Fix ExtendedKeyUsage in CertificateType

Description

Corda certificates define the X509 'Extended Key Usage' as `anyExtendedKeyUsage` which is too broad. Fix to include only the necessary key usages, and no more than this.

i.e. for Corda TLS Certs, the only required Extended Key Usages are 'Client Authentication' and 'Server Authentication'

Arguably the other certificate types in Corda do not require any (extended) key usage at all, as the existing Key Usage fields are sufficient

See:
https://r3-cev.atlassian.net/wiki/spaces/CC/pages/597688546/Certificate+Definitions+-+Corda+Network+Production

Status

Assignee

Dan Newton

Reporter

James Brown

Feature Team

Corda Core

Story Points

3

Fix versions

Ported to...

Corda 4.3
Corda Enterprise 4.3

Priority

Medium

Sprint

None

Affects versions

Configure