Commits

Anonymous committed 233ee4a Merge

CWS-TOOLING: integrate CWS tkr38

Comments (0)

Files changed (25)

offapi/com/sun/star/security/CertAltNameEntry.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+ 
+#ifndef __com_sun_star_security_CertAltNameEntry_idl__ 
+#define __com_sun_star_security_CertAltNameEntry_idl__ 
+
+#include <com/sun/star/security/ExtAltNameType.idl>
+ 
+//============================================================================= 
+ 
+ module com {  module sun {  module star {  module security { 
+ 
+//============================================================================= 
+/** 
+ * struct contains a single entry within a Subject Alternative Name Extension of a
+ * X509 certificate. 
+ */
+struct CertAltNameEntry
+{ 
+    /** 
+     * defines the type of the value . With this information you can determine how to interprete the Any value.
+     * @see com::sun::star::security::ExtAltNameType
+     */
+	com::sun::star::security::ExtAltNameType Type;
+
+    /** 
+     * stores the value of entry. 
+     */
+    any 	Value;
+}; 
+ 
+
+}; }; }; };  
+#endif  

offapi/com/sun/star/security/ExtAltNameType.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+/** -- idl definition -- **/
+
+#ifndef __com_sun_star_security_ExtAltNameType_idl_
+#define __com_sun_star_security_ExtAltNameType_idl_
+
+#include <com/sun/star/uno/XInterface.idl>
+
+module com { module sun { module star { module security {
+
+/**
+ * Constant definiton of a certificate container status.
+ */
+enum ExtAltNameType
+{
+    /**
+     * Cutomize name/value pair
+     * The value of CertAltNameEntry contains a NamedValue.
+	 * 
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    OTHER_NAME,
+
+    /**
+     * The entry contains rfc822 name.
+     * The value of CertAltNameEntry contains a OUString.
+	 * 
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    RFC822_NAME,
+
+    /**
+     * The entry contains a dns name.
+     * The value of CertAltNameEntry contains a OUString.
+	 *
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    DNS_NAME,
+
+    /**
+     * Currently unsupported.
+     */
+    DIRECTORY_NAME,
+
+    /**
+     * The entry contains an url.
+     * The value of CertAltNameEntry contains a OUString.
+	 *
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    URL,
+
+    /**
+     * The entry contains a ip address.
+     * The value of CertAltNameEntry contains a Sequence of sal_Int8.
+	 *
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    IP_ADDRESS,
+
+    /**
+     * The entry contains a registered id.
+     * The value of CertAltNameEntry contains a OUString.
+	 *
+	 * @see com::sun::star::security::CertAltNameEntry
+     */
+    REGISTERED_ID,
+
+    /**
+     * Currently unsupported.
+     */
+    EDI_PARTY_NAME,
+
+    /**
+     * Currently unsupported.
+     */
+    X400_ADDRESS
+
+};
+
+} ; } ; } ; } ;
+
+#endif 
+

offapi/com/sun/star/security/XSanExtension.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+//i20156 - new file for xmlsecurity module
+
+/** -- idl definition -- **/
+
+#ifndef __com_sun_star_security_XSanExtension_idl_
+#define __com_sun_star_security_XSanExtension_idl_
+
+#include <com/sun/star/uno/XInterface.idl>
+#include <com/sun/star/security/XCertificateExtension.idl>
+#include <com/sun/star/security/CertAltNameEntry.idl>
+
+module com { module sun { module star { module security {
+
+/**
+ * Interface of a X509 Subject Alternative Name Certificate Extension
+ *
+ * <p>This interface represents a x509 certificate extension.</p>
+ */
+interface XSanExtension : com::sun::star::security::XCertificateExtension
+{
+        /**
+         * Contains the alternative names of a certificate
+         */
+        [attribute, readonly] sequence< com::sun::star::security::CertAltNameEntry >  AlternativeNames;
+}; 
+
+} ; } ; } ; } ;
+
+#endif 
+

offapi/com/sun/star/security/makefile.mk

     XSerialNumberAdapter.idl		\
     SerialNumberAdapter.idl		\
     CertificateContainer.idl \
-    CertificateContainerStatus.idl
+    CertificateContainerStatus.idl \
+    ExtAltNameType.idl \
+    XSanExtension.idl \
+    CertAltNameEntry.idl
+    
+    
+    
 
