Example usage for org.bouncycastle.cert X509v2AttributeCertificateBuilder addAttribute

Introduction

In this page you can find the example usage for org.bouncycastle.cert X509v2AttributeCertificateBuilder addAttribute.

Prototype

public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType,
        ASN1Encodable[] attrValues) 

Source Link

Document

Add an attribute with multiple values to the certification request we are building.

Usage

From source file:AAModulePackage.ACHelper.java

public static X509AttributeCertificateHolder generateAttributeCertificate(X509CertificateHolder issuerCert,
        X509CertificateHolder associatedCert, PrivateKey pk, String role, String record_id,
        String record_subject, String[] record_types, String[] actions_taken) {
    //Set up the validity period.
    Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000);

    //AttributeCertificateHolder is a wrapper class for AttributeCertificates, courtesy of the Legion of Bouncy Castle.
    AttributeCertificateIssuer certIssuer = new AttributeCertificateIssuer(issuerCert.getSubject());

    /*//from   www  .  j  a  v  a  2s  . c  om
    Please note the distinction between AttributeCertificateHolder which appears to be the
    Entity in possession of the certificate, while X509AttributeCertificateHolder is a
    wrapper class for the actual certificate itself.
     */

    AttributeCertificateHolder holder = new AttributeCertificateHolder(associatedCert);
    X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, certIssuer,
            BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate);

    builder.addAttribute(NewAttributeIdentifiers.role, new DERGeneralString(role));
    builder.addAttribute(NewAttributeIdentifiers.record_id, new DERGeneralString(record_id));
    builder.addAttribute(NewAttributeIdentifiers.record_subject, new DERGeneralString(record_subject));
    builder.addAttribute(NewAttributeIdentifiers.time_stamp, new DERGeneralizedTime(new Date()));

    //record_types
    ArrayList<ASN1Encodable> rts = new ArrayList();
    for (String s : record_types) {
        rts.add(new DERGeneralString(s));
    }
    ASN1Encodable[] recTypes = rts.toArray(new DERGeneralString[rts.size()]);

    builder.addAttribute(NewAttributeIdentifiers.record_type, recTypes);

    //actions_taken
    ArrayList<ASN1Encodable> acts = new ArrayList();
    for (String s : actions_taken) {
        acts.add(new DERGeneralString(s));
    }
    ASN1Encodable[] actionsTaken = acts.toArray(new DERGeneralString[acts.size()]);
    builder.addAttribute(NewAttributeIdentifiers.actions_taken, actionsTaken);

    //Build the certificate
    X509AttributeCertificateHolder attrCert = null;
    try {
        //builds the attribute certificate, and signs it with the owner's private key.
        attrCert = builder
                .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(pk));
    } catch (OperatorCreationException e) {
        e.printStackTrace();
    }

    System.out.println("ATTRIBUTE CERTIFICATE Successfully generated.");

    return attrCert;
}

---

From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java

License:Apache License

public X509AttributeCertificateHolder generateVOMSAttributeCertificate(
        EnumSet<ACGenerationProperties> generationProperties, List<String> fqans,
        List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert,
        BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) {

    AttributeCertificateHolder holder = null;
    AttributeCertificateIssuer issuer = null;

    try {//from   w  ww  . j  av a2  s .co  m

        holder = buildHolder(holderCert);
        issuer = buildIssuer();

    } catch (CertificateEncodingException e) {
        throw new VOMSError(e.getMessage(), e);
    }

    X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, issuer,
            serialNumber, notBefore, notAfter);

    GeneralName policyAuthorityInfo = buildPolicyAuthorityInfo(voName, host, port);

    builder.addAttribute(VOMS_FQANS_OID, buildFQANsAttributeContent(fqans, policyAuthorityInfo));

    if (gas != null && !gas.isEmpty())
        builder.addExtension(VOMS_GENERIC_ATTRS_OID, false,
                buildGAExtensionContent(generationProperties, gas, policyAuthorityInfo));

    if (targets != null && !targets.isEmpty())
        builder.addExtension(X509Extension.targetInformation, true,
                buildTargetsExtensionContent(generationProperties, targets));

    if (!generationProperties.contains(ACGenerationProperties.SKIP_AC_CERTS_EXTENSION))
        builder.addExtension(VOMS_CERTS_OID, false, buildACCertsExtensionContent(generationProperties));

    if (generationProperties.contains(ACGenerationProperties.INCLUDE_FAKE_CRITICAL_EXTENSION))
        builder.addExtension(FAKE_EXT_OID, true, new DERSequence());

    boolean noRevAvailIsCritical = false;
    boolean akidIsCritical = false;

    if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION))
        noRevAvailIsCritical = true;

    if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_AKID_EXTENSION))
        akidIsCritical = true;

    builder.addExtension(X509Extension.noRevAvail, noRevAvailIsCritical, new DERNull());

    AuthorityKeyIdentifier akid = buildAuthorityKeyIdentifier();

    builder.addExtension(X509Extension.authorityKeyIdentifier, akidIsCritical,
            akid != null ? akid : new DERNull());

    return builder.build(getSigner(generationProperties));

}

---