我正在使用Bouncycastle lib使用X509v3CertificateBuilder类从PKCS10请求生成证书。
I'm using the Bouncycastle lib to generate certificates from PKCS10 requests using the X509v3CertificateBuilder class.
它返回构建包含生成的证书的X509CertificateHolder对象。 如果我在持有者上调用getIssuer,它会以正确的顺序返回发行者专有名称(如果我在发行者证书上调用getSubjectX500Principal(),则返回相同的名称),如果我使用java从持有者解析编码版本CertificateFactory,生成的证书的getIssuerX500Principal()方法以相反的顺序返回DN,出了什么问题?
It returns build a X509CertificateHolder object which contains the generated certificate. If I call getIssuer on the holder, it returns the issuer distinguished name in the correct order (the same returned if I call getSubjectX500Principal() on the issuer certificate), if I parse the encoded version from the holder using the java CertificateFactory, the getIssuerX500Principal() method of the generated certificate returns the DN in the opposite order, what's wrong?
以下是我正在尝试做的示例代码:
Here is an example code of what I'm trying to do:
X509CertificateHolder holder = certBuilder.build(sigGen); holder.getIssuer(); //Returns the DN in the correct order (same as in issuer cert) CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded())); cert.getIssuerX500Principal().getName(); //Returns issuer DN in reverse order推荐答案
因为我需要为了比较专有名称,我通过使用LdapName类解析DN并比较解析的rdns来解决:
Since I need to compare distinguished names, I resolved by parsing the DN with LdapName class and comparing the parsed rdns:
boolean DNmatches(X500Principal p1, X500Principal p2) { List<Rdn> rdn1 = new LdapName(p1.getName()).getRdns(); List<Rdn> rdn2 = new LdapName(p2.getName()).getRdns(); if(rdn1.size() != rdn2.size()) return false; return rdn1.containsAll(rdn2); }更多推荐
X500Principal杰出名称顺序
发布评论