GUACAMOLE-839: Use BouncyCastle for retrieval of certificate details.

Java's build-in support for reading X.509 certificates does not deal well with PIV certificates containing the username as a "serialNumber" attribute. Rather than exposing the string value of that attribute, the Java implementation exposes a byte array that does not fully match the string value shown by a tool like OpenSSL. BouncyCastle, on the other hand, _does_ match the output of OpenSSL, and provides a predictable means of decoding the certificate.
2025-09-07 13:41:21 +00:00 · 2023-03-07 16:34:38 -08:00
parent b9958fa331
commit d0574f8d82
5 changed files with 54 additions and 18 deletions
--- a/doc/licenses/bouncycastle-pkix-fips-1.0.7/dep-coordinates.txt
+++ b/doc/licenses/bouncycastle-pkix-fips-1.0.7/dep-coordinates.txt
@@ -0,0 +1 @@
+org.bouncycastle:bcpkix-fips:jar:1.0.7