X500 Agreed Distinguished Name Order

Question

X500 Agreed Distinguished Name Order

I am using the Bouncycastle lib to create certificates from PKCS10 requests using the X509v3CertificateBuilder class.

It returns an X509CertificateHolder object that contains the generated certificate. If I call getIssuer on the holder, it returns the issuer outstanding name in the correct order (the same is returned if I call getSubjectX500Principal () in the issuer certificate), if I parse the encoded version from the holder using java CertificateFactory, getIssuerX500Principal () of the generated certificate returns DN in reverse, what's wrong?

Here is a sample code of what I'm trying to do:

X509CertificateHolder holder = certBuilder.build(sigGen); holder.getIssuer(); //Returns the DN in the correct order (same as in issuer cert) CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded())); cert.getIssuerX500Principal().getName(); //Returns issuer DN in reverse order

+5

java x509 bouncycastle distinguishedname

Daniel Jun 03 '12 at 16:18

source share

1 answer

Daniel · Accepted Answer · 2012-06-06T14:20:37+0000

Since I need to compare distinguished names, I decided by parsing the DN with the LdapName class and comparing the parsed rdns:

 boolean DNmatches(X500Principal p1, X500Principal p2) { List<Rdn> rdn1 = new LdapName(p1.getName()).getRdns(); List<Rdn> rdn2 = new LdapName(p2.getName()).getRdns(); if(rdn1.size() != rdn2.size()) return false; return rdn1.containsAll(rdn2); }

X500 Agreed Distinguished Name Order

More articles: