我目前使用的充气城堡,以创建一个单一的主题为这样的PKCS10要求:建立在Java
X500Principal subject = new X500Principal("CN=foo.bar.com");
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
subject, publicKey);
我现在需要受到替代品添加到PKCS10请求。我一直无法弄清楚如何做到这一点。有什么建议么?
SOLUTION:
根据在第2个答案我能想出解决办法提供了巨大的信息。在下面的工作代码中,XName是一个包含主题名称和名称类型(DNS,RFC822等)的简单类。
String signerAlgo = "SHA256withRSA";
ContentSigner signGen = new JcaContentSignerBuilder(signerAlgo).build(privateKey);
X500Principal subject = new X500Principal(csr.getSubjectAsX500NameString());
PKCS10CertificationRequestBuilder builder =
new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
/*
* Add SubjectAlternativeNames (SANs)
*/
if (csr.getSubjectAlternatives() != null && csr.getSubjectAlternatives().size() > 0) {
List<GeneralName> namesList = new ArrayList<>();
for (XName subjectAlt : csr.getSubjectAlternatives()) {
log.debug(m, d+2, "Adding SubjectAltName: %s", subjectAlt);
namesList.add(GeneralNameTool.toGeneralName(subjectAlt));
}
/*
* Use ExtensionsGenerator to add individual extensions.
*/
ExtensionsGenerator extGen = new ExtensionsGenerator();
GeneralNames subjectAltNames = new GeneralNames(namesList.toArray(new GeneralName [] {}));
extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
}
PKCS10CertificationRequest request = builder.build(signGen);
StringWriter writer = new StringWriter();
JcaPEMWriter pem = new JcaPEMWriter(writer);
pem.writeObject(request);
pem.close();
请将您的**解答**部分移至答案并将其标记为已接受。 –