Provisional fix for certificates that have tagged objects instead of plain...

Provisional fix for certificates that have tagged objects instead of plain strings in their subject alternative names section. git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@12975 b35dd754-fafc-0310-a699-88a17e54d16e

Provisional fix for certificates that have tagged objects instead of plain...
Provisional fix for certificates that have tagged objects instead of plain strings in their subject alternative names section. git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@12975 b35dd754-fafc-0310-a699-88a17e54d16e
c83fde0e · guus · 26a0bb62 · c83fde0e
Commit c83fde0e authored Feb 09, 2012 by guus
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 5 deletions

CertificateManager.java src/java/org/jivesoftware/util/CertificateManager.java +18 -5

No files found.
--- a/src/java/org/jivesoftware/util/CertificateManager.java
+++ b/src/java/org/jivesoftware/util/CertificateManager.java
@@ -57,6 +57,8 @@ import java.util.regex.Pattern;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
@@ -253,16 +255,27 @@ public class CertificateManager {
                        // Check the object identifier
                        DERObjectIdentifier objectId = (DERObjectIdentifier) otherNameSeq.getObjectAt(0);
+                    	Log.debug("Parsing otherName for subject alternative names: " + objectId.toString() );
                        if ( !OTHERNAME_XMPP_OID.equals(objectId.getId())) {
                            // Not a XMPP otherName
-                            Log.debug("CertificateManager: Ignoring non-XMPP otherName, " + objectId.getId());
+                            Log.debug("Ignoring non-XMPP otherName, " + objectId.getId());
                            continue;
                        }
                        // Get identity string
                        try {
-	                        DERUTF8String derStr = DERUTF8String.getInstance(otherNameSeq.getObjectAt(1));
+                        	final String identity;
-	                        String identity = derStr.getString();
+	                        DEREncodable o = otherNameSeq.getObjectAt(1);
+	                        if (o instanceof DERTaggedObject) {
+	                        	ASN1TaggedObject ato = DERTaggedObject.getInstance(o);
+	                        	Log.debug("... processing DERTaggedObject: " + ato.toString());
+	                        	// TODO: there's bound to be a better way...
+	                        	identity = ato.toString().substring(ato.toString().lastIndexOf(']')+1).trim();
+	                        } else {
+								DERUTF8String derStr = DERUTF8String.getInstance(o);
+		                        identity = derStr.getString();
+	                        }
 	                        if (identity != null && identity.length() > 0) {
 	                            // Add the decoded server name to the list of identities
 	                            identities.add(identity);
@@ -279,14 +292,14 @@ public class CertificateManager {
                        // Ignore
                    }
                    catch (Exception e) {
-                        Log.error("CertificateManager: Error decoding subjectAltName", e);
+                        Log.error("Error decoding subjectAltName", e);
                    }
                }
                // Other types are not applicable for XMPP, so silently ignore them
            }
        }
        catch (CertificateParsingException e) {
-            Log.error("CertificateManager: Error parsing SubjectAltName in certificate: " + certificate.getSubjectDN(), e);
+            Log.error("Error parsing SubjectAltName in certificate: " + certificate.getSubjectDN(), e);
        }
        return identities;
    }