bhavicp
Reputation: 355
Extracting SubjectAlternativeName from X509 in Java
I'm extracting the SubjectAlternativeName from a X509 Certificate in Java, and it seems to be returning something like
[2, domain.example.com ]
Is this standard? And what does the 2 in the value stand for? Currently i'm parsing out just 2, but I don't want to deploy the code and find out that 2 isn't a standard output from the certificate.
This is my code
X509Certificate[] clientCert = (X509Certificate[]) req
.getAttribute("javax.servlet.request.X509Certificate");
senderDomain = clientCert[0].getSubjectAlternativeNames().toArray()[0]
.toString();
Upvotes: 2
Views: 2511
Answers (1)
Bruno
Reputation: 122599
This is documented in X509Certificate.getSubjectAlternativeNames() (also from the X.509 specification, section 8.3.2.1):
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
So 2 is for DNS names (host names when you verify a server certificate), which is quite common. (If you're expecting an IP address, it's 7 you should look for.)
Upvotes: 3
Related Questions
- How do you parse the Subject Alternate Names from an X509Certificate2?
- How to extract CN from X509Certificate in Java?
- Retrieve Subject alternative names of X.509 certificate in java
- Can't pars subjectAlternativeNames in java
- Read SubjectAlternativeNames from Certificate using Bouncy-Castle Library
- Set Subject Alternative Names programmatically in Java
- How to extract X509 Certificate fields in Java
- conversion of subject name into x509_name format
- Retrieving subject/CN field from a certificate?
- Read alternative name from certificate