Skip to content

Commit

Permalink
Update NSSExtensionGenerator.createSANExtension()
Browse files Browse the repository at this point in the history
The NSSExtensionGenerator.createSANExtension() has been
updated to exclude reserved keywords from the result.
  • Loading branch information
edewata committed Aug 8, 2023
1 parent 22a1b3d commit a69b35d
Showing 1 changed file with 16 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -476,7 +476,12 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws
continue;
}

if (option.equals("DNS:request_subject_cn") && pkcs10 != null) {
if (option.equals("DNS:request_subject_cn")) {

if (pkcs10 == null) {
continue;
}

X500Name subjectName = pkcs10.getSubjectName();
logger.info("Getting CN from subject name: " + subjectName);

Expand All @@ -490,7 +495,12 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws
continue;
}

if (option.equals("DNS:request_san_ext") && pkcs10 != null) {
if (option.equals("DNS:request_san_ext")) {

if (pkcs10 == null) {
continue;
}

logger.info("Getting SAN extension from CSR");
SubjectAlternativeNameExtension sanExtension = CertUtil.getSANExtension(pkcs10);

Expand All @@ -517,6 +527,10 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws
}
}

if (dnsNames.isEmpty()) {
return null;
}

// convert DNS names to general names
GeneralNames generalNames = new GeneralNames();
for (String name : dnsNames) {
Expand Down

0 comments on commit a69b35d

Please sign in to comment.