Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unique Identifier for certificate Issuer (X509Name)

in my app I'm using the sha256 of the issuer Name (x509CertImpl.getIssuerDN().getName()) and the certificate serial number to uniquely identify a certificate, but now I have realized that other implementations of X509Name as the implementation of Bouncy Castle library displays something different when I call bcX509Name.getName() so this identifier doesn't work for me... my question is how could I get an unique identifier for an X509Name... maybe an ASN.1 or DER encoded representation of both will be the same.

like image 744
Jaime Hablutzel Avatar asked Oct 25 '22 04:10

Jaime Hablutzel


1 Answers

It is not clear from the question whether you are using a java.security.cert.X509Certificate, or some Bouncy Castle class that doesn't use the JCA interfaces.

In any case, there should be a method that returns an object that represents the issuer's X.500 name. This object should have a method that returns the ASN.1 encoding of the name as a byte array. Use this as a component of your key.

If you are using the standard X509Certificate or Bouncy Castle's X509CertificateObject, use something like this (and if you aren't using one of these classes, please be more specific):

X509Certificate x = ...;
byte[] issuer = x.getIssuerX500Principal().getEncoded();
like image 154
erickson Avatar answered Oct 31 '22 09:10

erickson