Skip to content

O
Openfire
Commit b724b3fa authored by Dave Cridland's avatar Dave Cridland
Browse files
Options

Merge pull request #108 from wmz7year/fixCertificateManager 

Update CertificateManager.java
parents 6bc0ac29 eb9144d7
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 4 deletions
src/java/org/jivesoftware/util/CertificateManager.java
View file @ b724b3fa
...@@ -377,15 +377,20 @@ public class CertificateManager { ...@@ -377,15 +377,20 @@ public class CertificateManager {
return Collections.emptyList(); return Collections.emptyList();
} }
// Use the type OtherName to search for the certified server name // Use the type OtherName to search for the certified server name
for (List item : altNames) { for (List<?> item : altNames) {
Integer type = (Integer) item.get(0); Integer type = (Integer) item.get(0);
if (type == 0) { if (type == 0) {
// Type OtherName found so return the associated value // Type OtherName found so return the associated value
try { try {
// Value is encoded using ASN.1 so decode it to get the server's identity // Value is encoded using ASN.1 so decode it to get the server's identity
ASN1InputStream decoder = new ASN1InputStream((byte[]) item.get(1)); ASN1InputStream decoder = new ASN1InputStream((byte[]) item.get(1));
ASN1Sequence otherNameSeq = (ASN1Sequence) decoder.readObject(); Object object = decoder.readObject();
ASN1Sequence otherNameSeq = null;
if (object != null && object instanceof ASN1Sequence) {
otherNameSeq = (ASN1Sequence) object;
} else {
continue;
}
// Check the object identifier // Check the object identifier
ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0); ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
Log.debug("Parsing otherName for subject alternative names: " + objectId.toString() ); Log.debug("Parsing otherName for subject alternative names: " + objectId.toString() );
...@@ -406,13 +411,14 @@ public class CertificateManager { ...@@ -406,13 +411,14 @@ public class CertificateManager {
// TODO: there's bound to be a better way... // TODO: there's bound to be a better way...
identity = ato.toString().substring(ato.toString().lastIndexOf(']')+1).trim(); identity = ato.toString().substring(ato.toString().lastIndexOf(']')+1).trim();
} else { } else {
DERUTF8String derStr = DERUTF8String.getInstance(o); DERUTF8String derStr = DERUTF8String.getInstance(o);
identity = derStr.getString(); identity = derStr.getString();
} }
if (identity != null && identity.length() > 0) { if (identity != null && identity.length() > 0) {
// Add the decoded server name to the list of identities // Add the decoded server name to the list of identities
identities.add(identity); identities.add(identity);
} }
decoder.close();
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
// OF-517: othername formats are extensible. If we don't recognize the format, skip it. // OF-517: othername formats are extensible. If we don't recognize the format, skip it.
Log.debug("Cannot parse altName, likely because of unknown record format.", ex); Log.debug("Cannot parse altName, likely because of unknown record format.", ex);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023