java – 证书主题和颁发者中的属性相反
发布时间:2020-12-15 00:27:36 所属栏目:Java 来源:网络整理
导读:我正在尝试使用bouncycastle 1.46生成X509证书,代码如下. 我遇到的问题是,当证书在JKS中写入然后重新读取时,DN会被反转. 例如,如果我运行下面的代码,我得到以下输出: CN=test,O=ginaCN=test,O=ginaO=gina,CN=test 有人知道这个的原因吗?怎么避免呢? 提前
我正在尝试使用bouncycastle 1.46生成X509证书,代码如下.
我遇到的问题是,当证书在JKS中写入然后重新读取时,DN会被反转. 例如,如果我运行下面的代码,我得到以下输出: CN=test,O=gina CN=test,O=gina O=gina,CN=test 有人知道这个的原因吗?怎么避免呢? 码: public static void main(String[] args) { try { Security.addProvider(new BouncyCastleProvider()); KeyPair pair = generateKeyPair("RSA",1024); X500Name principal = new X500Name("cn=test,o=gina"); System.out.println(principal); BigInteger sn = BigInteger.valueOf(1234); Date start = today(); Date end = addYears(start,2); X509Certificate cert = generateCert(principal,pair,sn,start,end,"SHA1withRSA"); cert.verify(pair.getPublic()); System.out.println(cert.getSubjectDN()); // Store the certificate in the JKS KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null,null); ks.setKeyEntry("alias",pair.getPrivate(),KEY_PWD,new X509Certificate[] {cert}); X509Certificate c = (X509Certificate)ks.getCertificateChain("alias")[0]; System.out.println(c.getSubjectDN()); OutputStream out = new FileOutputStream("text.jks"); try { ks.store(out,KEYSTORE_PWD); } finally { out.close(); } // Reread the JKS ks = KeyStore.getInstance("JKS"); InputStream in = new FileInputStream("text.jks"); try { ks.load(in,KEYSTORE_PWD); } finally { in.close(); } c = (X509Certificate)ks.getCertificateChain("alias")[0]; c.verify(pair.getPublic()); System.out.println(c.getSubjectDN()); } catch (Exception e) { e.printStackTrace(); } } private static X509Certificate generateCert(X500Name principal,KeyPair pair,BigInteger sn,Date start,Date end,String sigalg) throws OperatorCreationException,CertificateException { JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal,principal,pair.getPublic()); JcaContentSignerBuilder builder = new JcaContentSignerBuilder(sigalg); builder.setProvider("BC"); ContentSigner signr = builder.build(pair.getPrivate()); X509CertificateHolder certHolder = certGen.build(signr); JcaX509CertificateConverter conv = new JcaX509CertificateConverter(); conv.setProvider("BC"); return conv.getCertificate(certHolder); } private static KeyPair generateKeyPair(String algorithm,int keySize) throws NoSuchAlgorithmException { KeyPairGenerator gen = KeyPairGenerator.getInstance(algorithm); gen.initialize(keySize); return gen.generateKeyPair(); } private static Date today() { Calendar cal = Calendar.getInstance(); cal.set(Calendar.HOUR_OF_DAY,0); cal.set(Calendar.MINUTE,0); cal.set(Calendar.SECOND,0); cal.set(Calendar.MILLISECOND,0); return cal.getTime(); } private static Date addYears(Date date,int count) { Calendar cal = Calendar.getInstance(); cal.setTime(date); cal.add(Calendar.YEAR,count); return cal.getTime(); } 解决方法
我遇到了同样的问题并迅速解决了以下问题:
//CREATES AN X500 CA SUBJECT FOR ISSUER X500Name issuerName = new JcaX509CertificateHolder((X509Certificate) caCert).getSubject(); 然后我使用它与以下内容: //CONSTRUCTS THE X509 CERTIFIFATE OBJECT X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( issuerName,serialNumber,startDate,endDate,DevCsr.getSubject(),DevCsr.getSubjectPublicKeyInfo()); Java Keystore结束实体证书中的颁发者名称现在以正确的顺序显示. 干杯! (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |