private void testSubjectAltName() throws IOException { System.out.println("X.509 Certificate Match on subjectAltName"); // bad match X509CertSelector selector = new X509CertSelector(); GeneralNameInterface dnsName = new DNSName("foo.com"); DerOutputStream tmp = new DerOutputStream(); dnsName.encode(tmp); selector.addSubjectAlternativeName(2, tmp.toByteArray()); checkMatch(selector, cert, false); // good match DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17")); byte[] encoded = in.getOctetString(); SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded); GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); GeneralName name = (GeneralName) names.get(0); selector.setSubjectAlternativeNames(null); DerOutputStream tmp2 = new DerOutputStream(); name.getName().encode(tmp2); selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray()); checkMatch(selector, cert, true); // good match 2 (matches at least one) selector.setMatchAllSubjectAltNames(false); selector.addSubjectAlternativeName(2, "foo.com"); checkMatch(selector, cert, true); }
/** * Helper method to add DNSName types for the SAN extension * * @param dnsNames A {@code List} of names to add as DNSName types * * @throws IOException if an encoding error occurs. */ public void addSubjectAltNameDNSExt(List<String> dnsNames) throws IOException { if (!dnsNames.isEmpty()) { GeneralNames gNames = new GeneralNames(); for (String name : dnsNames) { gNames.add(new GeneralName(new DNSName(name))); } addExtension(new SubjectAlternativeNameExtension(false, gNames)); } }
