Anonymous avatar Anonymous committed 7ad0116

tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added

Comments (0)

Files changed (24)

offapi/com/sun/star/security/CertAltNameEntry.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+ 
+#ifndef __com_sun_star_security_CertAltNameEntry_idl__ 
+#define __com_sun_star_security_CertAltNameEntry_idl__ 
+
+#include <com/sun/star/security/ExtAltNameType.idl>
+ 
+//============================================================================= 
+ 
+ module com {  module sun {  module star {  module security { 
+ 
+//============================================================================= 
+/** 
+ * struct contains a single entry within a Subject Alternative Name Extension of a
+ * X509 certificate. 
+ */
+struct CertAltNameEntry
+{ 
+    /** 
+     * defines the type of the value . With this information you can determine how to interprete the Any value.
+     * @see com::sun::star::security::ExtAltNameType
+     */
+	com::sun::star::security::ExtAltNameType Type;
+
+    /** 
+     * stores the value of entry. 
+     */
+    any 	Value;
+}; 
+ 
+
+}; }; }; };  
+#endif  

offapi/com/sun/star/security/ExtAltNameType.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+/** -- idl definition -- **/
+
+#ifndef __com_sun_star_security_ExtAltNameType_idl_
+#define __com_sun_star_security_ExtAltNameType_idl_
+
+#include <com/sun/star/uno/XInterface.idl>
+
+module com { module sun { module star { module security {
+
+/**
+ * Constant definiton of a single entry from Subject Alternative Name extension.
+ *
+ */
+enum ExtAltNameType
+{
+    /**
+     * Cutomize name/value pair
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a NamedValue
+     */
+    OTHER_NAME,
+
+    /**
+     * The entry contains rfc822 name.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a OUString
+     */
+    RFC822_NAME,
+
+    /**
+     * The entry contains a dns name.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a OUString
+     */
+    DNS_NAME,
+
+    /**
+     * The entry contains a directory name.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a Sequence of sal_Int8
+     */
+    DIRECTORY_NAME,
+
+    /**
+     * The entry contains an url.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a OUString
+     */
+    URL,
+
+    /**
+     * The entry contains a ip address.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a Sequence of sal_Int8
+     */
+    IP_ADDRESS,
+
+    /**
+     * The entry contains a registered id.
+     * The value of @see com::sun::star::security::CertAltNameEntry contains a OUString
+     */
+    REGISTERED_ID,
+
+    /**
+     * Currently unsupported.
+     */
+    EDI_PARTY_NAME,
+
+    /**
+     * Currently unsupported.
+     */
+    X400_ADDRESS
+};
+
+} ; } ; } ; } ;
+
+#endif 
+ 

offapi/com/sun/star/security/XSanExtension.idl

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+ 
+//i20156 - new file for xmlsecurity module
+
+/** -- idl definition -- **/
+
+#ifndef __com_sun_star_security_XSanExtension_idl_
+#define __com_sun_star_security_XSanExtension_idl_
+
+#include <com/sun/star/uno/XInterface.idl>
+#include <com/sun/star/security/XCertificateExtension.idl>
+#include <com/sun/star/security/CertAltNameEntry.idl>
+
+module com { module sun { module star { module security {
+
+/**
+ * Interface of a X509 Subject Alternative Name Certificate Extension
+ *
+ * <p>This interface represents a x509 certificate extension.</p>
+ */
+interface XSanExtension : com::sun::star::security::XCertificateExtension
+{
+        /**
+         * Contains the alternative names of a certificate
+         */
+        [attribute, readonly] sequence< com::sun::star::security::CertAltNameEntry >  AlternativeNames;
+}; 
+
+} ; } ; } ; } ;
+
+#endif 
+

offapi/com/sun/star/security/makefile.mk

     XSerialNumberAdapter.idl		\
     SerialNumberAdapter.idl		\
     CertificateContainer.idl \
-    CertificateContainerStatus.idl
+    CertificateContainerStatus.idl \
+    ExtAltNameType.idl \
+    XSanExtension.idl \
+    CertAltNameEntry.idl
+    
+    
+    
 