 # ------------------------------------------------------------------
 

uui/source/iahndl-ssl.cxx

  *
  ************************************************************************/
 
+
 #include "com/sun/star/security/CertificateValidity.hpp"
+#include "com/sun/star/security/XCertificateExtension.hpp"
+#include "com/sun/star/security/XSanExtension.hpp"
+#include <com/sun/star/security/ExtAltNameType.hpp>
 #include "com/sun/star/task/XInteractionAbort.hpp"
 #include "com/sun/star/task/XInteractionApprove.hpp"
 #include "com/sun/star/task/XInteractionRequest.hpp"
 #include "com/sun/star/ucb/CertificateValidationRequest.hpp"
+#include <com/sun/star/uno/Reference.hxx>
 
+#include <com/sun/star/uno/Sequence.hxx>
 #include "vos/mutex.hxx"
 #include "tools/datetime.hxx"
 #include "svl/zforlist.hxx"
 #define DESCRIPTION_2 2
 #define TITLE 3
 
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
+
 using namespace com::sun::star;
 
 namespace {
 
 bool
 isDomainMatch(
-    rtl::OUString hostName, rtl::OUString certHostName)
+              rtl::OUString hostName, uno::Sequence< ::rtl::OUString > certHostNames)
 {
-    if (hostName.equalsIgnoreAsciiCase( certHostName ))
-        return true;
+    for ( int i = 0; i < certHostNames.getLength(); i++){
+        ::rtl::OUString element = certHostNames[i]; 
 
-    if ( 0 == certHostName.indexOf( rtl::OUString::createFromAscii( "*" ) ) &&
-              hostName.getLength() >= certHostName.getLength()  )
-    {
-        rtl::OUString cmpStr = certHostName.copy( 1 );
+       if (element.getLength() == 0)
+           continue;
+    
+       if (hostName.equalsIgnoreAsciiCase( element ))
+           return true;
 
-        if ( hostName.matchIgnoreAsciiCase(
-                 cmpStr, hostName.getLength() - cmpStr.getLength()) )
-            return true;
+       if ( 0 == element.indexOf( rtl::OUString::createFromAscii( "*" ) ) &&
+                 hostName.getLength() >= element.getLength()  )
+       {
+           rtl::OUString cmpStr = element.copy( 1 );
+           if ( hostName.matchIgnoreAsciiCase(
+                    cmpStr, hostName.getLength() - cmpStr.getLength()) )
+               return true;
+       }
     }
 
     return false;
                                               xServiceFactory,
                                               rRequest.Certificate );
     }
+    
+    uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
+    uno::Sequence< security::CertAltNameEntry > altNames;
+    for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
+        uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+        rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+        if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) 
+        {
+           uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+           altNames =  sanExtension->getAlternativeNames();
+           break;
+        }
+    }
+
+    ::rtl::OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
+    uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
+    
+    certHostNames[0] = certHostName;
+
+    for(int n = 1; n < altNames.getLength(); n++){
+        if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME){
+           altNames[n].Value >>= certHostNames[n];
+        }
+    }
 
     if ( (!isDomainMatch(
               rRequest.HostName,
-              getContentPart(
-                  rRequest.Certificate->getSubjectName()) )) &&
+              certHostNames )) &&
           trustCert )
     {
         trustCert = executeSSLWarnDialog( pParent,

