证书主题和颁发者中的属性颠倒了 [英] Attributes reversed in certificate subject and issuer
问题描述
我正在尝试使用下面的代码生成带有bouncycastle 1.46的X509证书.我的问题是,当将证书写入JKS然后重新读取时,DN会颠倒.例如,如果我运行下面的代码,则会得到以下输出:
I am trying to generate X509 certificates with bouncycastle 1.46, with the code below. The issue I have is that when a certificate is written in a JKS and then reread, the DNs are reversed. For instance, if I run the code below, I get the following output:
CN=test,O=gina
CN=test,O=gina
CN=test,O=gina
O=gina, CN=test
有人知道原因吗?如何避免呢?预先感谢.
Does anybody know the reason for this? how to avoid it? Thanks in advance.
代码:
public static void main(String[] args) {
try {
Security.addProvider(new BouncyCastleProvider());
KeyPair pair = generateKeyPair("RSA", 1024);
X500Name principal = new X500Name("cn=test,o=gina");
System.out.println(principal);
BigInteger sn = BigInteger.valueOf(1234);
Date start = today();
Date end = addYears(start, 2);
X509Certificate cert = generateCert(principal, pair, sn, start, end,
"SHA1withRSA");
cert.verify(pair.getPublic());
System.out.println(cert.getSubjectDN());
// Store the certificate in the JKS
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
ks.setKeyEntry("alias", pair.getPrivate(), KEY_PWD,
new X509Certificate[] {cert});
X509Certificate c
= (X509Certificate)ks.getCertificateChain("alias")[0];
System.out.println(c.getSubjectDN());
OutputStream out = new FileOutputStream("text.jks");
try {
ks.store(out, KEYSTORE_PWD);
} finally {
out.close();
}
// Reread the JKS
ks = KeyStore.getInstance("JKS");
InputStream in = new FileInputStream("text.jks");
try {
ks.load(in, KEYSTORE_PWD);
} finally {
in.close();
}
c = (X509Certificate)ks.getCertificateChain("alias")[0];
c.verify(pair.getPublic());
System.out.println(c.getSubjectDN());
} catch (Exception e) {
e.printStackTrace();
}
}
private static X509Certificate generateCert(X500Name principal,
KeyPair pair, BigInteger sn, Date start, Date end, String sigalg)
throws OperatorCreationException, CertificateException {
JcaX509v3CertificateBuilder certGen
= new JcaX509v3CertificateBuilder(principal, sn, start, end,
principal, pair.getPublic());
JcaContentSignerBuilder builder
= new JcaContentSignerBuilder(sigalg);
builder.setProvider("BC");
ContentSigner signr = builder.build(pair.getPrivate());
X509CertificateHolder certHolder = certGen.build(signr);
JcaX509CertificateConverter conv
= new JcaX509CertificateConverter();
conv.setProvider("BC");
return conv.getCertificate(certHolder);
}
private static KeyPair generateKeyPair(String algorithm, int keySize)
throws NoSuchAlgorithmException {
KeyPairGenerator gen = KeyPairGenerator.getInstance(algorithm);
gen.initialize(keySize);
return gen.generateKeyPair();
}
private static Date today() {
Calendar cal = Calendar.getInstance();
cal.set(Calendar.HOUR_OF_DAY, 0);
cal.set(Calendar.MINUTE, 0);
cal.set(Calendar.SECOND, 0);
cal.set(Calendar.MILLISECOND, 0);
return cal.getTime();
}
private static Date addYears(Date date, int count) {
Calendar cal = Calendar.getInstance();
cal.setTime(date);
cal.add(Calendar.YEAR, count);
return cal.getTime();
}
推荐答案
我遇到了相同的问题,并使用以下命令迅速解决了该问题:
I ran into the same issue and resolved it quickly with the following:
//CREATES AN X500 CA SUBJECT FOR ISSUER
X500Name issuerName = new JcaX509CertificateHolder((X509Certificate) caCert).getSubject();
然后我将其用于以下用途:
I then used it with the following:
//CONSTRUCTS THE X509 CERTIFIFATE OBJECT
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
issuerName,
serialNumber,
startDate, endDate,
DevCsr.getSubject(),
DevCsr.getSubjectPublicKeyInfo());
现在,Java密钥库最终实体证书中的颁发者名称会以正确的顺序显示.
The issuer name in the Java Keystore end entity certificate now shows up in the correct order.
干杯!
这篇关于证书主题和颁发者中的属性颠倒了的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!