- byte[] data = PEM.decode("(NEW )?CERTIFICATE REQUEST", csr);
- PKCS10 parsed = new PKCS10(data);
- PKCS10Attributes atts = parsed.getAttributes();
-
- for (PKCS10Attribute b : atts.getAttributes()) {
-
- if ( !b.getAttributeId().equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- // unknown attrib
- continue;
- }
-
- for (RDN r : parsed.getSubjectName().rdns()) {
- for (AVA a : r.avas()) {
- if (a.getObjectIdentifier().equals((Object) PKCS9Attribute.EMAIL_ADDRESS_OID)) {
- SANs.add(new SubjectAlternateName(SANType.EMAIL, a.getValueString()));
- } else if (a.getObjectIdentifier().equals((Object) X500Name.commonName_oid)) {
- String value = a.getValueString();
- if (value.contains(".") && !value.contains(" ")) {
- SANs.add(new SubjectAlternateName(SANType.DNS, value));
- } else {
- CN = value;
- }
- } else if (a.getObjectIdentifier().equals((Object) PKIXExtensions.SubjectAlternativeName_Id)) {
- // parse invalid SANs
- }
- }
- }
-
- for (Extension c : ((CertificateExtensions) b.getAttributeValue()).getAllExtensions()) {
- if (c instanceof SubjectAlternativeNameExtension) {
-
- SubjectAlternativeNameExtension san = (SubjectAlternativeNameExtension) c;
- GeneralNames obj = san.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
- for (int i = 0; i < obj.size(); i++) {
- GeneralName generalName = obj.get(i);
- GeneralNameInterface peeled = generalName.getName();
- if (peeled instanceof DNSName) {
- SANs.add(new SubjectAlternateName(SANType.DNS, ((DNSName) peeled).getName()));
- } else if (peeled instanceof RFC822Name) {
- SANs.add(new SubjectAlternateName(SANType.EMAIL, ((RFC822Name) peeled).getName()));
- }
- }
- } else if (c instanceof ExtendedKeyUsageExtension) {
- ExtendedKeyUsageExtension ekue = (ExtendedKeyUsageExtension) c;
- for (String s : ekue.getExtendedKeyUsage()) {
- if (s.equals(OID_KEY_USAGE_SSL_SERVER.toString())) {
- // server
- profile = CertificateProfile.getByName("server");
- } else if (s.equals(OID_KEY_USAGE_SSL_CLIENT.toString())) {
- // client
- profile = CertificateProfile.getByName("client");
- } else if (s.equals(OID_KEY_USAGE_CODESIGN.toString())) {
- // code sign
- } else if (s.equals(OID_KEY_USAGE_EMAIL_PROTECTION.toString())) {
- // emailProtection
- profile = CertificateProfile.getByName("mail");
- } else if (s.equals(OID_KEY_USAGE_TIMESTAMP.toString())) {
- // timestamp
- } else if (s.equals(OID_KEY_USAGE_OCSP.toString())) {
- // OCSP
- }
- }
- } else {
- // Unknown requested extension
- }
- }
-
- }
- out.println(parsed.getSubjectName().getCommonName());
- out.println(parsed.getSubjectName().getCountry());
-
- out.println("CSR DN: " + parsed.getSubjectName() + "<br/>");
- PublicKey pk = parsed.getSubjectPublicKeyInfo();
- checkKeyStrength(pk, out);
- String sign = getSignatureAlgorithm(data);
- guessDigest(sign);
-
- out.println("<br/>digest: " + sign + "<br/>");
-
- this.csr = csr;
- this.csrType = CSRType.CSR;