我正在尝试使用 BouncyCastle (Java) 生成 x509 证书。它主要工作——我可以生成公钥/私钥、生成签名请求、设置有效性、subjectKeyInfo、基本约束、扩展密钥用法。
但我坚持添加 AIA 和 CDP 扩展 - 它添加了 URL 但格式有问题 - 我得到:
Authority Information Access:
0u..+.....0..ihttp://sslulike-cacache.s3-website.eu-west-2.amazonaws.com/ukfedtest/299b1033-a09d-47ed-b6d7-7505d7d574f5
X509v3 CRL Distribution Points:
0s0q.o.mhttp://sslulike-cacache.s3-website.eu-west-2.amazonaws.com/ukfedtest/299b1033-a09d-47ed-b6d7-7505d7d574f5.crl
如您所见,它破坏了 URL 的开头并遗漏了 Full Name: 对于 CDP,CA Issuers 对于 AIA。 与适当的证书:
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.godaddy.com/gdig2s1-4536.crl
Authority Information Access:
OCSP - URI:http://ocsp.godaddy.com/
CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
这是我的代码:
builder.addExtension(Extension.create(Extension.authorityInfoAccess, false,
new AccessDescription(
X509ObjectIdentifiers.id_ad_caIssuers,
new GeneralName(GeneralName.uniformResourceIdentifier,
new DERIA5String(org.getCertURLBase()+org.getOrgId()+"/"+keyId)
)
)));
DistributionPoint cdp = new DistributionPoint(new DistributionPointName(DistributionPointName.FULL_NAME, new DERIA5String(org.getCertURLBase()+org.getOrgId()+"/"+keyId+".crl")), null, null);
builder.addExtension(Extension.create(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{cdp})));
(输入字符串构建正确的 URL,我已经检查过了)
知道我遗漏了什么吗?
谢谢,
吉姆
OK - 让这个工作。看起来 BouncyCastle 在这里有问题,我的解决方案不一致或不是很整洁,但看起来确实有效。
中国民主党:
protected static Extension makeCDP(String url) {
try {
byte[] encodedUrl = url.getBytes("US-ASCII");
if (encodedUrl.length > 119)
throw new Exception("URL too long");
byte[] payload = new byte[encodedUrl.length + 10];
int offset = 0;
payload[offset++] = (byte)0x30;
payload[offset++] = (byte)(encodedUrl.length + 8);
payload[offset++] = (byte)0x30;
payload[offset++] = (byte)(encodedUrl.length + 6);
payload[offset++] = (byte)0xA0;
payload[offset++] = (byte)(encodedUrl.length + 4);
payload[offset++] = (byte)0xA0;
payload[offset++] = (byte)(encodedUrl.length + 2);
payload[offset++] = (byte)0x86;
payload[offset++] = (byte)(encodedUrl.length);
for (;offset < payload.length;offset++)
payload[offset] = encodedUrl[offset-10];
return new Extension(new ASN1ObjectIdentifier("2.5.29.31"),false, payload);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
}
}
友邦保险:
protected static Extension makeAIA(String url) {
DERTaggedObject caIssuers= new DERTaggedObject(false, 6, new DERIA5String(url));
ASN1EncodableVector caIssuers_ASN = new ASN1EncodableVector();
caIssuers_ASN.add(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.48.2"));
caIssuers_ASN.add(caIssuers);
DERSequence caIssuersSeq = new DERSequence(caIssuers_ASN);
ASN1EncodableVector accessSyn_ASN = new ASN1EncodableVector();
accessSyn_ASN.add(caIssuersSeq);
DERSequence AIASyntaxSeq = new DERSequence(accessSyn_ASN);
try {
return new Extension(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1"), false, new DEROctetString(AIASyntaxSeq));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
}
}