// Holder: here we use the IssuerSerial form
//
acGen.setHolder(new AttributeCertificateHolder(clientCert));
// set the Issuer
acGen.setIssuer(new AttributeCertificateIssuer(caCert.getSubjectX500Principal()));
//
// serial number (as it's an example we don't have to keep track of the
// serials anyway
//
acGen.setSerialNumber(new BigInteger("1"));
// not Before
acGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
// not After
acGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
// signature Algorithmus
acGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
// the actual attributes
GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
roleSyntax.add(roleName);
// roleSyntax OID: 2.5.24.72
X509Attribute attributes = new X509Attribute("2.5.24.72",
new DERSequence(roleSyntax));
acGen.addAttribute(attributes);
// finally create the AC
X509V2AttributeCertificate att = (X509V2AttributeCertificate)acGen
.generate(caPrivKey, "BC");
//
// starting here, we parse the newly generated AC
//
// Holder
AttributeCertificateHolder h = att.getHolder();
if (h.match(clientCert))
{
if (h.getEntityNames() != null)
{
System.out.println(h.getEntityNames().length + " entity names found");
}
if (h.getIssuer() != null)
{
System.out.println(h.getIssuer().length + " issuer names found, serial number " + h.getSerialNumber());
}
System.out.println("Matches original client x509 cert");
}
// Issuer
AttributeCertificateIssuer issuer = att.getIssuer();
if (issuer.match(caCert))
{
if (issuer.getPrincipals() != null)
{
System.out.println(issuer.getPrincipals().length + " entity names found");
}
System.out.println("Matches original ca x509 cert");
}
// Dates