xmlsecurity/prj/build.lst

-xs	xmlsecurity	:    L10N:l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NULL
+xs	xmlsecurity	:    L10N:l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NEON:neon NULL
 xs	xmlsecurity                                                        usr1	 -	all	xs_mkout	NULL
 xs	xmlsecurity\inc				                                       nmake -	all	xs_inc NULL
 xs	xmlsecurity\source\framework                                       nmake -	all	xs_fw xs_inc NULL
 xs	xmlsecurity\source\dialogs                                         nmake -	all	xs_dialogs xs_inc NULL
 xs	xmlsecurity\source\component                                       nmake -	all	xs_component xs_inc NULL
 xs	xmlsecurity\util                                                   nmake -	all	xs_util xs_fw xs_xmlsec xs_nss xs_mscrypt xs_helper xs_dialogs xs_component NULL
+xs	xmlsecurity\qa\certext                                             nmake -	all	xs_certext xs_util NULL

xmlsecurity/qa/certext/SanCertExt.cxx

+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org.  If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+#include "precompiled_xmlsecurity.hxx" 
+#include "sal/config.h"
+#include "test/officeconnection.hxx"
+
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/lang/XMultiServiceFactory.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+#include "com/sun/star/uno/XComponentContext.hpp"
+#include "com/sun/star/uno/Reference.hxx"
+
+#include "cppuhelper/bootstrap.hxx"
+#include "cppunit/TestAssert.h"
+#include "cppunit/TestFixture.h"
+#include "cppunit/extensions/HelperMacros.h"
+#include "cppunit/plugin/TestPlugIn.h"
+#include "sal/types.h"
+#include "comphelper/sequence.hxx"
+#include <rtl/ustring.hxx> 
+
+#include <neon/ne_ssl.h>
+
+using namespace com::sun::star;
+
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+#define SEINITIALIZER_COMPONENT "com.sun.star.xml.crypto.SEInitializer"
+
+
+namespace {
+
+	class Test: public CppUnit::TestFixture {
+
+	private:
+		static uno::Sequence< security::CertAltNameEntry > altNames;
+		static bool runOnce;
+
+		uno::Reference< xml::crypto::XSecurityEnvironment > initUno();
+		void init();
+		rtl::OString getB64CertFromFile(const char filename[]);
+		test::OfficeConnection connection_;
+
+	public:
+
+		Test();
+
+		~Test();
+
+		virtual void setUp();
+
+		virtual void tearDown();
+
+		void test_Others();
+
+		void test_RFC822();
+
+		void test_DNS();
+
+		void test_Direcory();
+
+		void test_URI();
+
+		void test_IP();
+
+		void test_RID();
+
+		void test_EDI();
+
+		void test_X400();
+
+		CPPUNIT_TEST_SUITE(Test);
+		CPPUNIT_TEST(test_Others);
+		CPPUNIT_TEST(test_RFC822);
+		CPPUNIT_TEST(test_DNS);
+		CPPUNIT_TEST(test_Direcory);
+		CPPUNIT_TEST(test_URI);
+		CPPUNIT_TEST(test_IP);
+		CPPUNIT_TEST(test_RID);
+		CPPUNIT_TEST(test_EDI);
+		CPPUNIT_TEST(test_X400);
+		CPPUNIT_TEST_SUITE_END();
+	};
+
+	uno::Sequence< security::CertAltNameEntry > Test::altNames;
+	bool Test::runOnce = false;
+
+	CPPUNIT_TEST_SUITE_REGISTRATION(Test);
+
+	Test::Test()
+	{
+		if (runOnce)
+			return;
+		runOnce = true;
+		connection_.setUp();
+		init();
+	}
+
+	Test::~Test()
+	{
+		if (runOnce)
+		{
+			connection_.tearDown();
+			runOnce = false;
+		}
+	}
+
+	
+	uno::Reference< xml::crypto::XSecurityEnvironment > Test::initUno()
+	{
+		uno::Reference< uno::XComponentContext > context(connection_.getComponentContext(), uno::UNO_QUERY_THROW);
+		uno::Reference< lang::XMultiServiceFactory > factory(context->getServiceManager(), uno::UNO_QUERY_THROW);
+		uno::Reference< xml::crypto::XSEInitializer > xSEInitializer(factory->createInstance(
