我正在尝试使用bouncycastle 1.46生成X509证书,代码如下.
我遇到的问题是,当证书在JKS中写入然后重新读取时,DN会被反转.
例如,如果我运行下面的代码,我得到以下输出:
我遇到的问题是,当证书在JKS中写入然后重新读取时,DN会被反转.
例如,如果我运行下面的代码,我得到以下输出:
CN=test,O=gina CN=test,O=gina O=gina,CN=test
有人知道这个的原因吗?怎么避免呢?
提前致谢.
码:
public static void main(String[] args) { try { Security.addProvider(new BouncyCastleProvider()); KeyPair pair = generateKeyPair("RSA",1024); X500Name principal = new X500Name("cn=test,o=gina"); System.out.println(principal); BigInteger sn = BigInteger.valueOf(1234); Date start = today(); Date end = addYears(start,2); X509Certificate cert = generateCert(principal,pair,sn,start,end,"SHA1withRSA"); cert.verify(pair.getPublic()); System.out.println(cert.getSubjectDN()); // Store the certificate in the JKS KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null,null); ks.setKeyEntry("alias",pair.getPrivate(),KEY_PWD,new X509Certificate[] {cert}); X509Certificate c = (X509Certificate)ks.getCertificateChain("alias")[0]; System.out.println(c.getSubjectDN()); OutputStream out = new FileOutputStream("text.jks"); try { ks.store(out,KEYSTORE_PWD); } finally { out.close(); } // Reread the JKS ks = KeyStore.getInstance("JKS"); InputStream in = new FileInputStream("text.jks"); try { ks.load(in,KEYSTORE_PWD); } finally { in.close(); } c = (X509Certificate)ks.getCertificateChain("alias")[0]; c.verify(pair.getPublic()); System.out.println(c.getSubjectDN()); } catch (Exception e) { e.printStackTrace(); } } private static X509Certificate generateCert(X500Name principal,KeyPair pair,BigInteger sn,Date start,Date end,String sigalg) throws OperatorCreationException,CertificateException { JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal,principal,pair.getPublic()); JcaContentSignerBuilder builder = new JcaContentSignerBuilder(sigalg); builder.setProvider("BC"); ContentSigner signr = builder.build(pair.getPrivate()); X509CertificateHolder certHolder = certGen.build(signr); JcaX509CertificateConverter conv = new JcaX509CertificateConverter(); conv.setProvider("BC"); return conv.getCertificate(certHolder); } private static KeyPair generateKeyPair(String algorithm,int keySize) throws NoSuchAlgorithmException { KeyPairGenerator gen = KeyPairGenerator.getInstance(algorithm); gen.initialize(keySize); return gen.generateKeyPair(); } private static Date today() { Calendar cal = Calendar.getInstance(); cal.set(Calendar.HOUR_OF_DAY,0); cal.set(Calendar.MINUTE,0); cal.set(Calendar.SECOND,0); cal.set(Calendar.MILLISECOND,0); return cal.getTime(); } private static Date addYears(Date date,int count) { Calendar cal = Calendar.getInstance(); cal.setTime(date); cal.add(Calendar.YEAR,count); return cal.getTime(); }
解决方法
我遇到了同样的问题并迅速解决了以下问题:
//CREATES AN X500 CA SUBJECT FOR ISSUER X500Name issuerName = new JcaX509CertificateHolder((X509Certificate) caCert).getSubject();
然后我使用它与以下内容:
//CONSTRUCTS THE X509 CERTIFIFATE OBJECT X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( issuerName,serialNumber,startDate,endDate,DevCsr.getSubject(),DevCsr.getSubjectPublicKeyInfo());
Java Keystore结束实体证书中的颁发者名称现在以正确的顺序显示.
干杯!