fix: added localhost SAN to pass local readiness checks

(cherry picked from commit c3bbc6e)
FgForrest · Jun 11, 2024 · 86fb744 · 86fb744
1 parent 3df22c0
commit 86fb744
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/...l_api_core/src/main/java/io/evitadb/externalApi/certificate/ServerCertificateManager.java b/...l_api_core/src/main/java/io/evitadb/externalApi/certificate/ServerCertificateManager.java
@@ -233,10 +233,10 @@ public void generateSelfSignedCertificate(@Nonnull CertificateType... type) thro
 
 		// Issue server and client certificates
 		if (Arrays.stream(type).anyMatch(it -> it == CertificateType.SERVER)) {
-			issueCertificate(CertificateUtils.getServerCertName(), keyPairGenerator, keyPair, x500Name, notBefore, notAfter, rootCert);
+			issueCertificate(CertificateUtils.getServerCertName(), keyPairGenerator, keyPair, x500Name, notBefore, notAfter, rootCert, CertificateType.SERVER);
 		}
 		if (Arrays.stream(type).anyMatch(it -> it == CertificateType.CLIENT)) {
-			issueCertificate(CertificateUtils.getClientCertName(), keyPairGenerator, keyPair, x500Name, notBefore, notAfter, rootCert);
+			issueCertificate(CertificateUtils.getClientCertName(), keyPairGenerator, keyPair, x500Name, notBefore, notAfter, rootCert, CertificateType.CLIENT);
 		}
 	}
 
@@ -258,7 +258,8 @@ private void issueCertificate(
 		@Nonnull X500Name x500Name,
 		@Nonnull Date notBefore,
 		@Nonnull Date notAfter,
-		@Nonnull X509Certificate rootCert
+		@Nonnull X509Certificate rootCert,
+		@Nonnull CertificateType certificateType
 	) throws Exception {
 		final X500Name issuedCertSubject = new X500Name("CN=" + certificateName);
 		final BigInteger issuedCertSerialNum = new BigInteger(Long.toString(new SecureRandom().nextLong()));
@@ -286,6 +287,15 @@ private void issueCertificate(
 		issuedCertBuilder.addExtension(Extension.authorityKeyIdentifier, false, issuedCertExtUtils.createAuthorityKeyIdentifier(rootCert));
 		issuedCertBuilder.addExtension(Extension.subjectKeyIdentifier, false, issuedCertExtUtils.createSubjectKeyIdentifier(csr.getSubjectPublicKeyInfo()));
 
+		if (certificateType == CertificateType.SERVER) {
+			// Add DNS name to the cert to be used for SSL
+			issuedCertBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(new ASN1Encodable[]{
+				new GeneralName(GeneralName.dNSName, InetAddress.getLocalHost().getHostName()),
+				new GeneralName(GeneralName.iPAddress, InetAddress.getLocalHost().getHostAddress()),
+				new GeneralName(GeneralName.dNSName, "localhost")
+			}));
+		}
+
 		// Add intended key usage extension if needed
 		issuedCertBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature));