Fix extended key usage value while generating CSR
At present extended key usage values are added as
key usage values while generating CSR fixed the same.
Tested:
Verified that key usage and extended key usage values are
displayed properly
[devenrao]$ openssl req -text -in n1.csr
Certificate Request:
Data:
Version: 1 (0x1)
Subject: subjectAltName=an.com/subjectAltName=bm.com, L=NJ,
CN=w3.ibm.com/name=cp, C=US/emailAddress=abc.com,
GN=gn/initials=in/algorithm=EC/extendedKeyUsage=ServerAuthentication/keyUsage=KeyCertSign/keyUsage=DigitalSignature,
O=IBM, ST=NY, SN=sn/unstructuredName=un
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I80e2f82696a695ea551cbb01f6a0fd5a2a416663
diff --git a/certs_manager.cpp b/certs_manager.cpp
index 59808c1..a03088d 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -263,7 +263,14 @@
{
for (auto& usage : keyUsage)
{
- addEntry(x509Name, "keyUsage", usage);
+ if (isExtendedKeyUsage(usage))
+ {
+ addEntry(x509Name, "extendedKeyUsage", usage);
+ }
+ else
+ {
+ addEntry(x509Name, "keyUsage", usage);
+ }
}
}
addEntry(x509Name, "O", organization);
@@ -313,6 +320,16 @@
writeCSR(csrFilePath.string(), x509Req);
}
+bool Manager::isExtendedKeyUsage(const std::string& usage)
+{
+ const static std::array<const char*, 6> usageList = {
+ "ServerAuthentication", "ClientAuthentication", "OCSPSigning",
+ "Timestamping", "CodeSigning", "EmailProtection"};
+ auto it = std::find_if(
+ usageList.begin(), usageList.end(),
+ [&usage](const char* s) { return (strcmp(s, usage.c_str()) == 0); });
+ return it != usageList.end();
+}
EVP_PKEY_Ptr Manager::generateRSAKeyPair(const int64_t keyBitLength)
{
int ret = 0;