2012-06-03 65 views
5

我正在使用Bouncycastle lib使用X509v3CertificateBuilder類從PKCS10請求生成證書。X500Principal Distinguished Name order

它返回構建包含生成的證書的X509CertificateHolder對象。 如果我對持有者調用getIssuer,它會以正確的順序返回發行者專有名稱(如果我在發行者證書上調用getSubjectX500Principal(),則返回相同的返回值),如果我使用java CertificateFactory從持有者解析編碼版本,生成的證書的getIssuerX500Principal()方法以相反順序返回DN,出了什麼問題?

這裏是什麼,我試圖做一個示例代碼:用LdapName類解析DN和比較解析RDNS

X509CertificateHolder holder = certBuilder.build(sigGen); 
holder.getIssuer(); //Returns the DN in the correct order (same as in issuer cert) 

CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded())); 

cert.getIssuerX500Principal().getName(); //Returns issuer DN in reverse order 

回答

4

因爲我需要比較傑出的名字,我決定:

boolean DNmatches(X500Principal p1, X500Principal p2) { 
    List<Rdn> rdn1 = new LdapName(p1.getName()).getRdns(); 
    List<Rdn> rdn2 = new LdapName(p2.getName()).getRdns(); 

    if(rdn1.size() != rdn2.size()) 
     return false; 

    return rdn1.containsAll(rdn2); 
} 
相關問題