CODEWITHSUNDEEP
javabouncycastlepkcs#10
zero
zero

Reputation: 31

How to extract SubjectAlternativeNames form PKCS10 request

I would like to extract the subject alternative name (SAN) from a PKCS10 request in JAVA.

Fist, I get the PKCS10CertificationRequest using bouncycastle as follow:

PKCS10CertificationRequest certificationRequest = getPKCS10CertificationRequest(csr);

But then, I don't know if there a way to extract the SAN value from certificationRequest.

Any help please ?

Upvotes: 0

Views: 815

Answers (1)

dave_thompson_085
dave_thompson_085

Reputation: 39000

    byte[] der = Files.readAllBytes(Paths.get(args[0])); // for example
    // assuming all BouncyCastle classes imported as needed and 
    // given a CSR in der, to get the SAN extension as an object
    // (minimal error handling, you may want to improve)
    Attribute[] attrs = new PKCS10CertificationRequest(der).getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
    if( attrs.length != 1 ) throw new Exception("bad");
    ASN1Encodable[] valus = attrs[0].getAttributeValues();
    if( valus.length != 1 ) throw new Exception("bad");
    Extension extn = Extensions.getInstance(valus[0]).getExtension(Extension.subjectAlternativeName);
    if( extn == null ) throw new Exception("missing");
    // to get the _value_ of the extension, now extn.getExtnValus().getOctets()
    // to _use_ the _value_ of the extension, parse as GeneralNames:
    GeneralNames sanv = GeneralNames.getInstance(extn.getExtnValue().getOctets());
    for( GeneralName item : sanv.getNames() ){ // example of possible usage
        System.out.println (item.toString()); // you probably want something else
    }

Upvotes: 1

Related Questions