如何在 Java 程序中设置 SubjectAltName
How to set SubjectAltName in Java program
我有下面的 java 代码来生成 CSR,但我不确定如何在下面的代码中添加 SubjectAltNames。假设我想在这里添加两个 SAN,如 a1.example.ca 和 a2.example.ca。请帮助在下面的程序中在哪里以及如何添加 SubjectAltName。
public static void createCSR() throws NoSuchAlgorithmException, OperatorCreationException, IOException {
Provider bc = new
org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.insertProviderAt(bc, 1);
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair pair = gen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
X500Principal subject = new X500Principal("C=CN, ST=ON, L=Brmpt, O=loblaw, OU=network, CN=abc.example.ca, EMAILADDRESS=john.adam@test.ca");
ContentSigner signGen = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey);
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
PKCS10CertificationRequest csr = builder.build(signGen);
OutputStreamWriter output = new OutputStreamWriter(System.out);
PEMWriter pem = new PEMWriter(output);
pem.writeObject(csr);
pem.writeObject(privateKey);
pem.close();
}
您需要向 PKCS10CertificationRequestBuilder 添加一个属性,以请求证书上的扩展集:
//import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
//import org.bouncycastle.asn1.x509.Extension;
//import org.bouncycastle.asn1.x509.Extensions;
//import org.bouncycastle.asn1.x509.GeneralName;
//import org.bouncycastle.asn1.x509.GeneralNames;
GeneralName[] subjectAltNames = new GeneralName[]{
new GeneralName(GeneralName.dNSName, "a1.example.ca"),
new GeneralName(GeneralName.dNSName, "a2.example.ca")
};
Extension[] extensions = new Extension[] {
Extension.create(Extension.subjectAlternativeName, true, new GeneralNames(subjectAltNames))
};
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions));
我有下面的 java 代码来生成 CSR,但我不确定如何在下面的代码中添加 SubjectAltNames。假设我想在这里添加两个 SAN,如 a1.example.ca 和 a2.example.ca。请帮助在下面的程序中在哪里以及如何添加 SubjectAltName。
public static void createCSR() throws NoSuchAlgorithmException, OperatorCreationException, IOException {
Provider bc = new
org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.insertProviderAt(bc, 1);
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair pair = gen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
X500Principal subject = new X500Principal("C=CN, ST=ON, L=Brmpt, O=loblaw, OU=network, CN=abc.example.ca, EMAILADDRESS=john.adam@test.ca");
ContentSigner signGen = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey);
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
PKCS10CertificationRequest csr = builder.build(signGen);
OutputStreamWriter output = new OutputStreamWriter(System.out);
PEMWriter pem = new PEMWriter(output);
pem.writeObject(csr);
pem.writeObject(privateKey);
pem.close();
}
您需要向 PKCS10CertificationRequestBuilder 添加一个属性,以请求证书上的扩展集:
//import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
//import org.bouncycastle.asn1.x509.Extension;
//import org.bouncycastle.asn1.x509.Extensions;
//import org.bouncycastle.asn1.x509.GeneralName;
//import org.bouncycastle.asn1.x509.GeneralNames;
GeneralName[] subjectAltNames = new GeneralName[]{
new GeneralName(GeneralName.dNSName, "a1.example.ca"),
new GeneralName(GeneralName.dNSName, "a2.example.ca")
};
Extension[] extensions = new Extension[] {
Extension.create(Extension.subjectAlternativeName, true, new GeneralNames(subjectAltNames))
};
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions));