diff --git a/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java b/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java index b24c750..f03fbc2 100644 --- a/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java +++ b/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java @@ -3,7 +3,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.regex.Matcher; import java.util.regex.Pattern; import org.bouncycastle.asn1.ASN1Encodable; @@ -12,11 +11,18 @@ import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class SubjectAlternativeNameHolder { - private static final Pattern TAGS_PATTERN = Pattern.compile("[" - + GeneralName.iPAddress + GeneralName.dNSName + "]"); + private static final Logger log = LoggerFactory.getLogger(SubjectAlternativeNameHolder.class); + + /** + * @see org.bouncycastle.asn1.x509.GeneralName + * @see RFC 5280, ยง 4.2.1.6. Subject Alternative Name + */ + private static final Pattern TAGS_PATTERN = Pattern.compile("[012345678]"); private final List sans = new ArrayList(); @@ -41,21 +47,23 @@ public void fillInto(X509v3CertificateBuilder certGen) public void addAll(Collection> subjectAlternativeNames) { if (subjectAlternativeNames != null) { for (List each : subjectAlternativeNames) { - sans.add(parseGeneralName(each)); + if (isValidNameEntry(each)) { + int tag = Integer.valueOf(String.valueOf(each.get(0))); + String name = String.valueOf(each.get(1)); + sans.add(new GeneralName(tag, name)); + } else { + log.warn("Invalid name entry ignored: {}", each); + } + } } } - private ASN1Encodable parseGeneralName(List nameEntry) { + private boolean isValidNameEntry(List nameEntry) { if (nameEntry == null || nameEntry.size() != 2) { - throw new IllegalArgumentException(nameEntry != null ? String.valueOf(nameEntry) : "nameEntry is null"); + return false; } String tag = String.valueOf(nameEntry.get(0)); - Matcher m = TAGS_PATTERN.matcher(tag); - if (m.matches()) { - return new GeneralName(Integer.valueOf(tag), - String.valueOf(nameEntry.get(1))); - } - throw new IllegalArgumentException(String.valueOf(nameEntry)); + return TAGS_PATTERN.matcher(tag).matches(); } }