为什么将码头证明书主体参数S转换为ST? [英] Why jetty transformed certificate subject parameter S to ST?
问题描述
我正在使用带有主题的证书
CN = operator-1505
O = Test org
L = Moscow
S = Moscow
C = RU
但是当我试图在我的servlet中获取此证书时:
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (certificates != null && certificates.length == 1) {
X509Certificate certificate = certificates[0];
authenticate(certificate, req, resp);
}
}
变量certificate中的主题是:
CN=operator-1505, O=Test org, L=Moscow, ST=Moscow, C=RU
为什么码头将S参数转换为ST?
S(或ST)实际上不在证书中.它包含的是对象标识符(OID) 2.5.4.8 .
OpenSSL以前具有刻薄的评论说此OID的缩写形式的权威性答案为"ST",而Microsoft使用的是"S".
可能是这样的情况,两个不同的RFC以不同的短格式引用了相同的OID,并且每个库最终都有自己的答案,以表示对该特定值使用什么.
如果您可以使用在各种环境中都应该稳定的OID值来打印名称,但是否则,您可能只需要想出一种在S=或ST=上进行匹配的方法即可.
编辑:我很高兴地注意到 6.3.3州或省名称 州或省名称"属性类型指定州或省.当用作目录名称的组成部分时,它标识地理分区,在该地理分区中,命名对象实际位于其中或以其他重要方式与之关联. 州或省名称的属性值是一个字符串,例如 S ="Ohio"
(强调我的名字,可惜我不能同时强调和保留空格的" LDAP-NAME {"st"} ) I'm using certificate with subject But when I'm trying to get this certificate in my servlet: Subject in Why jetty transformed S parameter to ST? The OpenSSL used to have a snarky comment saying that an authoritative answer for the short form of this OID is "ST", but that Microsoft used "S". It's probably the case that two different RFCs referenced the same OID with different short forms, and each library just ends up with its own answer for what to use for that particular value. If you can print the name using OID values that should be stable across environments, but otherwise you may just have to come up with a way to match on Edit: I'm amused to note that ITU-T X.520 (2012/10) says that "ST" is the correct answer, while using S= as an example: 6.3.3 State or Province Name The State or Province Name attribute type specifies a state or province. When used as a component of a directory name, it identifies a geographical subdivision in which the named object is physically located or with which it is associated in some other important way. An attribute value for State or Province Name is a string, e.g., S = "Ohio"
(emphasis mine, and sadly I can't have the "LDAP-NAME {"st"}" both emphasized and whitespace-preserving) 这篇关于为什么将码头证明书主体参数S转换为ST?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
stateOrProvinceName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX UnboundedDirectoryString
LDAP-SYNTAX directoryString.&id
LDAP-NAME {"st"}
ID id-at-stateOrProvinceName }
CN = operator-1505
O = Test org
L = Moscow
S = Moscow
C = RU
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
if (certificates != null && certificates.length == 1) {
X509Certificate certificate = certificates[0];
authenticate(certificate, req, resp);
}
}
certificate variable is:CN=operator-1505, O=Test org, L=Moscow, ST=Moscow, C=RU
S (or ST) isn't really in the certificate. What it contains is the Object Identifier (OID) 2.5.4.8.S= or ST=.
stateOrProvinceName ATTRIBUTE ::= {
SUBTYPE OF name
WITH SYNTAX UnboundedDirectoryString
LDAP-SYNTAX directoryString.&id
LDAP-NAME {"st"}
ID id-at-stateOrProvinceName }
