The new subject hash openssl algorithm differs

前端 未结 1 1312
野性不改
野性不改 2021-02-06 17:09

I am running into an issue when managing openssl certificates from Java Framework.

openssl x509 -subject_hash ...

output differs to the one th

1条回答
  •  天涯浪人
    2021-02-06 17:24

    You are not very far from it, if you want the same result as OpenSSL new SubjectHash you must remove the leading sequence of the DN. Thus you have to do something like this :

    // --- X509_NAME -----------------------------------------------------------
    
    public static int X509_NAME_hash(X500Principal principal) {
        return X509_NAME_hash(principal, "SHA1");
    }
    
    private static int X509_NAME_hash(X500Principal principal, String algorithm) {
        try {
    
            byte[] princ = principal.getEncoded();
            final ASN1Sequence obj = (ASN1Sequence) ASN1Object.fromByteArray( princ );
    
            // Remove the leading sequence ...
            final DERSet enc = (DERSet) obj.getObjectAt(0);
            final byte[] toHash = enc.getDEREncoded();
    
            MessageDigest md = MessageDigest.getInstance(algorithm);
            byte[] digest = md.digest(toHash);
            return Memory.peekInt(digest, 0, ByteOrder.LITTLE_ENDIAN);
    
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }
    

    And with this the result is the same as OpenSSL new Subject_hash.

    0 讨论(0)
提交回复
热议问题