+			rtl::OUString::createFromAscii( SEINITIALIZER_COMPONENT )),	uno::UNO_QUERY_THROW);
+		uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
+			xSEInitializer->createSecurityContext(rtl::OUString()));
+		return xSecurityContext->getSecurityEnvironment();
+	}
+
+
+	void Test::init()
+	{
+		uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv = initUno();
+		rtl::OString b64Cert(getB64CertFromFile("User_35_Root_11.crt"));
+		uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( 
+			rtl::OStringToOUString( b64Cert, RTL_TEXTENCODING_ASCII_US ) );
+		uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions();
+		for (sal_Int32 i = 0 ; i < extensions.getLength(); i++)
+		{
+			uno::Reference< security::XCertificateExtension >element = extensions[i];
+			rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+			if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) 
+			{
+				uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+				altNames = sanExtension->getAlternativeNames();
+				break;
+			}
+		}
+	}
+
+	rtl::OString Test::getB64CertFromFile(const char filename[])
+	{
+		ne_ssl_certificate* cert = ne_ssl_cert_read(filename);
+		char* certExportB64 = ne_ssl_cert_export(cert);
+		rtl::OString certB64( certExportB64 );
+		return certB64;
+	}
+
+
+	void Test::setUp() {
+	}
+
+	void Test::tearDown() {
+	}
+
+	void Test::test_Others() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_OTHER_NAME)
+			{
+				::com::sun::star::beans::NamedValue otherNameProp;
+				if (altNames[n].Value >>= otherNameProp) 
+				{
+					CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name);
+					uno::Sequence< sal_Int8 > ipAddress;
+					otherNameProp.Value >>= ipAddress;
+					CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+				}
+			}
+		}
+	}
+
+	void Test::test_RFC822() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_RFC822_NAME)
+			{
+				rtl::OUString value;
+				altNames[n].Value >>= value;
+				CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value);
+			}
+		}
+	}
+
+	void Test::test_DNS() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME)
+			{
+				rtl::OUString value;
+				altNames[n].Value >>= value;
+				CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value);
+			}
+		}
+	}
+
+	void Test::test_Direcory() {
+		// Not implemented
+	}
+
+	void Test::test_URI() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_URL)
+			{
+				rtl::OUString value;
+				altNames[n].Value >>= value;
+				CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value);
+			}
+		}
+	}
+
+	void Test::test_IP() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_IP_ADDRESS)
+			{
+				uno::Sequence< sal_Int8 > ipAddress;
+				altNames[n].Value >>= ipAddress;
+				CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+			}
+		}
+
+	}
+
+	void Test::test_RID() {
+		CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+		for(int n = 1; n < altNames.getLength(); n++)
+		{
+			if (altNames[n].Type ==  security::ExtAltNameType_REGISTERED_ID)
+			{
+				rtl::OUString value;
+				altNames[n].Value >>= value;
+				CPPUNIT_ASSERT( rtl::OUString::createFromAscii("1.2.3.4").equals(value));
+			}
+		}
+	}
+
+	void Test::test_EDI() {
+		// Not implemented
+	}
+
+	void Test::test_X400() {
+		// Not implemented
+	}
+}
+CPPUNIT_PLUGIN_IMPLEMENT();

xmlsecurity/qa/certext/User_35_Root_11.crt

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----

xmlsecurity/qa/certext/export.map

+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+# 
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#*************************************************************************
+
+UDK_3_0_0 {
+    global:
+        cppunitTestPlugIn;
+
+    local:
+        *;
+};

xmlsecurity/qa/certext/makefile.mk

+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#***********************************************************************/
+.IF "$(OOO_SUBSEQUENT_TESTS)" == ""
+nothing .PHONY:
+.ELSE 
+
+PRJ = ../..
+PRJNAME = xmlsecurity
+TARGET = qa_certext
+
+ENABLE_EXCEPTIONS = TRUE
+
+.INCLUDE: settings.mk
+.INCLUDE :	$(PRJ)$/util$/target.pmk
+
+CFLAGSCXX += $(CPPUNIT_CFLAGS)
+
+SHL1IMPLIB = i$(SHL1TARGET)
+SHL1OBJS = $(SLOFILES)
+SHL1RPATH = NONE
+SHL1STDLIBS = $(CPPUNITLIB)     \
+              $(SALLIB)         \
+              $(NEON3RDLIB)     \
+              $(CPPULIB)        \
+              $(XMLOFFLIB)      \
+	          $(CPPUHELPERLIB)	\
+	          $(SVLLIB)			\
+	          $(TOOLSLIB)	    \
+	          $(COMPHELPERLIB) \
+	          $(TESTLIB)
+
+SHL1TARGET = qa_CertExt
+SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map
+DEF1NAME = $(SHL1TARGET)
+
+SLOFILES = $(SLO)/SanCertExt.obj
+
+.INCLUDE: target.mk
+.INCLUDE: installationtest.mk
+
+ALLTAR : cpptest
+
+cpptest : $(SHL1TARGETN)
+
+CPPTEST_LIBRARY = $(SHL1TARGETN)
+
+.END

xmlsecurity/source/xmlsec/mscrypt/makefile.mk

 	$(SLO)$/xmlsignature_mscryptimpl.obj \
 	$(SLO)$/x509certificate_mscryptimpl.obj \
 	$(SLO)$/seinitializer_mscryptimpl.obj \
-	$(SLO)$/xsec_mscrypt.obj
+	$(SLO)$/xsec_mscrypt.obj  \
+    $(SLO)$/sanextension_mscryptimpl.obj
 
 .ENDIF
 

xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx> 
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#include "sanextension_mscryptimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+	m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_xExtnValue ;
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+    
+    if (!m_Entries.hasElements())
+    {   
+        CERT_ALT_NAME_INFO *subjectName;
+        DWORD size;
+        CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size);
+
+        CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry];
+
+        for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){
+          PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i];
+
+          switch(pEntry->dwAltNameChoice) {
+            case CERT_ALT_NAME_OTHER_NAME : 
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+                    PCERT_OTHER_NAME pOtherName = pEntry->pOtherName;
+
+                    ::com::sun::star::beans::NamedValue otherNameProp;
+                    otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId);
+
+                    Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ;
+		            for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ )
+			            otherName[n] = *( pOtherName->Value.pbData + n ) ;
+                    
+                    otherNameProp.Value <<= otherName;
+
+                    arrCertAltNameEntry[i].Value <<= otherNameProp;
+                    break;
+                }
+            case CERT_ALT_NAME_RFC822_NAME :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszRfc822Name);
+                break;
+            case CERT_ALT_NAME_DNS_NAME :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszDNSName);
+                break;
+            case CERT_ALT_NAME_DIRECTORY_NAME :
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+                    break;
+                }
+            case CERT_ALT_NAME_URL :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszURL);
+                break;
+            case CERT_ALT_NAME_IP_ADDRESS :
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+                    
+                    Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ;
+		            for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ )
+			            ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ;
+
+                    arrCertAltNameEntry[i].Value <<= ipAddress;
+                    break;
+                }
+            case CERT_ALT_NAME_REGISTERED_ID :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID);
+                break;
+          }
+        }
+        m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry);        
+
+        delete [] arrCertAltNameEntry;
+    }
+
+    return m_Entries;
+}
+
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+	m_critical = critical ;
+	m_xExtnId = extnId ;
+	m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+	unsigned int i ;
+	if( value != NULL && vlen != 0 ) {
+		Sequence< sal_Int8 > extnv( vlen ) ;
+		for( i = 0; i < vlen ; i ++ )
+			extnv[i] = *( value + i ) ;
+
+		m_xExtnValue = extnv ;
+	} else {
+		m_xExtnValue = Sequence<sal_Int8>();
+	}
+
+	if( id != NULL && idlen != 0 ) {
+		Sequence< sal_Int8 > extnId( idlen ) ;
+		for( i = 0; i < idlen ; i ++ )
+			extnId[i] = *( id + i ) ;
+
+		m_xExtnId = extnId ;
+	} else {
+		m_xExtnId =  Sequence<sal_Int8>();
+	}
+
+	m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+

xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#define _SANEXTENSION_MSCRYPTIMPL_HXX_
+
+#ifdef _MSC_VER
+#pragma warning(push,1)
+#endif
+#include "Windows.h"
+#include "WinCrypt.h"
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+    ::com::sun::star::security::XSanExtension >
+{
+	private :
+		sal_Bool m_critical ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+
+        ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+	public :
+		SanExtensionImpl() ;
+		virtual ~SanExtensionImpl() ;
+
+		//Methods from XCertificateExtension
+		virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+        //Methods from XSanExtension
+
+		virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		//Helper method
+		void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+		void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+        void extractCertExt() ;
+} ;
+
+#endif	// _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+

xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx

 #include <list>
 #include "xmlsec/xmlsec.h"
 
+#include "sal/types.h"
+
+
 class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4<
 	::com::sun::star::xml::crypto::XSecurityEnvironment ,
 	::com::sun::star::lang::XInitialization ,

xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx

 #include <rtl/uuid.h>
 #include "x509certificate_mscryptimpl.hxx"
 #include "certificateextension_xmlsecimpl.hxx"
+#include "sanextension_mscryptimpl.hxx"
 
 //MM : added by MM
 #include "oid.hxx"
 		for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
 			pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ;
 
-			xExtn = new CertificateExtension_XmlSecImpl() ;
+
+            ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId );
+
+            if ( objId.equalsAscii("2.5.29.17") )
+                xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+            else 
+			    xExtn = new CertificateExtension_XmlSecImpl() ;
 			if( xExtn == NULL )
 				throw RuntimeException() ;
 

xmlsecurity/source/xmlsec/nss/makefile.mk

 	$(SLO)$/x509certificate_nssimpl.obj \
 	$(SLO)$/seinitializer_nssimpl.obj \
 	$(SLO)$/xsec_nss.obj \
-        $(SLO)$/secerror.obj
+	$(SLO)$/sanextension_nssimpl.obj \
+    $(SLO)$/secerror.obj
 
 
 	

xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx

+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+* 
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org.  If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx> 
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/PropertyValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+#include <seccomon.h>
+#include <cert.h>
+#include <certt.h>
+#include <secitem.h>
+#include <secport.h>
+
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_xExtnValue ;
+}
+
+namespace {
+    // Helper functions from nss/lib/certdb/genname.c
+    static int GetNamesLength(CERTGeneralName *names)
+    {
+        int              length = 0;
+        CERTGeneralName  *first;
+
+        first = names;
+        if (names != NULL) {
+            do {
+                length++;
+                names = CERT_GetNextGeneralName(names);
+            } while (names != first);
+        }
+        return length;
+    }
+
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+
+    if (!m_Entries.hasElements())
+    {  
+        SECItem item;
+
+        item.type = siDERCertBuffer;
+        item.data = (unsigned char*) m_xExtnValue.getArray(); 
+        item.len = m_xExtnValue.getLength();
+
+        PRArenaPool *arena;
+        CERTGeneralName *nameList;
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+        if (!arena)
+            return m_Entries;
+
+        nameList = CERT_DecodeAltNameExtension(arena, &item);
+
+        CERTGeneralName* current = nameList;
+
+        int size = GetNamesLength(nameList);
+        CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size];
+        for(int i = 0; i < size ; i++){
+            switch (current->type) {
+                case certOtherName: {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+                    ::com::sun::star::beans::PropertyValue otherNameProp;
+                    otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(&current->name.OthName.oid));
+
+                    Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ;
+                    for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ )
+                        otherName[r] = *( current->name.OthName.name.data + r ) ;
+
+                    otherNameProp.Value <<= otherName;
+
+                    arrCertAltNameEntry[i].Value <<= otherNameProp; 
+                    break;
+                                    }
+                case certRFC822Name:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certDNSName:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certX400Address: {
+                    // unsupported
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS;
+                    break;
+                                      }
+                case certDirectoryName: {
+					// unsupported
+					arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+                    break;
+                                        }
+                case certEDIPartyName:  {
+                    // unsupported
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME;
+                    break;
+                                        }
+                case certURI:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certIPAddress: {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+
+                    Sequence< sal_Int8 > ipAddress( current->name.other.len ) ;
+                    for( unsigned int r = 0; r < current->name.other.len ; r ++ )
+                        ipAddress[r] = *( current->name.other.data + r ) ;
+
+                    arrCertAltNameEntry[i].Value <<= ipAddress;
+                    break;
+                                    }
+                case certRegisterID:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+
+
+					rtl::OString nssOid = ::rtl::OString(CERT_GetOidString(&current->name.other));
+					rtl::OString unoOid = removeOIDFromString(nssOid);
+                    arrCertAltNameEntry[i].Value <<= rtl::OStringToOUString( unoOid, RTL_TEXTENCODING_ASCII_US );
+                    break;
+            }
+            current = CERT_GetNextGeneralName(current);
+        }
+
+        m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size);        
+
+        delete [] arrCertAltNameEntry;
+
+        PORT_FreeArena(arena, PR_FALSE);
+
+
+    }
+
+    return m_Entries;
+}
+
+::rtl::OString SanExtensionImpl :: removeOIDFromString( const ::rtl::OString &oidString)
+	{
+		::rtl::OString objID;
+		::rtl::OString oid("OID.");
+		if (oidString.match(oid))
+			objID = oidString.copy(oid.getLength());
+		else
+			objID = oidString;
+		return objID;
+
+	}
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+    m_critical = critical ;
+    m_xExtnId = extnId ;
+    m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+    unsigned int i ;
+    if( value != NULL && vlen != 0 ) {
+        Sequence< sal_Int8 > extnv( vlen ) ;
+        for( i = 0; i < vlen ; i ++ )
+            extnv[i] = *( value + i ) ;
+
+        m_xExtnValue = extnv ;
+    } else {
+        m_xExtnValue = Sequence<sal_Int8>();
+    }
+
+    if( id != NULL && idlen != 0 ) {
+        Sequence< sal_Int8 > extnId( idlen ) ;
+        for( i = 0; i < idlen ; i ++ )
+            extnId[i] = *( id + i ) ;
+
+        m_xExtnId = extnId ;
+    } else {
+        m_xExtnId =  Sequence<sal_Int8>();
+    }
+
+    m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+

xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#define _SANEXTENSION_NSSIMPL_HXX_
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+    ::com::sun::star::security::XSanExtension >
+{
+	private :
+		sal_Bool m_critical ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+        ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+		::rtl::OString removeOIDFromString( const ::rtl::OString &oid);
+
+	public :
+		SanExtensionImpl() ;
+		virtual ~SanExtensionImpl() ;
+
+		//Methods from XCertificateExtension
+		virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+        //Methods from XSanExtension
+
+		virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		//Helper method
+		void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+		void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+        void extractCertExt() ;
+} ;
+
+#endif	// _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+

xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx

     }
 }
 
+namespace{
+	void getAndPrintPRErrorText()
+	{
+		char error[1024] = "Cannot get error text from function PR_GetErrorText().";
+		PRInt32 size = PR_GetErrorTextLength();
+		if (size < (int) sizeof(error))
+		{
+			PR_GetErrorText(error);
+		}
+		xmlsec_trace("%s",error);   
+	}
+}
+
 //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write
 //the roots certificate module (libnssckbi.so), which they use, into the
 //profile. This module will then already be loaded during NSS_Init (and the
         if( NSS_InitReadWrite( token ) != SECSuccess )
         {
             xmlsec_trace("Initializing NSS with profile failed.");
-            char * error = NULL;
-            
-            PR_GetErrorText(error);
-            if (error)
-                xmlsec_trace("%s",error);
+            getAndPrintPRErrorText();
             return false ;
         }
     }
         if ( NSS_NoDB_Init(NULL) != SECSuccess )
         {
             xmlsec_trace("Initializing NSS without profile failed.");
-            char * error = NULL;
-            PR_GetErrorText(error);
-            if (error)
-                xmlsec_trace("%s",error);
+            getAndPrintPRErrorText();
             return false ;
         }
     }
     return return_value;
 }
 
-
 // must be extern "C" because we pass the function pointer to atexit
 extern "C" void nsscrypto_finalize()
 {
             rtl::OUString ouCertDir;
 
 
-
             if ( getMozillaCurrentProfile(mxMSF, ouCertDir) )
                 *pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US);
         }
         sCertDir = *pDefaultCertDir;
         
     }
-
     if( ! *initNSS( sCertDir.getStr() ) )
     {
         return NULL;
     }
-
     pCertHandle = CERT_GetDefaultCertDB() ;
 
     try 

xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx

 #include "certificateextension_xmlsecimpl.hxx"
 #endif
 
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
 
 using namespace ::com::sun::star::uno ;
 using namespace ::com::sun::star::security ;
 		Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
 
 		for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
-			pExtn = new CertificateExtension_XmlSecImpl() ;
+            const SECItem id = (*extns)->id;
+            ::rtl::OString oidString(CERT_GetOidString(&id));
+            
+            // remove "OID." prefix if existing
+            ::rtl::OString objID;
+            ::rtl::OString oid("OID.");
+            if (oidString.match(oid))
+                objID = oidString.copy(oid.getLength());
+            else
+                objID = oidString;
+
+            if ( objID.equals("2.5.29.17") )
+                pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+            else 
+			    pExtn = new CertificateExtension_XmlSecImpl() ;
+
 			if( (*extns)->critical.data == NULL )
 				crit = sal_False ;
 			else
 				crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
-			pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+			pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ;
 
 			xExtns[len] = pExtn ;
 		}
 		pExtn = NULL ;
 		for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
 			if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
-				pExtn = new CertificateExtension_XmlSecImpl() ;
+				const SECItem id = (*extns)->id;
+                ::rtl::OString objId(CERT_GetOidString(&id));
+                if ( objId.equals("OID.2.5.29.17") )
+                    pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+                else 
+			        pExtn = new CertificateExtension_XmlSecImpl() ;
 				if( (*extns)->critical.data == NULL )
 					crit = sal_False ;
 				else

xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt

 V	350113102601Z		101F	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00"
 V	350113102847Z		1020	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00<
 V	350113104059Z		1021	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V	111108105139Z		1022	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35

xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----

xmlsecurity/test_docs/CAs/Root_11/demoCA/serial

-1022
+1023

xmlsecurity/test_docs/CAs/Root_11/openssl.cfg

 # An alternative to produce certificates that aren't 
 # deprecated according to PKIX. 
 # subjectAltName=email:move 
-subjectAltName=dirName:dn_subjectAlt
-# Copy subject details 
-# issuerAltName=issuer:copy 
- 
- 
-[dn_subjectAlt]
-CN=User 14 Root 11
+subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+[dir_sect]
+C=DE
+O=OpenOffice.org
+OU=Development
+CN=User 32 Root 11
  
 [ v3_req ] 
  

xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----