如何在Java中从X509Certificate中提取CN? [英] How to extract CN from X509Certificate in Java?
问题描述
我正在使用 SslServerSocket
和客户端证书,并希望从客户端的 X509Certificate
的 SubjectDN 中提取 CN.
I am using a SslServerSocket
and client certificates and want to extract the CN from the SubjectDN from the client's X509Certificate
.
目前我调用 cert.getSubjectX500Principal().getName()
但这当然给了我客户端的总格式化 DN.出于某种原因,我只对 DN 的 CN=theclient
部分感兴趣.有没有办法在不自己解析字符串的情况下提取DN的这部分?
At the moment I call cert.getSubjectX500Principal().getName()
but this of course gives me the total formatted DN of the client. For some reason I am just interested in the CN=theclient
part of the DN. Is there a way to extract this part of the DN without parsing the String myself?
推荐答案
这是新的未弃用 BouncyCastle API 的一些代码.您将需要 bcmail 和 bcprov 分发版.
Here's some code for the new non-deprecated BouncyCastle API. You'll need both bcmail and bcprov distributions.
X509Certificate cert = ...;
X500Name x500name = new JcaX509CertificateHolder(cert).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
return IETFUtils.valueToString(cn.getFirst().getValue());
这篇关于如何在Java中从X509Certificate中提取CN?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!