Read SubjectAlternativeNames from Certificate using Bouncy-Castle Library

Question

I am using bouncy-castle library to make a TLS-Handshake with an Web-Server and grab the public certificate. Below is my code

 private org.bouncycastle.asn1.x509.Certificate[] certificateList;

    public static void main(String... args) {
        new BCMain().testBCTLS();
    }

    private void testBCTLS() {
        try {
            Socket s = new Socket(InetAddress.getByName(WEB_SERVER), WEB_SERVER_PORT);
            //TlsProtocolHandler tlsHandler = new TlsProtocolHandler(s.getInputStream(), s.getOutputStream());

            TlsClientProtocol protocol = new TlsClientProtocol(s.getInputStream(), s.getOutputStream(), new SecureRandom());

            TlsClient client = new DefaultTlsClient() {
                private Boolean connectionStatus = Boolean.FALSE;

                @Override
                public TlsAuthentication getAuthentication() throws IOException {


                    return new ServerOnlyTlsAuthentication() {

                        public void notifyServerCertificate(Certificate serverCertificate)
                                throws IOException {

                            certificateList = serverCertificate.getCertificateList();
                        }
                    };
                }

                @Override
                public Hashtable getClientExtensions() throws IOException {
                    Hashtable clientExtensions = super.getClientExtensions();
                    clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientExtensions);
                    Vector<ServerName> serverNames = new Vector(1);
                    serverNames.add(new ServerName(NameType.host_name, SNI_HOST_NAME));

                    TlsExtensionsUtils.addServerNameExtension(clientExtensions, new ServerNameList(serverNames));

                    return clientExtensions;

                }

                public Boolean getConnectionStatus() {
                    return connectionStatus;
                }

            };

            protocol.connect(client);

            if (this.certificateList!=null) {
                org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];

                System.out.println(certificate.getSubject());
            }

            InputStream is = protocol.getInputStream();
            System.out.println(is);


        } catch (Exception e) {
            e.printStackTrace();
        }


    }

I wanted to extract Subject Alternative Names from that Public certificate

The X509Certificate of JDK has method to extract SubjectAlternativeNames .. But I want to get the same from the bouncy-castle certificate.

Can some one help on this please ?

Answer 1

I was able to extract Subject-Alternative-Names using X509CertificateHolder and JcaX509CertificateConverter classes from BouncyCastle Library .. In continuation to the above code

import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;


if (this.certificateList!=null) {
     org.bouncycastle.asn1.x509.Certificate certificate = certificateList[0];
     X509CertificateHolder holder = new X509CertificateHolder(certificate.getEncoded());
     X509Certificate x509Certificate = new JcaX509CertificateConverter().getCertificate(holder);
     Collection<List<?>> sanCollections = x509Certificate.getSubjectAlternativeNames();
}