List of usage examples for org.bouncycastle.cert.jcajce JcaX509v3CertificateBuilder addExtension
public X509v3CertificateBuilder addExtension(Extension extension) throws CertIOException
From source file:org.metaeffekt.dcc.commons.pki.CertificateManager.java
License:Apache License
private X509Certificate generateCertificate() throws GeneralSecurityException, IOException, OperatorException { String issuerComponentName = getIssuerComponentName(); // determine signer; per default issuer is signer (issuer can be subject --> self-signed) String signerComponentName = getSignerComponentName(issuerComponentName); if (signerComponentName.equals(componentName)) { // self-signed certs is not our goal if (BOOLEAN_STRING_FALSE.equals(getProperty(PROPERTY_CERT_SELFSIGNED, BOOLEAN_STRING_FALSE))) { return null; }/*from w w w .ja v a2 s . com*/ } PublicKey publicKey = loadPublicKey(); final Calendar begin = getValidityPeriodBegin(); final Calendar end = getValidityPeriodEnd(begin); final X500Name name = createSubjectNameBuilder(); final BigInteger serialNo = new BigInteger(String.valueOf(random.nextInt())); JcaX509v3CertificateBuilder certBuilder = null; X509Certificate issuerCertificate = null; if (issuerComponentName.equals(componentName)) { // check whether this and the issuer are the same and user the already constructed name if (issuerComponentName.equals(componentName)) { certBuilder = new JcaX509v3CertificateBuilder(name, serialNo, begin.getTime(), end.getTime(), name, publicKey); } } else { // lookup the certificate of the referenced issuer File issuerDir = new File(componentBaseDir, issuerComponentName); File issuerCert = new File(issuerDir, FILENAME_CERT); if (issuerCert.exists()) { issuerCertificate = (X509Certificate) KeyUtils.loadCertificate(issuerCert.getPath()); certBuilder = new JcaX509v3CertificateBuilder(issuerCertificate, serialNo, begin.getTime(), end.getTime(), name, publicKey); } } if (certBuilder == null) { // issuer cert was not found. Potentially it was not yet created return null; } List<Extension> extensions = createExtensions(publicKey, issuerCertificate); for (Extension extension : extensions) { certBuilder.addExtension(extension); } // load the private key of the signer (signer may be issuer, may be self) PrivateKey signerPrivateKey = null; File signerDir = new File(componentBaseDir, signerComponentName); File signerPrivateKeyFile = new File(signerDir, FILENAME_PRIVATE_KEY); if (signerPrivateKeyFile.exists()) { signerPrivateKey = KeyUtils.loadKey(signerPrivateKeyFile.getPath()); } else { // when we cannot access the signer we cannot provide a certificate return null; } final String signatureAlgorithm = getProperty(PROPERTY_CERT_SIGNATURE_ALGORITHM, DEFAULT_SIGNING_ALGORITHM); final X509CertificateHolder certificateHolder = certBuilder .build(new JcaContentSignerBuilder(signatureAlgorithm).build(signerPrivateKey)); return new JcaX509CertificateConverter().getCertificate(certificateHolder); }