57a8dbbce4d0e7d31d5a4b827fb0f140cc40acd0,ca/ca-server/src/main/java/org/xipki/pki/ca/server/impl/IdentifiedX509Certprofile.java,IdentifiedX509Certprofile,getExtensions,#X500Name#X500Name#Extensions#SubjectPublicKeyInfo#PublicCaInfo#X509Certificate#Date#Date#,268

Before Change


            extType = Extension.cRLDistributionPoints;
            extControl = controls.remove(extType);
            if (extControl != null
                    && addMe(extType, extControl, neededExtensionTypes, wantedExtensionTypes)) {
                try {
                    if (CollectionUtil.isNonEmpty(publicCaInfo.getCrlUris())) {
                        CRLDistPoint value = CaUtil.createCrlDistributionPoints(
                                publicCaInfo.getCrlUris(), x500CaPrincipal, crlSignerSubject);
                        addExtension(values, extType, value, extControl,
                                neededExtensionTypes, wantedExtensionTypes);
                    }
                } catch (IOException ex) {
                    throw new CertprofileException(ex.getMessage(), ex);
                }
            }

            // FreshestCRL
            extType = Extension.freshestCRL;
            extControl = controls.remove(extType);
            if (extControl != null
                    && addMe(extType, extControl, neededExtensionTypes, wantedExtensionTypes)) {
                try {
                    if (CollectionUtil.isNonEmpty(publicCaInfo.getDeltaCrlUris())) {
                        CRLDistPoint value = CaUtil.createCrlDistributionPoints(
                            publicCaInfo.getDeltaCrlUris(),x500CaPrincipal, crlSignerSubject);
                        addExtension(values, extType, value, extControl, neededExtensionTypes,
                                wantedExtensionTypes);
                    }
                } catch (IOException ex) {
                    throw new CertprofileException(ex.getMessage(), ex);
                }
            }
        }

        // BasicConstraints
        extType = Extension.basicConstraints;
        extControl = controls.remove(extType);
        if (extControl != null
                && addMe(extType, extControl, neededExtensionTypes, wantedExtensionTypes)) {
            BasicConstraints value = CaUtil.createBasicConstraints(certprofile.getCertLevel(),
                    certprofile.getPathLenBasicConstraint());
            addExtension(values, extType, value, extControl, neededExtensionTypes,
                    wantedExtensionTypes);
        }

        // KeyUsage
        extType = Extension.keyUsage;
        extControl = controls.remove(extType);
        if (extControl != null
                && addMe(extType, extControl, neededExtensionTypes, wantedExtensionTypes)) {
            Set<KeyUsage> usages = new HashSet<>();
            Set<KeyUsageControl> usageOccs = certprofile.getKeyUsage();
            for (KeyUsageControl k : usageOccs) {

After Change


        Map<ASN1ObjectIdentifier, ExtensionControl> controls
                = new HashMap<>(certprofile.getExtensionControls());

        Set<ASN1ObjectIdentifier> neededExtTypes = new HashSet<>();
        Set<ASN1ObjectIdentifier> wantedExtTypes = new HashSet<>();
        if (requestedExtensions != null) {
            Extension reqExtension = requestedExtensions.getExtension(
                    ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
            if (reqExtension != null) {
                ExtensionExistence ee = ExtensionExistence.getInstance(
                        reqExtension.getParsedValue());
                neededExtTypes.addAll(ee.getNeedExtensions());
                wantedExtTypes.addAll(ee.getWantExtensions());
            }

            for (ASN1ObjectIdentifier oid : neededExtTypes) {
                if (wantedExtTypes.contains(oid)) {
                    wantedExtTypes.remove(oid);
                }

                if (!controls.containsKey(oid)) {
                    throw new BadCertTemplateException(
                            "could not add needed extension " + oid.getId());
                }
            }
        }

        // SubjectKeyIdentifier
        ASN1ObjectIdentifier extType = Extension.subjectKeyIdentifier;
        ExtensionControl extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            MessageDigest sha1;
            try {
                sha1 = MessageDigest.getInstance("SHA-1");
            } catch (NoSuchAlgorithmException ex) {
                throw new CertprofileException(ex.getMessage(), ex);
            }
            sha1.reset();

            byte[] encodedSpki = publicKeyInfo.getPublicKeyData().getBytes();
            byte[] skiValue = sha1.digest(encodedSpki);
            SubjectKeyIdentifier value = new SubjectKeyIdentifier(skiValue);
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // Authority key identifier
        extType = Extension.authorityKeyIdentifier;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            byte[] ikiValue = publicCaInfo.getSubjectKeyIdentifer();
            AuthorityKeyIdentifier value = null;
            if (ikiValue != null) {
                if (certprofile.includeIssuerAndSerialInAki()) {
                    GeneralNames x509CaSubject = new GeneralNames(
                            new GeneralName(publicCaInfo.getX500Subject()));
                    value = new AuthorityKeyIdentifier(ikiValue, x509CaSubject,
                            publicCaInfo.getSerialNumber());
                } else {
                    value = new AuthorityKeyIdentifier(ikiValue);
                }
            }

