update to certificate check for Subject Alt Names

diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py
index 414e071..42d3daa 100644 (file)
--- a/lib/paymentrequest.py
+++ b/lib/paymentrequest.py
@@ -71,11 +71,27 @@ class PaymentRequest:
 
         x509_1 = X509.load_cert_der_string(cert.certificate[0])
         if self.domain != x509_1.get_subject().CN:
-            ###TODO: check for subject alt names
-            ###       check for wildcards
-            print "ERROR: Certificate Subject Domain Mismatch"
-            print self.domain, x509_1.get_subject().CN
-            #return
+            validcert = False
+            try:
+                SANs = x509_1.get_ext("subjectAltName").get_value().split(",")
+                for s in SANs:
+                    s = s.strip()
+                    if s.startswith("DNS:") and s[4:] == self.domain:
+                        validcert = True
+                        print "Match SAN DNS"
+                    elif s.startswith("IP:") and s[3:] == self.domain:
+                        validcert = True
+                        print "Match SAN IP"
+                    elif s.startswith("email:") and s[6:] == self.domain:
+                        validcert = True
+                        print "Match SAN email"
+            except Exception, e:
+                print "ERROR: No SAN data"
+            if not validcert:
+                ###TODO: check for wildcards
+                print "ERROR: Certificate Subject Domain Mismatch and SAN Mismatch"
+                print self.domain, x509_1.get_subject().CN
+                return
 
         x509 = []
         CA_OU = ''