8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names

Reviewed-by: jnimeh, weijun, mullan
2025-08-26 14:24:46 +02:00 · 2020-03-18 09:23:57 +08:00 · 2020-03-18 09:23:57 +08:00 · 0c9f8e472f
commit 0c9f8e472f
parent a147636157
3 changed files with 110 additions and 14 deletions
--- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -4193,9 +4193,10 @@ public final class Main {
     * Create a GeneralName object from known types
     * @param t one of 5 known types
     * @param v value
+     * @param exttype X.509 extension type
     * @return which one
     */
-    private GeneralName createGeneralName(String t, String v)
+    private GeneralName createGeneralName(String t, String v, int exttype)
            throws Exception {
        GeneralNameInterface gn;
        int p = oneOf(t, "EMAIL", "URI", "DNS", "IP", "OID");
@ -4206,7 +4207,14 @@ public final class Main {
        switch (p) {
            case 0: gn = new RFC822Name(v); break;
            case 1: gn = new URIName(v); break;
-            case 2: gn = new DNSName(v); break;
+            case 2:
+                if (exttype == 3) {
+                    // Allow wildcard only for SAN extension
+                    gn = new DNSName(v, true);
+                } else {
+                    gn = new DNSName(v);
+                }
+                break;
            case 3: gn = new IPAddressName(v); break;
            default: gn = new OIDName(v); break; //4
        }
@ -4492,7 +4500,7 @@ public final class Main {
                                }
                                String t = item.substring(0, colonpos);
                                String v = item.substring(colonpos+1);
-                                gnames.add(createGeneralName(t, v));
+                                gnames.add(createGeneralName(t, v, exttype));
                            }
                            if (exttype == 3) {
                                setExt(result, new SubjectAlternativeNameExtension(
@ -4546,7 +4554,7 @@ public final class Main {
                                    oid = new ObjectIdentifier("1.3.6.1.5.5.7.48." + p);
                                }
                                accessDescriptions.add(new AccessDescription(
-                                        oid, createGeneralName(t, v)));
+                                        oid, createGeneralName(t, v, exttype)));
                            }
                            if (exttype == 5) {
                                setExt(result, new SubjectInfoAccessExtension(accessDescriptions));
@ -4569,7 +4577,7 @@ public final class Main {
                                }
                                String t = item.substring(0, colonpos);
                                String v = item.substring(colonpos+1);
-                                gnames.add(createGeneralName(t, v));
+                                gnames.add(createGeneralName(t, v, exttype));
                            }
                            setExt(result, new CRLDistributionPointsExtension(
                                    isCritical, Collections.singletonList(