diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-10-07 13:48:24 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-10-07 13:48:24 +0200 |
commit | bd64dc62bfc7800c570f36514e98ac04b4c07988 (patch) | |
tree | 8f513d96b86b749c2c5182e28af1441e1fdf6293 /security-utils | |
parent | 385ff3f0d79e76eba8c6cf688bc730fb14b0dd38 (diff) |
Decode SAN IP address field from CSR
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java index 29395c75e70..81581c8146c 100644 --- a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java +++ b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java @@ -3,10 +3,13 @@ package com.yahoo.security; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.Arrays; import java.util.List; import java.util.Objects; @@ -43,6 +46,10 @@ public class SubjectAlternativeName { return new GeneralName(type.tag, value); } + public SubjectAlternativeName decode() { + return new SubjectAlternativeName(new GeneralName(type.tag, value)); + } + static List<SubjectAlternativeName> fromGeneralNames(GeneralNames generalNames) { return Arrays.stream(generalNames.getNames()).map(SubjectAlternativeName::new).collect(toList()); } @@ -56,6 +63,14 @@ public class SubjectAlternativeName { return DERIA5String.getInstance(name).getString(); case GeneralName.directoryName: return X500Name.getInstance(name).toString(); + case GeneralName.iPAddress: + var octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets(); + try { + return InetAddress.getByAddress(octets).getHostAddress(); + } catch (UnknownHostException e) { + // Only thrown if IP address is of invalid length, which is an illegal argument + throw new IllegalArgumentException(e); + } default: return name.toString(); } |