    524538
    525539        int extslen = spaceFor(ext1len) + spaceFor(ext2len) + spaceFor(ext4len) + spaceFor(ext5len);
    526         final boolean isCA = !cname.contains("@");
    527540        if (isCA)
    528541            extslen += spaceFor(ext3len);
     
    603616        idx += oid4.length;
    604617        // octet string wraps a sequence containing a choice 2 (DNSName) IA5String
     618        // followed by two byteArrays (IP addresses)
    605619        rv[idx++] = (byte) 0x04;
    606620        idx = intToASN1(rv, idx, wrap4len);
     
    611625        System.arraycopy(cnameBytes, 0, rv, idx, cnameBytes.length);
    612626        idx += cnameBytes.length;
     627        if (isCA) {
     628            rv[idx++] = (byte) 0x87; // choice, octet string for IP address
     629            idx = intToASN1(rv, idx, ipv4.length);
     630            System.arraycopy(ipv4, 0, rv, idx, ipv4.length);
     631            idx += ipv4.length;
     632            rv[idx++] = (byte) 0x87; // choice, octet string for IP address
     633            idx = intToASN1(rv, idx, ipv6.length);
     634            System.arraycopy(ipv6, 0, rv, idx, ipv6.length);
     635            idx += ipv6.length;
     636        }
    613637
    614638        return rv;
Note: See TracChangeset for help on using the changeset viewer.