diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-10-04 13:06:41 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-10-04 13:06:41 +0200 |
commit | d5f0162c69e3f1cb1a8f16553fa0564754681ad1 (patch) | |
tree | cbb80709384baf5bfbb837074044d55213ebcc75 /athenz-identity-provider-service/src/main | |
parent | 6fe52f2ed1665f6fe29b74bbaec4db2c889ebacf (diff) |
Add SAN from CSR to certificate
Diffstat (limited to 'athenz-identity-provider-service/src/main')
-rw-r--r-- | athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java index 6d121657a40..447b6efb09b 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java @@ -35,14 +35,17 @@ public class Certificates { var now = clock.instant(); var notBefore = now.minus(Duration.ofHours(1)); var notAfter = now.plus(CERTIFICATE_TTL); - return X509CertificateBuilder.fromCsr(csr, + var builder = X509CertificateBuilder.fromCsr(csr, x500principal, notBefore, notAfter, caPrivateKey, SHA256_WITH_ECDSA, - X509CertificateBuilder.generateRandomSerialNumber()) - .build(); + X509CertificateBuilder.generateRandomSerialNumber()); + for (var san : csr.getSubjectAlternativeNames()) { + builder = builder.addSubjectAlternativeName(san.getValue()); + } + return builder.build(); } /** Returns the DNS name field from Subject Alternative Names in given csr */ |