in pkg/controller/common/certificates/x509_othername.go [154:220]
func ParseSANGeneralNamesOtherNamesOnly(c *x509.Certificate) ([]GeneralName, error) {
var generalNames []GeneralName
for _, ext := range c.Extensions {
//nolint:nestif
if SubjectAlternativeNamesObjectIdentifier.Equal(ext.Id) {
// rfc: should be wrapped in a sequence node:
var generalNamesValue asn1.RawValue
rest, err := asn1.Unmarshal(ext.Value, &generalNamesValue)
if err != nil {
return nil, err
}
if len(rest) != 0 {
return nil, errors.New("trailing data after SubjectAlternativeNames")
}
if generalNamesValue.Class != asn1.ClassUniversal || generalNamesValue.Tag != asn1.TagSequence {
return nil, errors.New("invalid GeneralNames class or tag")
}
rest = generalNamesValue.Bytes
for len(rest) != 0 {
var generalName asn1.RawValue
rest, err = asn1.Unmarshal(rest, &generalName)
if err != nil {
return nil, err
}
if generalName.Class == asn1.ClassContextSpecific {
switch generalName.Tag {
case 0:
// OtherName ::= SEQUENCE {
// type-id OBJECT IDENTIFIER,
// value [0] EXPLICIT ANY DEFINED BY type-id }
var otherNameTypeObjectIdentifier asn1.ObjectIdentifier
otherNameValueBytes, err := asn1.Unmarshal(generalName.Bytes, &otherNameTypeObjectIdentifier)
if err != nil {
return nil, err
}
var value asn1.RawValue
vrest, err := asn1.Unmarshal(otherNameValueBytes, &value)
if err != nil {
return nil, err
}
if len(vrest) != 0 {
return nil, errors.New("trailing data after OtherName value")
}
generalNames = append(generalNames, GeneralName{
OtherName: OtherName{
OID: otherNameTypeObjectIdentifier,
Value: value,
},
})
default:
// only used in tests
ulog.Log.Info("Ignoring unsupported GeneralNames tag", "tag", generalName.Tag, "subject", c.Subject)
}
}
}
}
}
return generalNames, nil
}