[NIFI-2621] NiFi CertificateUtils can reuse serial numbers in issued certificates if multiple calls are made in the same millisecond - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0
Component/s: None
Labels:
None

Description

Serial numbers on certificates should be unique. CertificateUtils currently uses System.currentTimeMillis() to generate them.

Proposed solution:
1. Use the current time in millis as the most significant part of the serial number
2. Shift it left 32 bits to make room in the BigInteger for an incrementor value
3. Add the incrementor value to the BigInteger
4. Reset the incrementor every time a the generator function is called and the millisecond is different from before

Attachments

Issue Links

links to

GitHub Pull Request #909

Activity

People

Assignee:: Bryan Rosander

Reporter:: Bryan Rosander

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Aug/16 16:49

Updated:: 23/Aug/16 08:42

Resolved:: 23/Aug/16 08:42