Unique Identifier for certificate Issuer (X509Name)

StackOverflow https://stackoverflow.com/questions/6819095

Question

in my app I'm using the sha256 of the issuer Name (x509CertImpl.getIssuerDN().getName()) and the certificate serial number to uniquely identify a certificate, but now I have realized that other implementations of X509Name as the implementation of Bouncy Castle library displays something different when I call bcX509Name.getName() so this identifier doesn't work for me... my question is how could I get an unique identifier for an X509Name... maybe an ASN.1 or DER encoded representation of both will be the same.

Was it helpful?

Solution

It is not clear from the question whether you are using a java.security.cert.X509Certificate, or some Bouncy Castle class that doesn't use the JCA interfaces.

In any case, there should be a method that returns an object that represents the issuer's X.500 name. This object should have a method that returns the ASN.1 encoding of the name as a byte array. Use this as a component of your key.

If you are using the standard X509Certificate or Bouncy Castle's X509CertificateObject, use something like this (and if you aren't using one of these classes, please be more specific):

X509Certificate x = ...;
byte[] issuer = x.getIssuerX500Principal().getEncoded();

OTHER TIPS

IssuerDN is a complex structure and different libraries might have different mechanisms of "serializing" it to string. So you might need to re-think your approach. In general it's ok to use hash of the certificate itself (in whole) + serial number comparison (to bring possibility of collision to almost 0).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top