 # ------------------------------------------------------------------
 

uui/source/iahndl-ssl.cxx

  *
  ************************************************************************/
 
+
 #include "com/sun/star/security/CertificateValidity.hpp"
+#include "com/sun/star/security/XCertificateExtension.hpp"
+#include "com/sun/star/security/XSanExtension.hpp"
+#include <com/sun/star/security/ExtAltNameType.hpp>
 #include "com/sun/star/task/XInteractionAbort.hpp"
 #include "com/sun/star/task/XInteractionApprove.hpp"
 #include "com/sun/star/task/XInteractionRequest.hpp"
 #include "com/sun/star/ucb/CertificateValidationRequest.hpp"
+#include <com/sun/star/uno/Reference.hxx>
 
+#include <com/sun/star/uno/Sequence.hxx>
 #include "vos/mutex.hxx"
 #include "tools/datetime.hxx"
 #include "svl/zforlist.hxx"
 #define DESCRIPTION_2 2
 #define TITLE 3
 
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
+
 using namespace com::sun::star;
 
 namespace {
 
 bool
 isDomainMatch(
-    rtl::OUString hostName, rtl::OUString certHostName)
+              rtl::OUString hostName, uno::Sequence< ::rtl::OUString > certHostNames)
 {
-    if (hostName.equalsIgnoreAsciiCase( certHostName ))
-        return true;
+    for ( int i = 0; i < certHostNames.getLength(); i++){
+        ::rtl::OUString element = certHostNames[i]; 
 
-    if ( 0 == certHostName.indexOf( rtl::OUString::createFromAscii( "*" ) ) &&
-              hostName.getLength() >= certHostName.getLength()  )
-    {
-        rtl::OUString cmpStr = certHostName.copy( 1 );
+       if (element.getLength() == 0)
+           continue;
+    
+       if (hostName.equalsIgnoreAsciiCase( element ))
+           return true;
 
-        if ( hostName.matchIgnoreAsciiCase(
-                 cmpStr, hostName.getLength() - cmpStr.getLength()) )
-            return true;
+       if ( 0 == element.indexOf( rtl::OUString::createFromAscii( "*" ) ) &&
+                 hostName.getLength() >= element.getLength()  )
+       {
+           rtl::OUString cmpStr = element.copy( 1 );
+           if ( hostName.matchIgnoreAsciiCase(
+                    cmpStr, hostName.getLength() - cmpStr.getLength()) )
+               return true;
+       }
     }
 
     return false;
                                               xServiceFactory,
                                               rRequest.Certificate );
     }
+    
+    uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
+    uno::Sequence< security::CertAltNameEntry > altNames;
+    for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
+        uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+        rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+        if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) 
+        {
+           uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+           altNames =  sanExtension->getAlternativeNames();
+           break;
+        }
+    }
+
+    ::rtl::OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
+    uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
+    
+    certHostNames[0] = certHostName;
+
+    for(int n = 1; n < altNames.getLength(); n++){
+        if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME){
+           altNames[n].Value >>= certHostNames[n];
+        }
+    }
 
     if ( (!isDomainMatch(
               rRequest.HostName,
-              getContentPart(
-                  rRequest.Certificate->getSubjectName()) )) &&
+              certHostNames )) &&
           trustCert )
     {
         trustCert = executeSSLWarnDialog( pParent,

xmlsecurity/prj/build.lst

-xs	xmlsecurity	:    l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NULL
+xs	xmlsecurity	:    l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NEON:neon NULL
 xs	xmlsecurity                                                        usr1	 -	all	xs_mkout	NULL
 xs	xmlsecurity\inc				                                       nmake -	all	xs_inc NULL
 xs	xmlsecurity\source\framework                                       nmake -	all	xs_fw xs_inc NULL
 xs	xmlsecurity\source\dialogs                                         nmake -	all	xs_dialogs xs_inc NULL
 xs	xmlsecurity\source\component                                       nmake -	all	xs_component xs_inc NULL
 xs	xmlsecurity\util                                                   nmake -	all	xs_util xs_fw xs_xmlsec xs_nss xs_mscrypt xs_helper xs_dialogs xs_component NULL
+xs	xmlsecurity\qa\certext                                             nmake -	all	xs_certext xs_util NULL

