[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE



On 2015-07-17 22:25, Ade Lee wrote:
> NACK.
> 
> Agreed that this is not the right place for this fix.  If we fix in
> Python client, then Java and Python clients will be inconsistent.
> This needs to be fixed on the server.

As discussed on IRC here is a new patch that modifies
CertService.getCertChainData()

From 6833def6cd7d5e640dfd5b1a5df93697ecdc0a69 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes redhat com>
Date: Tue, 21 Jul 2015 12:31:34 +0200
Subject: [PATCH] Wrap CertData in BEGIN/END CERTIFICATE envelope

CertService.getCertChainData() wraps baste64 encoded PKCS#7 in BEGIN
CERTIFICATE and END CERTIFICATE envelope.

https://fedorahosted.org/pki/ticket/1374
---
 base/ca/src/org/dogtagpki/server/ca/rest/CertService.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
index 440f756dee79904556f9f1671f2638cf22199e22..f173f2d388d52122cac863d6bfd9cbc80d6f4df4 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
@@ -81,6 +81,7 @@ import com.netscape.cms.servlet.cert.CertRequestDAO;
 import com.netscape.cms.servlet.cert.FilterBuilder;
 import com.netscape.cms.servlet.cert.RevocationProcessor;
 import com.netscape.cms.servlet.processors.CAProcessor;
+import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -640,7 +641,7 @@ public class CertService extends PKIService implements CertResource {
             p7.encodeSignedData(bos, false);
             byte[] p7Bytes = bos.toByteArray();
 
-            p7Str = Utils.base64encode(p7Bytes);
+            p7Str = CryptoUtil.certFormat(Utils.base64encode(p7Bytes));
         } catch (Exception e) {
             p7Str = null;
         }
-- 
2.4.3

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]