Example usage for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder addExtension

List of usage examples for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder addExtension

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.cert.jcajce.*
  5. JcaX509v3CertificateBuilder
  6. addExtension

Introduction

In this page you can find the example usage for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder addExtension.

Prototype

public X509v3CertificateBuilder addExtension(Extension extension) throws CertIOException

Source Link

Document

Add a given extension field for the standard extensions tag (tag 3).

Usage

From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java

License:Apache License

private X509Certificate generateCertificate() throws GeneralSecurityException, IOException, OperatorException {
    String issuerComponentName = getIssuerComponentName();

    // determine signer; per default issuer is signer (issuer can be subject --> self-signed)
    String signerComponentName = getSignerComponentName(issuerComponentName);

    if (signerComponentName.equals(componentName)) {
        // self-signed certs is not our goal
        if (BOOLEAN_STRING_FALSE.equals(getProperty(PROPERTY_CERT_SELFSIGNED, BOOLEAN_STRING_FALSE))) {
            return null;
        }/*from  w w  w .ja v  a2 s  . com*/
    }

    PublicKey publicKey = loadPublicKey();

    final Calendar begin = getValidityPeriodBegin();
    final Calendar end = getValidityPeriodEnd(begin);

    final X500Name name = createSubjectNameBuilder();

    final BigInteger serialNo = new BigInteger(String.valueOf(random.nextInt()));

    JcaX509v3CertificateBuilder certBuilder = null;

    X509Certificate issuerCertificate = null;

    if (issuerComponentName.equals(componentName)) {
        // check whether this and the issuer are the same and user the already constructed name
        if (issuerComponentName.equals(componentName)) {
            certBuilder = new JcaX509v3CertificateBuilder(name, serialNo, begin.getTime(), end.getTime(), name,
                    publicKey);
        }
    } else {
        // lookup the certificate of the referenced issuer
        File issuerDir = new File(componentBaseDir, issuerComponentName);
        File issuerCert = new File(issuerDir, FILENAME_CERT);
        if (issuerCert.exists()) {
            issuerCertificate = (X509Certificate) KeyUtils.loadCertificate(issuerCert.getPath());
            certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serialNo, begin.getTime(),
                    end.getTime(), name, publicKey);
        }
    }

    if (certBuilder == null) {
        // issuer cert was not found. Potentially it was not yet created
        return null;
    }

    List<Extension> extensions = createExtensions(publicKey, issuerCertificate);

    for (Extension extension : extensions) {
        certBuilder.addExtension(extension);
    }

    // load the private key of the signer (signer may be issuer, may be self)
    PrivateKey signerPrivateKey = null;
    File signerDir = new File(componentBaseDir, signerComponentName);
    File signerPrivateKeyFile = new File(signerDir, FILENAME_PRIVATE_KEY);
    if (signerPrivateKeyFile.exists()) {
        signerPrivateKey = KeyUtils.loadKey(signerPrivateKeyFile.getPath());
    } else {
        // when we cannot access the signer we cannot provide a certificate
        return null;
    }

    final String signatureAlgorithm = getProperty(PROPERTY_CERT_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM);
    final X509CertificateHolder certificateHolder = certBuilder
            .build(new JcaContentSignerBuilder(signatureAlgorithm).build(signerPrivateKey));

    return new JcaX509CertificateConverter().getCertificate(certificateHolder);
}