xmlsecurity/qa/certext/SanCertExt.cxx

+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org.  If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+#include "precompiled_xmlsecurity.hxx" 
+#include "sal/config.h"
+
+#include "../../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx"
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/lang/XMultiServiceFactory.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+
+#include "cppuhelper/bootstrap.hxx"
+#include "cppunit/TestAssert.h"
+#include "cppunit/TestFixture.h"
+#include "cppunit/extensions/HelperMacros.h"
+#include "cppunit/plugin/TestPlugIn.h"
+#include "sal/types.h"
+#include "comphelper/sequence.hxx"
+#include <rtl/ustring.hxx> 
+
+#include <neon/ne_ssl.h>
+
+using namespace com::sun::star;
+using ::com::sun::star::lang::XMultiServiceFactory; 
+
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
+namespace {
+
+class Test: public CppUnit::TestFixture {
+
+private:
+
+    static uno::Sequence< security::CertAltNameEntry > altNames;
+
+    void init(){
+        if (altNames.getLength() == 0){
+            cppu::defaultBootstrap_InitialComponentContext();
+            ne_ssl_certificate* cert = ne_ssl_cert_read("User_35_Root_11.crt");
+            char* certExportB64 = ne_ssl_cert_export(cert);
+
+            uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv( new SecurityEnvironment_MSCryptImpl( uno::Reference< XMultiServiceFactory >() ) );
+            
+            uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( 
+                rtl::OStringToOUString( certExportB64, RTL_TEXTENCODING_ASCII_US ) );
+
+            uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions();
+            for (sal_Int32 i = 0 ; i < extensions.getLength(); i++)
+            {
+                uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+                rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+                if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) 
+                {
+                   uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+                   altNames = sanExtension->getAlternativeNames();
+                   break;
+                }
+            }
+        }
+
+    }
+
+public:
+    void test_Others() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_OTHER_NAME)
+            {
+                ::com::sun::star::beans::NamedValue otherNameProp;
+                if (altNames[n].Value >>= otherNameProp) 
+                {
+                    //Name    
+                    CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name);
+
+                    //Value
+                    uno::Sequence< sal_Int8 > ipAddress;
+                    otherNameProp.Value >>= ipAddress;
+                    CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+                }
+            }
+        }
+    }
+
+    void test_RFC822() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_RFC822_NAME)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value);
+            }
+        }
+    }
+
+    void test_DNS() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value);
+            }
+        }
+    }
+
+    void test_Direcory() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DIRECTORY_NAME)
+            {
+                uno::Sequence< sal_Int8 > value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( value.getLength() > 0 ) );
+            }
+        }
+    }
+
+    void test_URI() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_URL)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value);
+            }
+        }
+    }
+
+    void test_IP() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_IP_ADDRESS)
+            {
+                uno::Sequence< sal_Int8 > ipAddress;
+                altNames[n].Value >>= ipAddress;
+                //Value
+                CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+            }
+        }
+
+    }
+
+    void test_RID() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_REGISTERED_ID)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), value);
+            }
+        }
+
+    }
+
+    void test_EDI() {
+        // Not implemented
+    }
+
+    void test_X400() {
+        // Not implemented
+    }
+
+    CPPUNIT_TEST_SUITE(Test);
+    CPPUNIT_TEST(test_Others);
+    CPPUNIT_TEST(test_RFC822);
+    CPPUNIT_TEST(test_DNS);
+    CPPUNIT_TEST(test_Direcory);
+    CPPUNIT_TEST(test_URI);
+    CPPUNIT_TEST(test_IP);
+    CPPUNIT_TEST(test_RID);
+    CPPUNIT_TEST(test_EDI);
+    CPPUNIT_TEST(test_X400);
+    CPPUNIT_TEST_SUITE_END();
+};
+
+uno::Sequence< security::CertAltNameEntry > Test::altNames;
+
+CPPUNIT_TEST_SUITE_REGISTRATION(Test);
+
+}
+
+CPPUNIT_PLUGIN_IMPLEMENT();

xmlsecurity/qa/certext/User_35_Root_11.crt

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----

xmlsecurity/qa/certext/export.map

+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+# 
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#*************************************************************************
+
+UDK_3_0_0 {
+    global:
+        cppunitTestPlugIn;
+
+    local:
+        *;
+};