            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // IssuerAltName
        extType = Extension.issuerAlternativeName;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            GeneralNames value = publicCaInfo.getSubjectAltName();
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // AuthorityInfoAccess
        extType = Extension.authorityInfoAccess;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            AuthorityInfoAccessControl aiaControl = certprofile.getAiaControl();

            List<String> caIssuers = null;
            if (aiaControl == null || aiaControl.includesCaIssuers()) {
                caIssuers = publicCaInfo.getCaCertUris();
            }

            List<String> ocspUris = null;
            if (aiaControl == null || aiaControl.includesOcsp()) {
                ocspUris = publicCaInfo.getOcspUris();
            }

            if (CollectionUtil.isNonEmpty(caIssuers) || CollectionUtil.isNonEmpty(ocspUris)) {
                AuthorityInformationAccess value = CaUtil.createAuthorityInformationAccess(
                        caIssuers, ocspUris);
                addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
            }
        }

        if (controls.containsKey(Extension.cRLDistributionPoints)
                || controls.containsKey(Extension.freshestCRL)) {
            X500Name crlSignerSubject = (crlSignerCert == null) ? null
                    : X500Name.getInstance(crlSignerCert.getSubjectX500Principal().getEncoded());
            X500Name x500CaPrincipal = publicCaInfo.getX500Subject();

            // CRLDistributionPoints
            extType = Extension.cRLDistributionPoints;
            extControl = controls.remove(extType);
            if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
                try {
                    if (CollectionUtil.isNonEmpty(publicCaInfo.getCrlUris())) {
                        CRLDistPoint value = CaUtil.createCrlDistributionPoints(
                                publicCaInfo.getCrlUris(), x500CaPrincipal, crlSignerSubject);
                        addExtension(values, extType, value, extControl, neededExtTypes,
                                wantedExtTypes);
                    }
                } catch (IOException ex) {
                    throw new CertprofileException(ex.getMessage(), ex);
                }
            }

            // FreshestCRL
            extType = Extension.freshestCRL;
            extControl = controls.remove(extType);
            if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
                try {
                    if (CollectionUtil.isNonEmpty(publicCaInfo.getDeltaCrlUris())) {
                        CRLDistPoint value = CaUtil.createCrlDistributionPoints(
                                publicCaInfo.getDeltaCrlUris(),x500CaPrincipal, crlSignerSubject);
                        addExtension(values, extType, value, extControl, neededExtTypes,
                                wantedExtTypes);
                    }
                } catch (IOException ex) {
                    throw new CertprofileException(ex.getMessage(), ex);
                }
            }
        }

        // BasicConstraints
        extType = Extension.basicConstraints;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            BasicConstraints value = CaUtil.createBasicConstraints(certprofile.getCertLevel(),
                    certprofile.getPathLenBasicConstraint());
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // KeyUsage
        extType = Extension.keyUsage;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            Set<KeyUsage> usages = new HashSet<>();
            Set<KeyUsageControl> usageOccs = certprofile.getKeyUsage();
            for (KeyUsageControl k : usageOccs) {
                if (k.isRequired()) {
                    usages.add(k.getKeyUsage());
                }
            }

            // the optional KeyUsage will only be set if requested explicitly
            if (requestedExtensions != null && extControl.isRequest()) {
                addRequestedKeyusage(usages, requestedExtensions, usageOccs);
            }

            org.bouncycastle.asn1.x509.KeyUsage value = X509Util.createKeyUsage(usages);
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // ExtendedKeyUsage
        extType = Extension.extendedKeyUsage;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            List<ASN1ObjectIdentifier> usages = new LinkedList<>();
            Set<ExtKeyUsageControl> usageOccs = certprofile.getExtendedKeyUsages();
            for (ExtKeyUsageControl k : usageOccs) {
                if (k.isRequired()) {
                    usages.add(k.getExtKeyUsage());
                }
            }

            // the optional ExtKeyUsage will only be set if requested explicitly
            if (requestedExtensions != null && extControl.isRequest()) {
                addRequestedExtKeyusage(usages, requestedExtensions, usageOccs);
            }

            if (extControl.isCritical()
                    && usages.contains(ObjectIdentifiers.id_anyExtendedKeyUsage)) {
                extControl = new ExtensionControl(false, extControl.isRequired(),
                        extControl.isRequest());
            }

            ExtendedKeyUsage value = X509Util.createExtendedUsage(usages);
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // ocsp-nocheck
        extType = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            // the extension ocsp-nocheck will only be set if requested explicitly
            DERNull value = DERNull.INSTANCE;
            addExtension(values, extType, value, extControl, neededExtTypes, wantedExtTypes);
        }

        // SubjectInfoAccess
        extType = Extension.subjectInfoAccess;
        extControl = controls.remove(extType);
        if (extControl != null && addMe(extType, extControl, neededExtTypes, wantedExtTypes)) {
            ASN1Sequence value = null;
            if (requestedExtensions != null && extControl.isRequest()) {
                value = createSubjectInfoAccess(requestedExtensions,