In our web-application we are about to refine certificate authentication mechanism.
We used to use CN from the certificate to get login and authenticate the user.
However, requirements have changed and now we are advised to use SAN (Subject Alternative Name) both UPN or RFC822 Name
In our certificate SAN field I see the following:
Other Name:
Principal [email protected]
RFC822 [email protected]
I've tried to get RFC822 Name with the following snippet:
public static String getSANOtherNameRFC822(X509Certificate cert) throws CertificateParsingException
{
Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
for (List<?> subjectAlternativeName : subjectAlternativeNames)
{
if ((Integer) subjectAlternativeName.get(0) == 1) // rfc822name
{
System.out.println((String) subjectAlternativeName.get(1));
return (String) subjectAlternativeName.get(1);
}
}
return null;
}
And it does seem to work.
When I parse the certificate and call the method, I get the following output:
[email protected]
However, I don't know how to get UPN from the certificate, so I just decided to invoke the method with the if condition removed and iterate through all possible alternative names like so:
public static String getSANOtherNameUPN(X509Certificate cert) throws CertificateParsingException
{
Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
for (List<?> subjectAlternativeName : subjectAlternativeNames)
{
System.out.println(subjectAlternativeName);
}
return null;
}
The output as follows:
[0, [B@3cd1a2f1]
[1, [email protected]]
I guess that the 0th element is what I need, although it doesn't look like [email protected] at all.
So I have 2 questions:
- Is the method for extracting rfc822 name correct?
- What do I get as the 0th element? Is it UPN? If so, how to make it look like a readable string? (preferably without using 3rd party's libs)
Thanks in advance!