xmlsecurity/qa/certext/makefile.mk

+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#***********************************************************************/
+
+PRJ = ../..
+PRJNAME = xmlsecurity
+TARGET = qa_certext
+
+ENABLE_EXCEPTIONS = TRUE
+
+.IF "$(OS)" == "WNT"
+my_file = file:///
+.ELSE
+my_file = file://
+.END
+
+
+.INCLUDE: settings.mk
+.INCLUDE :	$(PRJ)$/util$/target.pmk
+
+.IF "$(SYSTEM_LIBXML)" == "YES"
+CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS)
+.ENDIF
+
+.IF "$(CRYPTO_ENGINE)" == "nss"
+
+.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES"
+.IF "$(SYSTEM_MOZILLA)" != "YES"
+@all:
+	@echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss"
+.ENDIF
+.ENDIF
+
+.IF "$(SYSTEM_MOZILLA)" != "YES"
+MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla
+NSS_INC = $(MOZ_INC)$/nss
+NSPR_INC = $(MOZ_INC)$/nspr
+.ELSE
+# MOZ_INC already defined from environment
+NSS_INC = $(MOZ_NSS_CFLAGS)
+NSPR_INC = $(MOZ_INC)$/nspr
+.ENDIF
+
+.IF "$(GUI)"=="UNX"
+.IF "$(COMNAME)"=="sunpro5"
+CFLAGS += -features=tmplife
+#This flag is needed to build mozilla 1.7 code
+.ENDIF		# "$(COMNAME)"=="sunpro5"
+.ENDIF
+
+.IF "$(GUI)" == "WNT"
+.IF "$(DBG_LEVEL)" == "0"
+INCPRE += \
+-I$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+CFLAGS +=   -GR- -W3 -Gy -MD -UDEBUG
+.ELSE
+INCPRE += \
+-I$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG
+.ENDIF
+.ENDIF
+.IF "$(GUI)" == "UNX"
+INCPOST += \
+$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+.ENDIF
+
+CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT
+
+SOLARINC += \
+ -I$(MOZ_INC) \
+-I$(NSPR_INC) \
+-I$(PRJ)$/source$/xmlsec
+
+.IF "$(SYSTEM_MOZILLA)" == "YES"
+SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC)
+.ELSE
+SOLARINC += -I$(NSS_INC)
+.ENDIF
+.ENDIF
+
+
+
+
+CFLAGSCXX += $(CPPUNIT_CFLAGS)
+
+SHL1IMPLIB = i$(SHL1TARGET)
+SHL1OBJS = $(SLOFILES)
+SHL1RPATH = NONE
+SHL1STDLIBS = $(CPPUNITLIB)     \
+              $(SALLIB)         \
+              $(NEON3RDLIB)     \
+              $(CPPULIB)        \
+              $(XMLOFFLIB)      \
+	          $(CPPUHELPERLIB)	\
+	          $(SVLLIB)			\
+	          $(TOOLSLIB)	    \
+	          $(COMPHELPERLIB)
+	          
+	
+	
+.IF "$(OS)"=="SOLARIS"
+SHL1STDLIBS +=-ldl
+.ENDIF
+
+.IF "$(SYSTEM_MOZILLA)" == "YES"
+.IF "$(NSPR_LIB)" != ""
+SHL1STDLIBS += $(NSPR_LIB)
+.ENDIF
+.IF "$(NSS_LIB)" != ""
+SHL1STDLIBS += $(NSS_LIB)
+.ENDIF
+.ENDIF
+
+.IF "$(CRYPTO_ENGINE)" == "mscrypto"
+SHL1STDLIBS+= $(MSCRYPTOLIBS)
+.ELSE
+CDEFS += -DNSS_ENGINE
+SHL1STDLIBS+= $(NSSCRYPTOLIBS)
+.ENDIF	
+
+.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES"
+
+SHL1LIBS= \
+	$(SLB)$/xs_comm.lib
+
+.IF "$(CRYPTO_ENGINE)" == "mscrypto"
+SHL1LIBS += \
+	$(SLB)$/xs_mscrypt.lib
+.ELSE
+SHL1LIBS += \
+	$(SLB)$/xs_nss.lib
+.ENDIF
+
+.ENDIF	
+
+SHL1TARGET = qa_CertExt
+SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map
+DEF1NAME = $(SHL1TARGET)
+
+SLOFILES = $(SLO)/SanCertExt.obj
+
+.INCLUDE: target.mk
+
+ALLTAR : test
+
+test .PHONY : $(SHL1TARGETN)
+    $(CPPUNITTESTER) $(SHL1TARGETN) \
+        -env:UNO_TYPES=$(my_file)$(SOLARBINDIR)/types.rdb

xmlsecurity/source/xmlsec/mscrypt/makefile.mk

 	$(SLO)$/xmlsignature_mscryptimpl.obj \
 	$(SLO)$/x509certificate_mscryptimpl.obj \
 	$(SLO)$/seinitializer_mscryptimpl.obj \
-	$(SLO)$/xsec_mscrypt.obj
+	$(SLO)$/xsec_mscrypt.obj  \
+    $(SLO)$/sanextension_mscryptimpl.obj
 
