Package org.bouncycastle.x509

Examples of org.bouncycastle.x509.X509V3CertificateGenerator.addExtension()

291
292
293
294
295
296
297
298
299
300
301
      sslClient: the certificate is selectable by the client
      the certificate can be used for mime encryption.
      (perhaps the above should be settable. It is not clear that most certs should be used that way, as their life
    span could be very short)
*/
    certGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
        false, new NetscapeCertType(NetscapeCertType.sslClient
            | NetscapeCertType.smime));

    /*
          * Adds the authority key identifier extension.
View Full Code Here
318
319
320
321
322
323
324
325
326
327
328
/*
    Adds the subject key identifier extension.
*/
    SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(
        getSubjectPublicKey().getPublicKey());
    certGenerator.addExtension(X509Extension.subjectKeyIdentifier, false,
        subjectKeyIdentifier);

/*
    Adds the subject alternative-name extension (critical).
*/
 
View Full Code Here
331
332
333
334
335
336
337
338
339
340
341
    }
    if (sans.size() == 1) {
      GeneralNames subjectAltNames = new GeneralNames(new GeneralName(
          GeneralName.uniformResourceIdentifier, webId));

      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, subjectAltNames);
    } else {
      // BouncyCastle has a pretty inflexible API. It would have made more sense to just
      // pass an array of Names to the constructor.
      GeneralName[] names = new GeneralName[sans.size()];
View Full Code Here
343
344
345
346
347
348
349
350
351
352
353
      int i = 0;
      while (sanIt.hasNext()) {
        names[i] = new GeneralName(GeneralName.uniformResourceIdentifier, sanIt.next());
        i++;
      }
      certGenerator.addExtension(X509Extension.subjectAlternativeName,
          true, new DERSequence(names));

    }

/*
 
View Full Code Here
157
158
159
160
161
162
163
164
165
166
167
   
    // Firefox actually tracks serial numbers within a CA and refuses to validate if it sees duplicates
    // This is not a secure serial number generator, (duh!) but it's good enough for our purposes.
    v3CertGen.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));

    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(false) );
   
    v3CertGen.addExtension(
View Full Code Here
162
163
164
165
166
167
168
169
170
171
172
    v3CertGen.addExtension(
        X509Extensions.BasicConstraints,
        true,
        new BasicConstraints(false) );
   
    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(newPubKey));
   
   
View Full Code Here
168
169
170
171
172
173
174
175
176
177
178
        X509Extensions.SubjectKeyIdentifier,
        false,
        new SubjectKeyIdentifierStructure(newPubKey));
   
   
    v3CertGen.addExtension(
        X509Extensions.AuthorityKeyIdentifier,
        false,
        new AuthorityKeyIdentifierStructure(caCert.getPublicKey()));

//     Firefox 2 disallows these extensions in an SSL server cert.  IE7 doesn't care.
View Full Code Here
187
188
189
190
191
192
193
194
195
196
197
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.clientAuth));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.netscapeServerGatedCrypto));
    typicalSSLServerExtendedKeyUsages.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.msServerGatedCrypto));
   
    v3CertGen.addExtension(
        X509Extensions.ExtendedKeyUsage,
        false,
        new DERSequence(typicalSSLServerExtendedKeyUsages));
 
//  Disabled by default.  Left in comments in case this is desired.
View Full Code Here
319
320
321
322
323
324
325
326
327
328
329
        }
      }
    }

    for(Map.Entry<String, DEREncodable> customExtension: criticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), true, customExtension.getValue());
    }
   
    for(Map.Entry<String, DEREncodable> customExtension: noncriticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), false, customExtension.getValue());
    }
View Full Code Here
323
324
325
326
327
328
329
330
331
332
333
    for(Map.Entry<String, DEREncodable> customExtension: criticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), true, customExtension.getValue());
    }
   
    for(Map.Entry<String, DEREncodable> customExtension: noncriticalCustomExtensions.entrySet()) {
      v3CertGen.addExtension(customExtension.getKey(), false, customExtension.getValue());
    }
   
    v3CertGen.addExtension(
        X509Extensions.SubjectKeyIdentifier,
        false,
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.