diff --git a/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java b/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java
index b24c750..f03fbc2 100644
--- a/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java
+++ b/src/main/java/org/littleshoot/proxy/mitm/SubjectAlternativeNameHolder.java
@@ -3,7 +3,6 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
-import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1Encodable;
@@ -12,11 +11,18 @@
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class SubjectAlternativeNameHolder {
- private static final Pattern TAGS_PATTERN = Pattern.compile("["
- + GeneralName.iPAddress + GeneralName.dNSName + "]");
+ private static final Logger log = LoggerFactory.getLogger(SubjectAlternativeNameHolder.class);
+
+ /**
+ * @see org.bouncycastle.asn1.x509.GeneralName
+ * @see RFC 5280, ยง 4.2.1.6. Subject Alternative Name
+ */
+ private static final Pattern TAGS_PATTERN = Pattern.compile("[012345678]");
private final List sans = new ArrayList();
@@ -41,21 +47,23 @@ public void fillInto(X509v3CertificateBuilder certGen)
public void addAll(Collection> subjectAlternativeNames) {
if (subjectAlternativeNames != null) {
for (List> each : subjectAlternativeNames) {
- sans.add(parseGeneralName(each));
+ if (isValidNameEntry(each)) {
+ int tag = Integer.valueOf(String.valueOf(each.get(0)));
+ String name = String.valueOf(each.get(1));
+ sans.add(new GeneralName(tag, name));
+ } else {
+ log.warn("Invalid name entry ignored: {}", each);
+ }
+
}
}
}
- private ASN1Encodable parseGeneralName(List> nameEntry) {
+ private boolean isValidNameEntry(List> nameEntry) {
if (nameEntry == null || nameEntry.size() != 2) {
- throw new IllegalArgumentException(nameEntry != null ? String.valueOf(nameEntry) : "nameEntry is null");
+ return false;
}
String tag = String.valueOf(nameEntry.get(0));
- Matcher m = TAGS_PATTERN.matcher(tag);
- if (m.matches()) {
- return new GeneralName(Integer.valueOf(tag),
- String.valueOf(nameEntry.get(1)));
- }
- throw new IllegalArgumentException(String.valueOf(nameEntry));
+ return TAGS_PATTERN.matcher(tag).matches();
}
}