From a69b35d82c30e443fddf2b4eb15420b6ebcf74ee Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 7 Aug 2023 17:54:50 -0500 Subject: [PATCH] Update NSSExtensionGenerator.createSANExtension() The NSSExtensionGenerator.createSANExtension() has been updated to exclude reserved keywords from the result. --- .../dogtagpki/nss/NSSExtensionGenerator.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/base/common/src/main/java/org/dogtagpki/nss/NSSExtensionGenerator.java b/base/common/src/main/java/org/dogtagpki/nss/NSSExtensionGenerator.java index 9faeacc480c..c1fae5894df 100644 --- a/base/common/src/main/java/org/dogtagpki/nss/NSSExtensionGenerator.java +++ b/base/common/src/main/java/org/dogtagpki/nss/NSSExtensionGenerator.java @@ -476,7 +476,12 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws continue; } - if (option.equals("DNS:request_subject_cn") && pkcs10 != null) { + if (option.equals("DNS:request_subject_cn")) { + + if (pkcs10 == null) { + continue; + } + X500Name subjectName = pkcs10.getSubjectName(); logger.info("Getting CN from subject name: " + subjectName); @@ -490,7 +495,12 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws continue; } - if (option.equals("DNS:request_san_ext") && pkcs10 != null) { + if (option.equals("DNS:request_san_ext")) { + + if (pkcs10 == null) { + continue; + } + logger.info("Getting SAN extension from CSR"); SubjectAlternativeNameExtension sanExtension = CertUtil.getSANExtension(pkcs10); @@ -517,6 +527,10 @@ public SubjectAlternativeNameExtension createSANExtension(PKCS10 pkcs10) throws } } + if (dnsNames.isEmpty()) { + return null; + } + // convert DNS names to general names GeneralNames generalNames = new GeneralNames(); for (String name : dnsNames) {