Is it possible to access the MS Windows certificate template name of an X509 certificate from Java?

  active-directory, java, ssl, windows, x509certificate

Using BouncyCastle library and the code below it is possible to access the MS Windows certificate template information extension of a SSL certificate stored in MS Windows’ trust/certificate store.

final KeyStore keyStore = KeyStore.getInstance("Windows-My", "SunMSCAPI");
keyStore.load(null, null);
final X509Certificate certificate = (X509Certificate)keyStore.aliases().nextElement();
// see https://docs.microsoft.com/en-us/windows/win32/seccertenroll/supported-extensions#template
final String XCN_OID_CERTIFICATE_TEMPLATE = "1.3.6.1.4.1.311.21.7";
final byte[] extensionValue = certificate.getExtensionValue(XCN_OID_CERTIFICATE_TEMPLATE);
final ASN1InputStream aIn = new ASN1InputStream(extensionValue);
ASN1Primitive asn1obj = aIn.readObject();

if (asn1obj instanceof DEROctetString)
{
   final DEROctetString octets = (DEROctetString) asn1obj;
   asn1obj = ASN1Primitive.fromByteArray(octets.getOctets());
 }
final ASN1Sequence asn1seq = ASN1Sequence.getInstance(asn1obj);
final ASN1Encodable obj1 = asn1seq.getObjectAt(0);

final ASN1Primitive certificateTemplateOID = obj1.toASN1Primitive();
System.out.println(certificateTemplateOID.toString());

It will print out something like 1.3.6.1.4.1.311.21.8…. which is the OID of the certificate template.

Now I would like to know if there is a Java method or Java library which provides a mapping of this OID to the certificate template name (as a user-friendly string) – like it is done when you click on details of a certificate in Windows certificiate store:
Certificate template information in MS Windows

Additional links:

Source: Windows Questions

LEAVE A COMMENT