Mock CA improvement: copy extensions from request to cert

siemens · Feb 1, 2024 · 85f69e9 · 85f69e9
1 parent 1ef2dc5
commit 85f69e9
Showing 1 changed file with 25 additions and 4 deletions.
diff --git a/src/test/java/com/siemens/pki/cmpracomponent/test/framework/CmpCaMock.java b/src/test/java/com/siemens/pki/cmpracomponent/test/framework/CmpCaMock.java
@@ -53,6 +53,7 @@
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.cert.CertIOException;
 import org.bouncycastle.cert.X509v3CertificateBuilder;
@@ -93,7 +94,10 @@ public CmpCaMock(final String enrollmentCredentials, final String protectionCred
     }
 
     private CMPCertificate createCertificate(
-            final X500Name subject, final SubjectPublicKeyInfo publicKey, final X509Certificate issuingCert)
+            final X500Name subject,
+            final SubjectPublicKeyInfo publicKey,
+            final X509Certificate issuingCert,
+            Extensions extensionsFromTemplate)
             throws PEMException, NoSuchAlgorithmException, CertIOException, CertificateException,
                     OperatorCreationException {
         final long now = System.currentTimeMillis();
@@ -107,6 +111,16 @@ private CMPCertificate createCertificate(
                 pubKey);
 
         final JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+        if (extensionsFromTemplate != null) {
+            Arrays.stream(extensionsFromTemplate.getExtensionOIDs()).forEach(oid -> {
+                try {
+                    v3CertBldr.addExtension(extensionsFromTemplate.getExtension(oid));
+                } catch (final CertIOException e) {
+                    // TODO Auto-generated catch block
+                    e.printStackTrace();
+                }
+            });
+        }
         v3CertBldr.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pubKey));
         v3CertBldr.addExtension(
                 Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(issuingCert));
@@ -155,7 +169,8 @@ private PKIMessage handleCrmfCerticateRequest(final PKIMessage receivedMessage)
                 .getCertTemplate();
         final SubjectPublicKeyInfo publicKey = requestTemplate.getPublicKey();
         final X500Name subject = requestTemplate.getSubject();
-        final CMPCertificate cmpCertificateFromCertificate = createCertificate(subject, publicKey, issuingCert);
+        final CMPCertificate cmpCertificateFromCertificate =
+                createCertificate(subject, publicKey, issuingCert, requestTemplate.getExtensions());
 
         // drop root certificate from copy
         issuingChain.remove(issuingChain.size() - 1);
@@ -177,7 +192,10 @@ CMPCertificate handleP10CerticateRequest(final PKCS10CertificationRequest certif
         final List<X509Certificate> issuingChain = enrollmentCredentials.getCertificateChain();
         final X509Certificate issuingCert = issuingChain.get(0);
         return createCertificate(
-                certificationRequest.getSubject(), certificationRequest.getSubjectPublicKeyInfo(), issuingCert);
+                certificationRequest.getSubject(),
+                certificationRequest.getSubjectPublicKeyInfo(),
+                issuingCert,
+                certificationRequest.getRequestedExtensions());
     }
 
     private PKIMessage handleP10CerticateRequest(final PKIMessage receivedMessage) throws Exception {
@@ -188,7 +206,10 @@ private PKIMessage handleP10CerticateRequest(final PKIMessage receivedMessage) t
         final CertificationRequestInfo certificationRequestInfo =
                 ((CertificationRequest) receivedMessage.getBody().getContent()).getCertificationRequestInfo();
         final CMPCertificate cmpCertificateFromCertificate = createCertificate(
-                certificationRequestInfo.getSubject(), certificationRequestInfo.getSubjectPublicKeyInfo(), issuingCert);
+                certificationRequestInfo.getSubject(),
+                certificationRequestInfo.getSubjectPublicKeyInfo(),
+                issuingCert,
+                null);
 
         // drop root certificate from copy
         issuingChain.remove(issuingChain.size() - 1);