Skip to content

Add WolfSSLAltName class for extended SAN parsing and MS AD UPN support #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cconlon wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add WolfSSLAltName class for extended SAN parsing and MS AD UPN support #313

cconlon wants to merge 1 commit into from

Conversation

@cconlon
Copy link
Member

@cconlon cconlon commented Jan 10, 2026

This PR add a WolfSSLAltName class for access to Subject Alternative Name entries and adds getSubjectAltNamesArray() and getSubjectAltNamesExtended() methods to WolfSSLCertificate.

These changes support all RFC 5280 GeneralName types including otherName (MS AD UPN), iPAddress, and directoryName.

Includes JUnit tests for testing and regression prevention.

@cconlon cconlon self-assigned this Jan 10, 2026
@cconlon cconlon requested a review from Copilot January 10, 2026 01:06
Copilot AI reviewed Jan 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive Subject Alternative Name (SAN) parsing support to wolfSSL JNI, including a new WolfSSLAltName class for type-safe access to all RFC 5280 GeneralName types and special support for Microsoft Active Directory User Principal Names (UPNs).

Key Changes:

  • Introduces WolfSSLAltName class with type-safe API for all SAN types (otherName, DNS, IP, email, URI, directoryName, registeredID)
  • Adds getSubjectAltNamesArray(), getSubjectAltNamesExtended() methods to WolfSSLCertificate
  • Implements native JNI method X509_get_subject_alt_names_full() with complete SAN parsing including otherName OID/value extraction

Reviewed changes

Copilot reviewed 21 out of 26 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
WolfSSLAltName.java New class providing type-safe SAN access with MS UPN detection and ASN.1 parsing
WolfSSLCertificate.java Added three new SAN methods with caching and backward compatibility
com_wolfssl_WolfSSLCertificate.c Native implementation parsing all SAN types with proper JNI object creation
com_wolfssl_WolfSSLCertificate.h JNI header for new native method
WolfSSLCertificateTest.java 1700+ lines of comprehensive tests covering all SAN types and edge cases
WolfSSLX509Test.java Updated test to compare SANs order-independently per RFC 5280
generate-san-test-certs.sh Script generating test certificates with various SAN combinations
san-test/*.pem/*.der Test certificates for validation
update-certs.sh Integrated SAN cert generation into build process
infer.sh Added WolfSSLAltName to static analysis

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cconlon cconlon requested a review from Copilot January 12, 2026 17:15
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 21 out of 26 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@cconlon cconlon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cconlon