 .ENDIF
 

xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx> 
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#include "sanextension_mscryptimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+	m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+	return m_xExtnValue ;
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+    
+    if (!m_Entries.hasElements())
+    {   
+        CERT_ALT_NAME_INFO *subjectName;
+        DWORD size;
+        CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size);
+
+        CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry];
+
+        for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){
+          PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i];
+
+          switch(pEntry->dwAltNameChoice) {
+            case CERT_ALT_NAME_OTHER_NAME : 
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+                    PCERT_OTHER_NAME pOtherName = pEntry->pOtherName;
+
+                    ::com::sun::star::beans::NamedValue otherNameProp;
+                    otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId);
+
+                    Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ;
+		            for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ )
+			            otherName[n] = *( pOtherName->Value.pbData + n ) ;
+                    
+                    otherNameProp.Value <<= otherName;
+
+                    arrCertAltNameEntry[i].Value <<= otherNameProp;
+                    break;
+                }
+            case CERT_ALT_NAME_RFC822_NAME :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszRfc822Name);
+                break;
+            case CERT_ALT_NAME_DNS_NAME :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszDNSName);
+                break;
+            case CERT_ALT_NAME_DIRECTORY_NAME :
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+                    
+                    Sequence< sal_Int8 > directoryName( pEntry->DirectoryName.cbData ) ;
+		            for( unsigned int n = 0; n < pEntry->DirectoryName.cbData ; n++ )
+			            directoryName[n] = *( pEntry->DirectoryName.pbData + n ) ;
+                    
+                    arrCertAltNameEntry[i].Value <<= directoryName;
+                    break;
+                }
+            case CERT_ALT_NAME_URL :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszURL);
+                break;
+            case CERT_ALT_NAME_IP_ADDRESS :
+                {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+                    
+                    Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ;
+		            for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ )
+			            ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ;
+
+                    arrCertAltNameEntry[i].Value <<= ipAddress;
+                    break;
+                }
+            case CERT_ALT_NAME_REGISTERED_ID :
+                arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+                arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID);
+                break;
+          }
+        }
+        m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry);        
+
+        delete [] arrCertAltNameEntry;
+    }
+
+    return m_Entries;
+}
+
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+	m_critical = critical ;
+	m_xExtnId = extnId ;
+	m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+	unsigned int i ;
+	if( value != NULL && vlen != 0 ) {
+		Sequence< sal_Int8 > extnv( vlen ) ;
+		for( i = 0; i < vlen ; i ++ )
+			extnv[i] = *( value + i ) ;
+
+		m_xExtnValue = extnv ;
+	} else {
+		m_xExtnValue = Sequence<sal_Int8>();
+	}
+
+	if( id != NULL && idlen != 0 ) {
+		Sequence< sal_Int8 > extnId( idlen ) ;
+		for( i = 0; i < idlen ; i ++ )
+			extnId[i] = *( id + i ) ;
+
+		m_xExtnId = extnId ;
+	} else {
+		m_xExtnId =  Sequence<sal_Int8>();
+	}
+
+	m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+

xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#define _SANEXTENSION_MSCRYPTIMPL_HXX_
+
+#ifdef _MSC_VER
+#pragma warning(push,1)
+#endif
+#include "Windows.h"
+#include "WinCrypt.h"
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+    ::com::sun::star::security::XSanExtension >
+{
+	private :
+		sal_Bool m_critical ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+
+        ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+	public :
+		SanExtensionImpl() ;
+		virtual ~SanExtensionImpl() ;
+
+		//Methods from XCertificateExtension
+		virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+        //Methods from XSanExtension
+
+		virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		//Helper method
+		void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+		void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+        void extractCertExt() ;
+} ;
+
+#endif	// _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+

xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx

 #include <list>
 #include "xmlsec/xmlsec.h"
 
