Skip to content

Commit

Permalink
Fix cname encoding in CertificateGenerator
Browse files Browse the repository at this point in the history
  • Loading branch information
@todvora
todvora committed Oct 21, 2024
1 parent 5491dc6 commit 56addb6
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 1 deletion.
11 changes: 10 additions & 1 deletion graylog2-server/src/main/java/org/graylog/security/certutil/CertificateGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
package org.graylog.security.certutil;

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
Expand All @@ -41,7 +43,8 @@ public class CertificateGenerator {
public static KeyPair generate(CertRequest request) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM);
java.security.KeyPair certKeyPair = keyGen.generateKeyPair();
X500Name name = new X500Name("CN=" + request.cnName());

final X500Name name = getX500Name(request.cnName());

// TODO: cert serial number?
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
Expand Down Expand Up @@ -84,4 +87,10 @@ public static KeyPair generate(CertRequest request) throws Exception {
X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
return new KeyPair(certKeyPair.getPrivate(), certKeyPair.getPublic(), cert);
}

private static X500Name getX500Name(String cname) {
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
builder.addRDN(BCStyle.CN, cname);
return builder.build();
}
}
31 changes: 31 additions & 0 deletions graylog2-server/src/test/java/org/graylog/security/certutil/CertificateGeneratorTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
package org.graylog.security.certutil;

import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;

import java.security.cert.X509Certificate;
import java.time.Duration;

class CertificateGeneratorTest {

@Test
void testDomainName() throws Exception {
final KeyPair pair = selfSigned("www.graylog.org");
final X509Certificate certificate = pair.certificate();
final String cn = certificate.getSubjectX500Principal().getName();
Assertions.assertThat(cn).isEqualTo("CN=www.graylog.org");
}

@Test
void testEscaping() throws Exception {
final KeyPair pair = selfSigned("Graylog, Inc.");
final X509Certificate certificate = pair.certificate();
final String cn = certificate.getSubjectX500Principal().getName();
Assertions.assertThat(cn).isEqualTo("CN=Graylog\\, Inc.");
}

private static KeyPair selfSigned(String cname) throws Exception {
final CertRequest req = CertRequest.selfSigned(cname).validity(Duration.ofDays(1));
return CertificateGenerator.generate(req);
}
}

0 comments on commit 56addb6

Please sign in to comment.