How must I format IP Address for SubjectAlternativeName in X509 certificate created by BouncyCastle?

问题

I use BouncyCastle to generate certificats. Now I want to add some SubjectAlternativeName, just like:

...
ArrayList namesList = new ArrayList();
namesList.add(new GeneralName(GeneralName.dNSName, "*.test"));
namesList.add(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
namesList.add(new GeneralName(GeneralName.rfc822Name, "zoltar@spkac.spectra.org"));
GeneralNames subjectAltNames = new GeneralNames(new DERSequence((GeneralName[])namesList.toArray(new GeneralName [] {})));
new_cert.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltNames);
...

Program executes without exception, but then I cannot see "IP Address". With openssl I see:

...
DNS:*.test, IP Address:<invalid>, email:zoltar@spkac.spectra.org
...

What is the correct form of IP address in call of GeneralName(GeneralName.iPAddress, ...))?

回答1:

I think it was problem with very old BouncyCastle library. Application used version 1.39 from year 2008. So I upgraded BC to version 1.56 (December 2016) and rewrote application because BC changed some API. Now I see:

DNS:*.test, IP Address:127.0.0.1, email:zoltar@spkac.spectra.org

来源：https://stackoverflow.com/questions/43677981/how-must-i-format-ip-address-for-subjectalternativename-in-x509-certificate-crea