+#include "sal/types.h"
+
+
 class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4<
 	::com::sun::star::xml::crypto::XSecurityEnvironment ,
 	::com::sun::star::lang::XInitialization ,

xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx

 #include <rtl/uuid.h>
 #include "x509certificate_mscryptimpl.hxx"
 #include "certificateextension_xmlsecimpl.hxx"
+#include "sanextension_mscryptimpl.hxx"
 
 //MM : added by MM
 #include "oid.hxx"
 		for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
 			pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ;
 
-			xExtn = new CertificateExtension_XmlSecImpl() ;
+
+            ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId );
+
+            if ( objId.equalsAscii("2.5.29.17") )
+                xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+            else 
+			    xExtn = new CertificateExtension_XmlSecImpl() ;
 			if( xExtn == NULL )
 				throw RuntimeException() ;
 

xmlsecurity/source/xmlsec/nss/makefile.mk

 	$(SLO)$/x509certificate_nssimpl.obj \
 	$(SLO)$/seinitializer_nssimpl.obj \
 	$(SLO)$/xsec_nss.obj \
-        $(SLO)$/secerror.obj
+	$(SLO)$/sanextension_nssimpl.obj \
+    $(SLO)$/secerror.obj
 
 
 	

xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx

+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+* 
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org.  If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx> 
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/PropertyValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+#include <seccomon.h>
+#include <cert.h>
+#include <certt.h>
+#include <secitem.h>
+#include <secport.h>
+
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+    return m_xExtnValue ;
+}
+
+namespace {
+    // Helper functions from nss/lib/certdb/genname.c
+    static int GetNamesLength(CERTGeneralName *names)
+    {
+        int              length = 0;
+        CERTGeneralName  *first;
+
+        first = names;
+        if (names != NULL) {
+            do {
+                length++;
+                names = CERT_GetNextGeneralName(names);
+            } while (names != first);
+        }
+        return length;
+    }
+
+    static SECStatus DestroyGeneralName(CERTGeneralName *name)
+    {
+        CERTGeneralName    *first;
+        CERTGeneralName    *next = NULL;
+
+        first = name;
+        do {
+            next = CERT_GetNextGeneralName(name);
+            PORT_Free(name);
+            name = next;
+        } while (name != first);
+        return SECSuccess;
+
+    }
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+
+    if (!m_Entries.hasElements())
+    {  
+        SECItem item;
+
+        item.type = siDERCertBuffer;
+        item.data = (unsigned char*) m_xExtnValue.getArray(); 
+        item.len = m_xExtnValue.getLength();
+
+        PRArenaPool *arena;
+        CERTGeneralName *nameList;
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+        if (!arena)
+            return m_Entries;
+
+        nameList = CERT_DecodeAltNameExtension(arena, &item);
+
+        CERTGeneralName* current = nameList;
+
+        int size = GetNamesLength(nameList);
+        CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size];
+        for(int i = 0; i < size ; i++){
+            switch (current->type) {
+                case certOtherName: {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+                    ::com::sun::star::beans::PropertyValue otherNameProp;
+                    otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(&current->name.OthName.oid));
+
+                    Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ;
+                    for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ )
+                        otherName[r] = *( current->name.OthName.name.data + r ) ;
+
+                    otherNameProp.Value <<= otherName;
+
+                    arrCertAltNameEntry[i].Value <<= otherNameProp; 
+                    break;
+                                    }
+                case certRFC822Name:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certDNSName:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certX400Address: {
+                    // unsupported
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS;
+                    arrCertAltNameEntry[i].value <<= Any.VOID;
+                    break;
+                                      }
+                case certDirectoryName: {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+
+                    char * directoryName = CERT_NameToAscii(&current->name.directoryName);
+
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(directoryName);
+
+                    PORT_Free(directoryName);
+                    break;
+                                        }
+                case certEDIPartyName:  {
+                    // unsupported
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME;
+                    arrCertAltNameEntry[i].Value <<= Any.VOID;
+                    break;
+                                        }
+                case certURI:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+                    break;
+                case certIPAddress: {
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+
+                    Sequence< sal_Int8 > ipAddress( current->name.other.len ) ;
+                    for( unsigned int r = 0; r < current->name.other.len ; r ++ )
+                        ipAddress[r] = *( current->name.other.data + r ) ;
+
+                    arrCertAltNameEntry[i].Value <<= ipAddress;
+                    break;
+                                    }
+                case certRegisterID:
+                    arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+                    arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(CERT_GetOidString(&current->name.other));
+                    break;
+            }
+
+
+            //    break;
+
+            current = CERT_GetNextGeneralName(current);
+        }
+
+        m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size);        
+
+        delete [] arrCertAltNameEntry;
+
+        PORT_FreeArena(arena, PR_FALSE);
+
+
+    }
+
+    return m_Entries;
+}
+
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+    m_critical = critical ;
+    m_xExtnId = extnId ;
+    m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+    unsigned int i ;
+    if( value != NULL && vlen != 0 ) {
+        Sequence< sal_Int8 > extnv( vlen ) ;
+        for( i = 0; i < vlen ; i ++ )
+            extnv[i] = *( value + i ) ;
+
+        m_xExtnValue = extnv ;
+    } else {
+        m_xExtnValue = Sequence<sal_Int8>();
+    }
+
+    if( id != NULL && idlen != 0 ) {
+        Sequence< sal_Int8 > extnId( idlen ) ;
+        for( i = 0; i < idlen ; i ++ )
+            extnId[i] = *( id + i ) ;
+
+        m_xExtnId = extnId ;
+    } else {
+        m_xExtnId =  Sequence<sal_Int8>();
+    }
+
+    m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+

xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx

+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#define _SANEXTENSION_NSSIMPL_HXX_
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+    ::com::sun::star::security::XSanExtension >
+{
+	private :
+		sal_Bool m_critical ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+		::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+
+        ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+	public :
+		SanExtensionImpl() ;
+		virtual ~SanExtensionImpl() ;
+
+		//Methods from XCertificateExtension
+		virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+        //Methods from XSanExtension
+
+		virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+		//Helper method
+		void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+		void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+        void extractCertExt() ;
+} ;
+
+#endif	// _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+

xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx

 #include "certificateextension_xmlsecimpl.hxx"
 #endif
 
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
 
 using namespace ::com::sun::star::uno ;
 using namespace ::com::sun::star::security ;
 		Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
 
 		for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
-			pExtn = new CertificateExtension_XmlSecImpl() ;
+            const SECItem id = (*extns)->id;
+            ::rtl::OString oidString(CERT_GetOidString(&id));
+            
+            // remove "OID." prefix if existing
+            ::rtl::OString objID;
+            ::rtl::OString oid("OID.");
+            if (oidString.match(oid))
+                objID = oidString.copy(oid.getLength());
+            else
+                objID = oidString;
+
+            if ( objId.equals("2.5.29.17") )
+                pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+            else 
+			    pExtn = new CertificateExtension_XmlSecImpl() ;
+
 			if( (*extns)->critical.data == NULL )
 				crit = sal_False ;
 			else
 				crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
-			pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+			pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objId.getStr(), objId.getLength(), crit ) ;
 
 			xExtns[len] = pExtn ;
 		}
 		pExtn = NULL ;
 		for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
 			if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
-				pExtn = new CertificateExtension_XmlSecImpl() ;
+				const SECItem id = (*extns)->id;
+                ::rtl::OString objId(CERT_GetOidString(&id));
+                if ( objId.equals("OID.2.5.29.17") )
+                    pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+                else 
+			        pExtn = new CertificateExtension_XmlSecImpl() ;
 				if( (*extns)->critical.data == NULL )
 					crit = sal_False ;
 				else

xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt

 V	350113102601Z		101F	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00"
 V	350113102847Z		1020	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00<
 V	350113104059Z		1021	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V	111108105139Z		1022	unknown	/C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35

xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----

xmlsecurity/test_docs/CAs/Root_11/demoCA/serial

-1022
+1023

xmlsecurity/test_docs/CAs/Root_11/openssl.cfg

 # An alternative to produce certificates that aren't 
 # deprecated according to PKIX. 
 # subjectAltName=email:move 
-subjectAltName=dirName:dn_subjectAlt
-# Copy subject details 
-# issuerAltName=issuer:copy 
- 
- 
-[dn_subjectAlt]
-CN=User 14 Root 11
+subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+[dir_sect]
+C=DE
+O=OpenOffice.org
+OU=Development
+CN=User 32 Root 11
  
 [ v3_req ] 
  

xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.