List of usage examples for org.bouncycastle.cert X509v2AttributeCertificateBuilder addAttribute
public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType,
ASN1Encodable[] attrValues)
From source file:AAModulePackage.ACHelper.java
public static X509AttributeCertificateHolder generateAttributeCertificate(X509CertificateHolder issuerCert, X509CertificateHolder associatedCert, PrivateKey pk, String role, String record_id, String record_subject, String[] record_types, String[] actions_taken) { //Set up the validity period. Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date endDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); //AttributeCertificateHolder is a wrapper class for AttributeCertificates, courtesy of the Legion of Bouncy Castle. AttributeCertificateIssuer certIssuer = new AttributeCertificateIssuer(issuerCert.getSubject()); /*//from www . j a v a 2s . c om Please note the distinction between AttributeCertificateHolder which appears to be the Entity in possession of the certificate, while X509AttributeCertificateHolder is a wrapper class for the actual certificate itself. */ AttributeCertificateHolder holder = new AttributeCertificateHolder(associatedCert); X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, certIssuer, BigInteger.valueOf(System.currentTimeMillis()), startDate, endDate); builder.addAttribute(NewAttributeIdentifiers.role, new DERGeneralString(role)); builder.addAttribute(NewAttributeIdentifiers.record_id, new DERGeneralString(record_id)); builder.addAttribute(NewAttributeIdentifiers.record_subject, new DERGeneralString(record_subject)); builder.addAttribute(NewAttributeIdentifiers.time_stamp, new DERGeneralizedTime(new Date())); //record_types ArrayList<ASN1Encodable> rts = new ArrayList(); for (String s : record_types) { rts.add(new DERGeneralString(s)); } ASN1Encodable[] recTypes = rts.toArray(new DERGeneralString[rts.size()]); builder.addAttribute(NewAttributeIdentifiers.record_type, recTypes); //actions_taken ArrayList<ASN1Encodable> acts = new ArrayList(); for (String s : actions_taken) { acts.add(new DERGeneralString(s)); } ASN1Encodable[] actionsTaken = acts.toArray(new DERGeneralString[acts.size()]); builder.addAttribute(NewAttributeIdentifiers.actions_taken, actionsTaken); //Build the certificate X509AttributeCertificateHolder attrCert = null; try { //builds the attribute certificate, and signs it with the owner's private key. attrCert = builder .build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider("BC").build(pk)); } catch (OperatorCreationException e) { e.printStackTrace(); } System.out.println("ATTRIBUTE CERTIFICATE Successfully generated."); return attrCert; }
From source file:org.italiangrid.voms.asn1.VOMSACGenerator.java
License:Apache License
public X509AttributeCertificateHolder generateVOMSAttributeCertificate( EnumSet<ACGenerationProperties> generationProperties, List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) { AttributeCertificateHolder holder = null; AttributeCertificateIssuer issuer = null; try {//from w ww . j av a2 s .co m holder = buildHolder(holderCert); issuer = buildIssuer(); } catch (CertificateEncodingException e) { throw new VOMSError(e.getMessage(), e); } X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, issuer, serialNumber, notBefore, notAfter); GeneralName policyAuthorityInfo = buildPolicyAuthorityInfo(voName, host, port); builder.addAttribute(VOMS_FQANS_OID, buildFQANsAttributeContent(fqans, policyAuthorityInfo)); if (gas != null && !gas.isEmpty()) builder.addExtension(VOMS_GENERIC_ATTRS_OID, false, buildGAExtensionContent(generationProperties, gas, policyAuthorityInfo)); if (targets != null && !targets.isEmpty()) builder.addExtension(X509Extension.targetInformation, true, buildTargetsExtensionContent(generationProperties, targets)); if (!generationProperties.contains(ACGenerationProperties.SKIP_AC_CERTS_EXTENSION)) builder.addExtension(VOMS_CERTS_OID, false, buildACCertsExtensionContent(generationProperties)); if (generationProperties.contains(ACGenerationProperties.INCLUDE_FAKE_CRITICAL_EXTENSION)) builder.addExtension(FAKE_EXT_OID, true, new DERSequence()); boolean noRevAvailIsCritical = false; boolean akidIsCritical = false; if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_NO_REV_AVAIL_EXTENSION)) noRevAvailIsCritical = true; if (generationProperties.contains(ACGenerationProperties.INCLUDE_CRITICAL_AKID_EXTENSION)) akidIsCritical = true; builder.addExtension(X509Extension.noRevAvail, noRevAvailIsCritical, new DERNull()); AuthorityKeyIdentifier akid = buildAuthorityKeyIdentifier(); builder.addExtension(X509Extension.authorityKeyIdentifier, akidIsCritical, akid != null ? akid : new DERNull()); return builder.build(getSigner(generationProperties)); }