如何验证 Java 中的可分辨名称 (DN)?

How to validate Distinguish Name(DN) in Java?

我正在尝试验证 java 中的 DN。 到目前为止,我已经尝试使用 Bouncy castle libry

来验证它
private boolean isValidDn(String dn) {
    try {
        X509Name name = new X509Name(dn);
        return true;
    } catch (IllegalArgumentException e) {

    }
    return false;
}

此代码有效,但问题是此代码允许有多个 CN。

例如:此代码 return CN=first,CN=second,ou=org,ou=org2,c=US

但我想验证 return 仅当存在 cn、ou、o、c 等时才为真。

如有任何帮助,我们将不胜感激。

如果您使用以下枚举,您应该能够为 X500NameX509Name.

迭代每个可能的元素
public enum MyBCStyle {

    /**
     * country code - StringType(SIZE(2))
     */
    C(BCStyle.C),

    /**
     * organization - StringType(SIZE(1..64))
     */
    O(BCStyle.O ),

    /**
     * organizational unit name - StringType(SIZE(1..64))
     */
    OU(BCStyle.OU),

    /**
     * Title
     */
    T(BCStyle.T ),

    /**
     * common name - StringType(SIZE(1..64))
     */
    CN(BCStyle.CN ),

    /**
     * device serial number name - StringType(SIZE(1..64))
     */
    SN(BCStyle.SN ),

    /**
     * street - StringType(SIZE(1..64))
     */
    STREET(BCStyle.STREET ),

    /**
     * device serial number name - StringType(SIZE(1..64))
     */
    SERIALNUMBER(BCStyle.SERIALNUMBER),

    /**
     * locality name - StringType(SIZE(1..64))
     */
    L(BCStyle.L ),

    /**
     * state, or province name - StringType(SIZE(1..64))
     */
    ST(BCStyle.ST ),

    /**
     * Naming attributes of type X520name
     */
    SURNAME(BCStyle.SURNAME ),
    GIVENNAME(BCStyle.GIVENNAME ),
    INITIALS(BCStyle.INITIALS ),
    GENERATION(BCStyle.GENERATION ),
    UNIQUE_IDENTIFIER(BCStyle.UNIQUE_IDENTIFIER ),

    /**
     * businessCategory - DirectoryString(SIZE(1..128)
     */
    BUSINESS_CATEGORY(BCStyle.BUSINESS_CATEGORY ),

    /**
     * postalCode - DirectoryString(SIZE(1..40)
     */
    POSTAL_CODE(BCStyle.POSTAL_CODE ),

    /**
     * dnQualifier - DirectoryString(SIZE(1..64)
     */
    DN_QUALIFIER(BCStyle.DN_QUALIFIER ),

    /**
     * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
     */
    PSEUDONYM(BCStyle.PSEUDONYM ),


    /**
     * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
     */
    DATE_OF_BIRTH(BCStyle.DATE_OF_BIRTH ),

    /**
     * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
     */
    PLACE_OF_BIRTH(BCStyle.PLACE_OF_BIRTH ),

    /**
     * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
     */
    GENDER(BCStyle.GENDER ),

    /**
     * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
     * codes only
     */
    COUNTRY_OF_CITIZENSHIP(BCStyle.COUNTRY_OF_CITIZENSHIP ),

    /**
     * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166
     * codes only
     */
    COUNTRY_OF_RESIDENCE(BCStyle.COUNTRY_OF_RESIDENCE ),


    /**
     * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64)
     */
    NAME_AT_BIRTH(BCStyle.NAME_AT_BIRTH ),

    /**
     * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
     * DirectoryString(SIZE(1..30))
     */
    POSTAL_ADDRESS(BCStyle.POSTAL_ADDRESS ),

    /**
     * RFC 2256 dmdName
     */
    DMD_NAME(BCStyle.DMD_NAME ),

    /**
     * id-at-telephoneNumber
     */
    TELEPHONE_NUMBER(BCStyle.TELEPHONE_NUMBER),

    /**
     * id-at-name
     */
    NAME(BCStyle.NAME),

    /**
     * Email address (RSA PKCS#9 extension) - IA5String.
     * <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
     */
    EmailAddress(BCStyle.EmailAddress),

    /**
     * more from PKCS#9
     */
    UnstructuredName(BCStyle.UnstructuredName),
    UnstructuredAddress(BCStyle.UnstructuredAddress),
    E(BCStyle.E),
    DC(BCStyle.DC),

    /**
     * LDAP User id.
     */
    UID(BCStyle.UID );

    private ASN1ObjectIdentifier identifier;

    public ASN1ObjectIdentifier getIdentifier() {
        return identifier;
    }

    private MyBCStyle(ASN1ObjectIdentifier asn1ObjectIdentifier) {
        this.identifier = asn1ObjectIdentifier;
    }
}

这样,你可以

for(MyBCStyle bcStyle : MyBCStyle.values()) {
    if(x500name.getRDNs(bcStyle.getIdentifier()).length > 1) {
        throw new IllegalArgumentException("Multiple " + bcStyle.name() + " was found.");
    }
}