This is an automated email from the ASF dual-hosted git repository. xyao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/master by this push: new 049793d HDDS-4301. SCM CA certificate does not encode KeyUsage extension properly (#1468) 049793d is described below commit 049793ddabe895532c95d0af0ca3de9ec940066a Author: Xiaoyu Yao <x...@apache.org> AuthorDate: Mon Oct 19 13:08:45 2020 -0700 HDDS-4301. SCM CA certificate does not encode KeyUsage extension properly (#1468) --- .../hdds/security/x509/certificates/utils/CertificateSignRequest.java | 2 +- .../hdds/security/x509/certificates/utils/SelfSignedCertificate.java | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java index f740e43..bee64e1 100644 --- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java +++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/CertificateSignRequest.java @@ -265,7 +265,7 @@ public final class CertificateSignRequest { } KeyUsage keyUsage = new KeyUsage(keyUsageFlag); return new Extension(Extension.keyUsage, true, - new DEROctetString(keyUsage)); + keyUsage.getEncoded()); } private Optional<Extension> getSubjectAltNameExtension() throws diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java index a7edfde..daf0e26 100644 --- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java +++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificates/utils/SelfSignedCertificate.java @@ -42,7 +42,6 @@ import org.apache.logging.log4j.util.Strings; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTF8String; @@ -145,8 +144,7 @@ public final class SelfSignedCertificate { new BasicConstraints(true)); int keyUsageFlag = KeyUsage.keyCertSign | KeyUsage.cRLSign; KeyUsage keyUsage = new KeyUsage(keyUsageFlag); - builder.addExtension(Extension.keyUsage, false, - new DEROctetString(keyUsage)); + builder.addExtension(Extension.keyUsage, true, keyUsage); if (altNames != null && altNames.size() >= 1) { builder.addExtension(new Extension(Extension.subjectAlternativeName, false, new GeneralNames(altNames.toArray( --------------------------------------------------------------------- To unsubscribe, e-mail: ozone-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: ozone-commits-h...@hadoop.apache.org