Example usage for org.bouncycastle.asn1.x509 CertificatePolicies toASN1Primitive

List of usage examples for org.bouncycastle.asn1.x509 CertificatePolicies toASN1Primitive

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.asn1.x509.*
  5. CertificatePolicies
  6. toASN1Primitive

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 CertificatePolicies toASN1Primitive.

Prototype

public ASN1Primitive toASN1Primitive()

Source Link

Document

Produce an object suitable for an ASN1OutputStream.

Usage

From source file:se.tillvaxtverket.tsltrust.webservice.daemon.ca.CertificationAuthority.java

License:Open Source License

public AaaCertificate issueXCert(AaaCertificate orgCert) throws IOException {

    DbCAParam cp = CaSQLiteUtil.getParameter(caDir, CERT_SERIAL_KEY);
    if (cp == null) {
        return null;
    }/*from ww  w . j  a  v  a2s  .co m*/
    nextSerial = cp.getIntValue();

    BigInteger certSerial = BigInteger.valueOf(nextSerial);
    List<Extension> extList = new ArrayList<>();
    Iterator<ExtensionInfo> e = orgCert.getExtensionInfoList().iterator();

    //System.out.println("Original cert extensions:");
    //Get extensions form orgCert
    boolean policy = false;
    if (e != null) {
        while (e.hasNext()) {
            ExtensionInfo ext = e.next();
            //System.out.println(ext.getObjectID().getNameAndID() + " " + ext.toString());
            //Replace policy with AnyPolicy
            if (ext.getExtensionType().equals(SupportedExtension.certificatePolicies)) {
                CertificatePolicies cpe = getAnyCertificatePolicies();
                ext.setExtDataASN1(cpe.toASN1Primitive());
                ext.setExtData(cpe.getEncoded());
                policy = true;
            }

            switch (ext.getExtensionType()) {
            case cRLDistributionPoints:
            case basicConstraints:
            case authorityInfoAccess:
            case authorityKeyIdentifier:
            case policyConstraints:
            case policyMappings:
            case qCStatements:
                break;
            default:
                if (ext.getOid().getId().equalsIgnoreCase("1.3.6.1.4.1.8301.3.5")) {
                    // German signature law validation rules
                    break;
                }
                extList.add(new Extension(ext.getOid(), ext.isCritical(), ext.getExtData()));

            }

        }
    } else {
        extList.add(
                new Extension(Extension.basicConstraints, false, new BasicConstraints(true).getEncoded("DER")));
        policy = false;
    }
    // If no policy in orgCert then add AnyPolicy to list
    if (!policy) {
        CertificatePolicies cpe = getAnyCertificatePolicies();
        extList.add(new Extension(Extension.certificatePolicies, false, cpe.getEncoded("DER")));
    }

    //Copy to extension list
    //        V3Extension[] extensions = new V3Extension[extList.size()];
    //        for (int i = 0; i < extList.size(); i++) {
    //            V3Extension ext = extList.get(i);
    //            extensions[i] = ext;
    //        }
    AaaCertificate xCert = createCertificate(orgCert, certSerial, caRoot, CertFactory.SHA256WITHRSA, extList);
    //System.out.println((char) 10 + "Issued XCert" + (char) 10 + xCert.toString(true));
    CaSQLiteUtil.addCertificate(xCert, caDir);

    //update log 
    DbCALog caLog = new DbCALog();
    caLog.setLogCode(ISSUE_EVENT);
    caLog.setEventString("Certificate issued");
    caLog.setLogParameter(nextSerial);
    caLog.setLogTime(System.currentTimeMillis());
    CaSQLiteUtil.addCertLog(caLog, caDir);

    //Store next serial number
    cp.setIntValue(nextSerial + 1);
    CaSQLiteUtil.storeParameter(cp, caDir);
    return xCert;
}