private final PrivateKey caKey;
private final X500Name issuer;
- private final SecureRandom random = new SecureRandom();
private BigInteger serial;
private final X509ChainWithIssuer x509cwi; // "Cert" is CACert
public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException {
super(access, name, env);
- serial = new BigInteger(64,random);
+ serial = new BigInteger(64,new SecureRandom());
if (params.length<1 || params[0].length<2) {
throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+");
try {
String pass = access.decrypt(params[0][2]/*encrypted passcode*/, true);
- if (pass==null) {
+ if (pass==null || pass.isEmpty()) {
throw new CertException("Passcode for " + fileName + " cannot be decrypted.");
}
char[] ksPass = pass.toCharArray();
keyStore.load(fis,ksPass);
} finally {
- if (fis != null)
+ if (fis != null) {
fis.close();
+ }
}
Entry entry;
if (fileName.endsWith(".pkcs11")) {
public X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
GregorianCalendar gc = new GregorianCalendar();
Date start = gc.getTime();
- gc.add(GregorianCalendar.MONTH, 6);
+ gc.add(GregorianCalendar.MONTH, 12);
Date end = gc.getTime();
X509Certificate x509;
TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);