如何为BouncyCastle创建的X509证书中的SubjectAlternativeName设置IP地址格式？ [英] How must I format IP Address for SubjectAlternativeName in X509 certificate created by BouncyCastle?

问题描述

我使用BouncyCastle生成证书。现在，我想添加一些 SubjectAlternativeName ，就像：

I use BouncyCastle to generate certificats. Now I want to add some SubjectAlternativeName, just like:

...
ArrayList namesList = new ArrayList();
namesList.add(new GeneralName(GeneralName.dNSName, "*.test"));
namesList.add(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
namesList.add(new GeneralName(GeneralName.rfc822Name, "zoltar@spkac.spectra.org"));
GeneralNames subjectAltNames = new GeneralNames(new DERSequence((GeneralName[])namesList.toArray(new GeneralName [] {})));
new_cert.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltNames);
...

程序无一例外执行，但是我看不到 IP地址 。使用 openssl 我看到：

Program executes without exception, but then I cannot see "IP Address". With openssl I see:

...
DNS:*.test, IP Address:<invalid>, email:zoltar@spkac.spectra.org
...

调用 GeneralName（GeneralName.iPAddress，...））时IP地址的正确形式是什么？

What is the correct form of IP address in call of GeneralName(GeneralName.iPAddress, ...))?

推荐答案

我认为这是非常老的BouncyCastle库的问题。应用程序从2008年开始使用1.39版。因此，我将BC升级到1.56版（2016年12月），并重写了应用程序，因为BC更改了一些API。现在我看到了：

I think it was problem with very old BouncyCastle library. Application used version 1.39 from year 2008. So I upgraded BC to version 1.56 (December 2016) and rewrote application because BC changed some API. Now I see:

DNS:*.test, IP Address:127.0.0.1, email:zoltar@spkac.spectra.org

这篇关于如何为BouncyCastle创建的X509证书中的SubjectAlternativeName设置IP地址格式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！