spalladino · March 20, 2018 13:38
diff --git a/san.msupn.rb b/san.msupn.rb
 cert = OpenSSL::X509::Certificate.new(certificate_string)
 subject_alt_name = cert.extensions.find {|e| e.oid == "subjectAltName"}

 # Parse the subject alternate name certificate extension as ASN1, first value should be the key
 asn_san = OpenSSL::ASN1.decode(subject_alt_name)
 raise "Expected ASN1 Subject Alternate Name extension key to be subjectAltName but was #{asn_san.value[0].value}" if asn_san.value[0].value != 'subjectAltName'

 # And the second value should be a nested ASN1 sequence
 asn_san_sequence = OpenSSL::ASN1.decode(asn_san.value[1].value)

 # Iterate through the ASN1 sequence looking for the msUPN key
 asn_san_sequence.each do |asn_data|
  # As before, first value is the key
  key = asn_data.value[0].value
  next if key != 'msUPN'
  # And second value contains the actual data, return it if the key was msUPN
  email = asn_data.value[1].value[0].value
  return email
 end

 # Raise if we iterated through the sequence and did not find the key
 raise "Extension msUPN not found"
diff --git a/san.std.rb b/san.std.rb
 cert = OpenSSL::X509::Certificate.new(certificate_string)
 subject_alt_name = cert.extensions.find {|e| e.oid == "subjectAltName"}
 return subject_alt_name.value

 # On a standard certificate...
 # 'email:[email protected]'

 # On a MS certificate...
 # 'othername:<unsupported>, othername:<unsupported>'
	cert = OpenSSL::X509::Certificate.new(certificate_string)
	subject_alt_name = cert.extensions.find {\|e\| e.oid == "subjectAltName"}

	# Parse the subject alternate name certificate extension as ASN1, first value should be the key
	asn_san = OpenSSL::ASN1.decode(subject_alt_name)
	raise "Expected ASN1 Subject Alternate Name extension key to be subjectAltName but was #{asn_san.value[0].value}" if asn_san.value[0].value != 'subjectAltName'

	# And the second value should be a nested ASN1 sequence
	asn_san_sequence = OpenSSL::ASN1.decode(asn_san.value[1].value)

	# Iterate through the ASN1 sequence looking for the msUPN key
	asn_san_sequence.each do \|asn_data\|
	# As before, first value is the key
	key = asn_data.value[0].value
	next if key != 'msUPN'
	# And second value contains the actual data, return it if the key was msUPN
	email = asn_data.value[1].value[0].value
	return email
	end

	# Raise if we iterated through the sequence and did not find the key
	raise "Extension msUPN not found"
	cert = OpenSSL::X509::Certificate.new(certificate_string)
	subject_alt_name = cert.extensions.find {\|e\| e.oid == "subjectAltName"}
	return subject_alt_name.value

	# On a standard certificate...
	# 'email:[email protected]'

	# On a MS certificate...
	# 'othername:<unsupported>, othername:<unsupported>'