return ext;
}
private static CertificateExtensions getCertificateExtensions(
PublicKey pubKey, PublicKey caPubKey) throws IOException {
CertificateExtensions ext = new CertificateExtensions();
ext.set(SubjectKeyIdentifierExtension.NAME,
new SubjectKeyIdentifierExtension(new KeyIdentifier(pubKey)
.getIdentifier()));
ext.set(AuthorityKeyIdentifierExtension.NAME,
new AuthorityKeyIdentifierExtension(
new KeyIdentifier(caPubKey), null, null));
// Basic Constraints
ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(
/* isCritical */true, /* isCA */false, /* pathLen */5));
// Netscape Cert Type Extension
boolean[] ncteOk = new boolean[8];
ncteOk[0] = true; // SSL_CLIENT
ncteOk[1] = true; // SSL_SERVER
NetscapeCertTypeExtension ncte = new NetscapeCertTypeExtension(ncteOk);
ncte = new NetscapeCertTypeExtension(false, ncte.getExtensionValue());
ext.set(NetscapeCertTypeExtension.NAME, ncte);
// Key Usage Extension
boolean[] kueOk = new boolean[9];
kueOk[0] = true;
kueOk[2] = true;
// "digitalSignature", // (0),
// "nonRepudiation", // (1)
// "keyEncipherment", // (2),
// "dataEncipherment", // (3),
// "keyAgreement", // (4),
// "keyCertSign", // (5),
// "cRLSign", // (6),
// "encipherOnly", // (7),
// "decipherOnly", // (8)
// "contentCommitment" // also (1)
KeyUsageExtension kue = new KeyUsageExtension(kueOk);
ext.set(KeyUsageExtension.NAME, kue);
// Extended Key Usage Extension
int[] serverAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 1 };
ObjectIdentifier serverAuthOid = new ObjectIdentifier(serverAuthOidData);
int[] clientAuthOidData = { 1, 3, 6, 1, 5, 5, 7, 3, 2 };
ObjectIdentifier clientAuthOid = new ObjectIdentifier(clientAuthOidData);
Vector<ObjectIdentifier> v = new Vector<ObjectIdentifier>();
v.add(serverAuthOid);
v.add(clientAuthOid);
ExtendedKeyUsageExtension ekue = new ExtendedKeyUsageExtension(false, v);
ext.set(ExtendedKeyUsageExtension.NAME, ekue);
return ext;
}