Changeset 7cd60bb for core


Ignore:
Timestamp:
Jun 5, 2019 11:47:59 AM (12 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
aab6529
Parents:
697b617c
Message:

Util: Add EKU to selfsigned certs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/SelfSignedGenerator.java

    r697b617c r7cd60bb  
    8989    // Authority Key Identifier
    9090    private static final String OID_AKI = "2.5.29.35";
     91    // Extended Key Usage
     92    private static final String OID_EKU = "2.5.29.37";
     93    // ID-KP-ServerAuth
     94    private static final String OID_ID_KP_SERVERAUTH = "1.3.6.1.5.5.7.3.1";
    9195
    9296    private static final Map<String, String> OIDS;
     
    404408        byte[] pubbytes = jpub.getEncoded();
    405409        byte[] extbytes = getExtensions(pubbytes, cname, altNames);
     410        //System.out.println("Extensions:\n" + HexDump.dump(extbytes));
    406411
    407412        int len = version.length + serial.length + sigoid.length + issuer.length +
     
    624629        byte[] oid8 = getEncodedOID(OID_QT_UNOTICE);
    625630        byte[] oid9 = getEncodedOID(OID_QT_CPSURI);
     631        byte[] oid10 = getEncodedOID(OID_EKU);
     632        byte[] oid11 = getEncodedOID(OID_ID_KP_SERVERAUTH);
    626633        byte[] TRUE = new byte[] { 1, 1, (byte) 0xff };
    627634
     
    682689        int ext6len = oid6.length + spaceFor(wrap68len); // OID + octet string
    683690
     691        int wrap7len = spaceFor(oid11.length); // EKU OID
     692        int ext7len = oid10.length + spaceFor(wrap7len); // EKU
     693
    684694        int extslen = spaceFor(ext1len) + spaceFor(ext2len) + spaceFor(ext4len) + spaceFor(ext5len);
    685695        if (isCA)
    686             extslen += spaceFor(ext3len) + spaceFor(ext6len);
     696            extslen += spaceFor(ext3len) + spaceFor(ext6len) + spaceFor(ext7len);
    687697        int seqlen = spaceFor(extslen);
    688698        int totlen = spaceFor(seqlen);
     
    821831            System.arraycopy(policyTextBytes, 0, rv, idx, policyTextBytes.length);
    822832            idx += policyTextBytes.length;
     833        }
     834
     835        // EKU
     836        if (isCA) {
     837            rv[idx++] = (byte) 0x30;
     838            idx = intToASN1(rv, idx, ext7len);
     839            System.arraycopy(oid10, 0, rv, idx, oid10.length);
     840            idx += oid10.length;
     841            rv[idx++] = (byte) 0x04;  // octet string wraps a sequence
     842            idx = intToASN1(rv, idx, wrap7len);
     843            rv[idx++] = (byte) 0x30;  // seq.
     844            idx = intToASN1(rv, idx, oid11.length);
     845            System.arraycopy(oid11, 0, rv, idx, oid11.length);
     846            idx += oid11.length;
    823847        }
    824848
Note: See TracChangeset for help on using the changeset viewer.