summaryrefslogtreecommitdiffstats
path: root/security-utils
diff options
context:
space:
mode:
authorMartin Polden <mpolden@mpolden.no>2019-10-07 13:48:24 +0200
committerMartin Polden <mpolden@mpolden.no>2019-10-07 13:48:24 +0200
commitbd64dc62bfc7800c570f36514e98ac04b4c07988 (patch)
tree8f513d96b86b749c2c5182e28af1441e1fdf6293 /security-utils
parent385ff3f0d79e76eba8c6cf688bc730fb14b0dd38 (diff)
Decode SAN IP address field from CSR
Diffstat (limited to 'security-utils')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java15
1 files changed, 15 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
index 29395c75e70..81581c8146c 100644
--- a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
+++ b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
@@ -3,10 +3,13 @@ package com.yahoo.security;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
@@ -43,6 +46,10 @@ public class SubjectAlternativeName {
return new GeneralName(type.tag, value);
}
+ public SubjectAlternativeName decode() {
+ return new SubjectAlternativeName(new GeneralName(type.tag, value));
+ }
+
static List<SubjectAlternativeName> fromGeneralNames(GeneralNames generalNames) {
return Arrays.stream(generalNames.getNames()).map(SubjectAlternativeName::new).collect(toList());
}
@@ -56,6 +63,14 @@ public class SubjectAlternativeName {
return DERIA5String.getInstance(name).getString();
case GeneralName.directoryName:
return X500Name.getInstance(name).toString();
+ case GeneralName.iPAddress:
+ var octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
+ try {
+ return InetAddress.getByAddress(octets).getHostAddress();
+ } catch (UnknownHostException e) {
+ // Only thrown if IP address is of invalid length, which is an illegal argument
+ throw new IllegalArgumentException(e);
+ }
default:
return name.toString();
}