Package org.bouncycastle.x509

Examples of org.bouncycastle.x509.X509V2AttributeCertificateGenerator.addExtension()

256
257
258
259
260
261
262
263
264
265
266
    v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

    //
    // add the extensions
    //
    v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(pubKey));

    v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));
View Full Code Here
259
260
261
262
263
264
265
266
267
268
269
    // add the extensions
    //
    v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
            new SubjectKeyIdentifierStructure(pubKey));

    v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));

    v3CertGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(0));
View Full Code Here
262
263
264
265
266
267
268
269
270
271
272
            new SubjectKeyIdentifierStructure(pubKey));

    v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));

    v3CertGen.addExtension(X509Extensions.BasicConstraints, true,
            new BasicConstraints(0));

    // X509Certificate cert = v3CertGen.generateX509Certificate(caPrivKey);
    final X509Certificate cert = v3CertGen.generate(caPriKey, "BC");
    cert.checkValidity(new Date());
View Full Code Here
273
274
275
276
277
278
279
280
281
282
283
//        }

/*
     Adds the Basic Constraint (CA: false) extension.
*/
    certGenerator.addExtension(X509Extension.basicConstraints, true,
        new BasicConstraints(false));

/*
    Adds the Key Usage extension.
*/
 
View Full Code Here
279
280
281
282
283
284
285
286
287
288
289
        new BasicConstraints(false));

/*
    Adds the Key Usage extension.
*/
    certGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(
        KeyUsage.digitalSignature | KeyUsage.nonRepudiation
            | KeyUsage.keyEncipherment | KeyUsage.keyAgreement
            | KeyUsage.keyCertSign));

/*
 
View Full Code Here
291
292
293
294
295
296
297
298
299
300
301
      sslClient: the certificate is selectable by the client
      the certificate can be used for mime encryption.
      (perhaps the above should be settable. It is not clear that most certs should be used that way, as their life
    span could be very short)
*/
    certGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
        false, new NetscapeCertType(NetscapeCertType.sslClient
            | NetscapeCertType.smime));

    /*
          * Adds the authority key identifier extension.
View Full Code Here
318
319
320
321
322
323
324
325
326
327
328
/*
    Adds the subject key identifier extension.
*/
    SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(
        getSubjectPublicKey().getPublicKey());
    certGenerator.addExtension(X509Extension.subjectKeyIdentifier, false,
        subjectKeyIdentifier);

/*
    Adds the subject alternative-name extension (critical).
*/
 
View Full Code Here
331
332
333
334
335
336
337
338
339
340
341
    }
    if (sans.size() == 1) {
      GeneralNames subjectAltNames = new GeneralNames(new GeneralName(
          GeneralName.uniformResourceIdentifier, webId));

      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, subjectAltNames);
    } else {
      // BouncyCastle has a pretty inflexible API. It would have made more sense to just
      // pass an array of Names to the constructor.
      GeneralName[] names = new GeneralName[sans.size()];
View Full Code Here
343
344
345
346
347
348
349
350
351
352
353
      int i = 0;
      while (sanIt.hasNext()) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, sanIt.next());
        i++;
      }
      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, new DERSequence(names));

    }

/*
 
View Full Code Here
157
158
159
160
161
162
163
164
165
166
167
   
    // Firefox actually tracks serial numbers within a CA and refuses to validate if it sees duplicates
    // This is not a secure serial number generator, (duh!) but it's good enough for our purposes.
    v3CertGen.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));

    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(false) );
   
    v3CertGen.addExtension(
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.