java – 证书主题和颁发者中的属性相反

前端之家收集整理的这篇文章主要介绍了java – 证书主题和颁发者中的属性相反前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试使用bouncycastle 1.46生成X509证书,代码如下.
我遇到的问题是,当证书在JKS中写入然后重新读取时,DN会被反转.
例如,如果我运行下面的代码,我得到以下输出
CN=test,O=gina
CN=test,O=gina
O=gina,CN=test

有人知道这个的原因吗?怎么避免呢?
提前致谢.

码:

public static void main(String[] args) {
    try {
        Security.addProvider(new BouncyCastleProvider());

        KeyPair pair = generateKeyPair("RSA",1024);
        X500Name principal = new X500Name("cn=test,o=gina");
        System.out.println(principal);
        BigInteger sn = BigInteger.valueOf(1234);
        Date start = today();
        Date end = addYears(start,2);
        X509Certificate cert = generateCert(principal,pair,sn,start,end,"SHA1withRSA");
        cert.verify(pair.getPublic());
        System.out.println(cert.getSubjectDN());

        // Store the certificate in the JKS
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(null,null);
        ks.setKeyEntry("alias",pair.getPrivate(),KEY_PWD,new X509Certificate[] {cert});
        X509Certificate c
                = (X509Certificate)ks.getCertificateChain("alias")[0];
        System.out.println(c.getSubjectDN());
        OutputStream out = new FileOutputStream("text.jks");
        try {
            ks.store(out,KEYSTORE_PWD);
        } finally {
            out.close();
        }

        // Reread the JKS
        ks = KeyStore.getInstance("JKS");
        InputStream in = new FileInputStream("text.jks");
        try {
            ks.load(in,KEYSTORE_PWD);
        } finally {
            in.close();
        }
        c = (X509Certificate)ks.getCertificateChain("alias")[0];
        c.verify(pair.getPublic());
        System.out.println(c.getSubjectDN());
    } catch (Exception e) {
        e.printStackTrace();
    }
}

private static X509Certificate generateCert(X500Name principal,KeyPair pair,BigInteger sn,Date start,Date end,String sigalg)
        throws OperatorCreationException,CertificateException {
    JcaX509v3CertificateBuilder certGen
            = new JcaX509v3CertificateBuilder(principal,principal,pair.getPublic());
    JcaContentSignerBuilder builder
            = new JcaContentSignerBuilder(sigalg);
    builder.setProvider("BC");
    ContentSigner signr = builder.build(pair.getPrivate());
    X509CertificateHolder certHolder = certGen.build(signr);
    JcaX509CertificateConverter conv
            = new JcaX509CertificateConverter();
    conv.setProvider("BC");
    return conv.getCertificate(certHolder);
}

private static KeyPair generateKeyPair(String algorithm,int keySize)
        throws NoSuchAlgorithmException {
    KeyPairGenerator gen = KeyPairGenerator.getInstance(algorithm);
    gen.initialize(keySize);
    return gen.generateKeyPair();
}

private static Date today() {
    Calendar cal = Calendar.getInstance();
    cal.set(Calendar.HOUR_OF_DAY,0);
    cal.set(Calendar.MINUTE,0);
    cal.set(Calendar.SECOND,0);
    cal.set(Calendar.MILLISECOND,0);
    return cal.getTime();
}

private static Date addYears(Date date,int count) {
    Calendar cal = Calendar.getInstance();
    cal.setTime(date);
    cal.add(Calendar.YEAR,count);
    return cal.getTime();
}

解决方法

我遇到了同样的问题并迅速解决了以下问题:
//CREATES AN X500 CA SUBJECT FOR ISSUER

X500Name issuerName = new JcaX509CertificateHolder((X509Certificate) caCert).getSubject();

然后我使用它与以下内容

//CONSTRUCTS THE X509 CERTIFIFATE OBJECT

X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
issuerName,serialNumber,startDate,endDate,DevCsr.getSubject(),DevCsr.getSubjectPublicKeyInfo());

Java Keystore结束实体证书中的颁发者名称现在以正确的顺序显示.

干杯!

猜你在找的Java相关文章