+ PKCS10Attributes atts = parsed.getAttributes();
+
+ for (PKCS10Attribute b : atts.getAttributes()) {
+
+ if ( !b.getAttributeId().equals((Object) PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ // unknown attrib
+ continue;
+ }
+
+ for (RDN r : parsed.getSubjectName().rdns()) {
+ for (AVA a : r.avas()) {
+ if (a.getObjectIdentifier().equals((Object) PKCS9Attribute.EMAIL_ADDRESS_OID)) {
+ SANs.add(new SubjectAlternateName(SANType.EMAIL, a.getValueString()));
+ } else if (a.getObjectIdentifier().equals((Object) X500Name.commonName_oid)) {
+ String value = a.getValueString();
+ if (value.contains(".") && !value.contains(" ")) {
+ SANs.add(new SubjectAlternateName(SANType.DNS, value));
+ } else {
+ CN = value;
+ }
+ } else if (a.getObjectIdentifier().equals((Object) PKIXExtensions.SubjectAlternativeName_Id)) {
+ // parse invalid SANs
+ }
+ }
+ }
+
+ for (Extension c : ((CertificateExtensions) b.getAttributeValue()).getAllExtensions()) {
+ if (c instanceof SubjectAlternativeNameExtension) {
+
+ SubjectAlternativeNameExtension san = (SubjectAlternativeNameExtension) c;
+ GeneralNames obj = san.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+ for (int i = 0; i < obj.size(); i++) {
+ GeneralName generalName = obj.get(i);
+ GeneralNameInterface peeled = generalName.getName();
+ if (peeled instanceof DNSName) {
+ SANs.add(new SubjectAlternateName(SANType.DNS, ((DNSName) peeled).getName()));
+ } else if (peeled instanceof RFC822Name) {
+ SANs.add(new SubjectAlternateName(SANType.EMAIL, ((RFC822Name) peeled).getName()));
+ }
+ }
+ } else if (c instanceof ExtendedKeyUsageExtension) {
+ ExtendedKeyUsageExtension ekue = (ExtendedKeyUsageExtension) c;
+ for (String s : ekue.getExtendedKeyUsage()) {
+ if (s.equals(OID_KEY_USAGE_SSL_SERVER.toString())) {
+ // server
+ profile = CertificateProfile.getByName("server");
+ } else if (s.equals(OID_KEY_USAGE_SSL_CLIENT.toString())) {
+ // client
+ profile = CertificateProfile.getByName("client");
+ } else if (s.equals(OID_KEY_USAGE_CODESIGN.toString())) {
+ // code sign
+ } else if (s.equals(OID_KEY_USAGE_EMAIL_PROTECTION.toString())) {
+ // emailProtection
+ profile = CertificateProfile.getByName("mail");
+ } else if (s.equals(OID_KEY_USAGE_TIMESTAMP.toString())) {
+ // timestamp
+ } else if (s.equals(OID_KEY_USAGE_OCSP.toString())) {
+ // OCSP
+ }
+ }
+ } else {
+ // Unknown requested extension
+ }
+ }