Skip to content

Commit

Permalink
#33 LittleProxy fails if Subject Alternative Name for valid RFC822 Name
Browse files Browse the repository at this point in the history
 - GeneralName tag range is 0..8 instead of 2,7 only
 - Ignore/log invalid name entries instead of throw an exception
  • Loading branch information
ganskef committed Sep 21, 2019
1 parent 34e2929 commit 0011946
Showing 1 changed file with 20 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.bouncycastle.asn1.ASN1Encodable;
Expand All @@ -12,11 +11,18 @@
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SubjectAlternativeNameHolder {

private static final Pattern TAGS_PATTERN = Pattern.compile("["
+ GeneralName.iPAddress + GeneralName.dNSName + "]");
private static final Logger log = LoggerFactory.getLogger(SubjectAlternativeNameHolder.class);

/**
* @see org.bouncycastle.asn1.x509.GeneralName
* @see <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">RFC 5280, § 4.2.1.6. Subject Alternative Name</a>
*/
private static final Pattern TAGS_PATTERN = Pattern.compile("[012345678]");

private final List<ASN1Encodable> sans = new ArrayList<ASN1Encodable>();

Expand All @@ -41,21 +47,23 @@ public void fillInto(X509v3CertificateBuilder certGen)
public void addAll(Collection<List<?>> subjectAlternativeNames) {
if (subjectAlternativeNames != null) {
for (List<?> each : subjectAlternativeNames) {
sans.add(parseGeneralName(each));
if (isValidNameEntry(each)) {
int tag = Integer.valueOf(String.valueOf(each.get(0)));
String name = String.valueOf(each.get(1));
sans.add(new GeneralName(tag, name));
} else {
log.warn("Invalid name entry ignored: {}", each);
}

}
}
}

private ASN1Encodable parseGeneralName(List<?> nameEntry) {
private boolean isValidNameEntry(List<?> nameEntry) {
if (nameEntry == null || nameEntry.size() != 2) {
throw new IllegalArgumentException(nameEntry != null ? String.valueOf(nameEntry) : "nameEntry is null");
return false;
}
String tag = String.valueOf(nameEntry.get(0));
Matcher m = TAGS_PATTERN.matcher(tag);
if (m.matches()) {
return new GeneralName(Integer.valueOf(tag),
String.valueOf(nameEntry.get(1)));
}
throw new IllegalArgumentException(String.valueOf(nameEntry));
return TAGS_PATTERN.matcher(tag).matches();
}
}

0 comments on commit 0011946

Please sign in to comment.