bouncycastle - How to parse SAN from CSR using java or bouncy castle? -


i have generated csr using openssl. want parse csr , display ipaddress, othername available in csr.

i have written following code. able display dns, url not able display ipaddress , othername in correct format.

  public static void testreadcertificatesigningrequest()  {      string csrpem = null;      try {       fileinputstream fis = new fileinputstream("e://test.txt");       csrpem = ioutils.tostring(fis);      } catch (exception e) {     // todo auto-generated catch block     e.printstacktrace();      }    pkcs10certificationrequest csr = convertpemtopkcs10certificationrequest(csrpem);  x500name x500name = csr.getsubject(); system.out.println("x500name is: " + x500name + "\n");    attribute[] certattributes = csr.getattributes();  (attribute attribute : certattributes) {      if (attribute.getattrtype().equals(pkcsobjectidentifiers.pkcs_9_at_extensionrequest)) {          extensions extensions = extensions.getinstance(attribute.getattrvalues().getobjectat(0));          //extension ext = extensions.getextension(extension.subjectalternativename);          generalnames gns = generalnames.fromextensions(extensions,extension.subjectalternativename);          generalname[] names = gns.getnames();          for(int k=0; k < names.length; k++) {              string title = "";              if(names[k].gettagno() == generalname.dnsname) {                  title = "dnsname";              }              else if(names[k].gettagno() == generalname.ipaddress) {                  title = "ipaddress";                  names[k].toasn1object();              }              else if(names[k].gettagno() == generalname.othername) {                  title = "othername";              }              system.out.println(title + ": "+ names[k].getname());          }       } }  }   // method convert pem pkcs10certificationrequest private static pkcs10certificationrequest convertpemtopkcs10certificationrequest(string pem) {     pemparser prd = new pemparser(new stringreader(pem));     org.bouncycastle.pkcs.pkcs10certificationrequest csr = null;     try {         csr = (org.bouncycastle.pkcs.pkcs10certificationrequest) prd.readobject();     } catch (ioexception e) {         e.printstacktrace();     }      return csr; }

above code prints ipaddress, othername per below:

ipaddress: #c0a80701 ipaddress: #00130000000000000000000000000017 othername: [1.2.3.4, [0]some other identifier]

how can retrieve ipadress , othername in correct format?

thanks.

that 'correct' format. there no other way besides manual conversion other answer suggests.

bouncycastle encodes internally in generalname.java class constructor. 

  153           else if (tag == ipaddress)   154           {   155               byte[] enc = togeneralnameencoding(name);   156               if (enc != null)   157               {   158                   this.obj = new deroctetstring(enc);   159               }   160               else   161               {   162                   throw new illegalargumentexception("ip address invalid");   163               }   164           }

see: http://www.docjar.org/html/api/org/bouncycastle/asn1/x509/generalname.java.html

when extract generalnames csr incorporate them certificate, bouncycastle decodes again original value ends in final certificate.

regarding othername property: "for x400address, othername , edipartyname there no common string format defined." there no 'correct' format there.

see: http://www.eecs.berkeley.edu/~jonah/javadoc/org/bouncycastle/asn1/x509/generalname.html


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more