Examples of org.bouncycastle.asn1.x509.X509Extensions

• org.bouncycastle.asn1.x509.X509Extensions
  @deprecated use Extensions

    }

    public String getRequestAltNames() {
        String ret = null;
        try {
          X509Extensions exts = getRequestExtensions();
          if (exts != null) {
            X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
                if (ext != null) {
                    // Finally read the value
                ret = CertTools.getAltNameStringFromExtension(ext);
                } else {
                    if (log.isDebugEnabled()) {

            }
        } catch (IllegalArgumentException e) {
            log.error("PKCS10 not inited!");
            return null;
        }
        X509Extensions ret = null;

        // Get attributes
        // The X509 extension is in a a pkcs_9_at_extensionRequest
        AttributeTable attributes = null;
        CertificationRequestInfo info = pkcs10.getCertificationRequestInfo();

        Vector<X509Extension> values = new Vector<X509Extension>();

        oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));

        gen.setRequestExtensions(new X509Extensions(oids, values));

        return gen.generate();
    }

            extgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
          }
        }

        // Second we see if there is Key usage override
      X509Extensions overridenexts = extgen.generate();
        if (certProfile.getAllowKeyUsageOverride() && (keyusage >= 0)) {
          if (log.isDebugEnabled()) {
            log.debug("AllowKeyUsageOverride=true. Using KeyUsage from parameter: "+keyusage);
          }
            if ( (certProfile.getUseKeyUsage() == true) && (keyusage >=0) ){
                X509KeyUsage ku = new X509KeyUsage(keyusage);
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(X509Extensions.KeyUsage) == null) {
                     extgen.addExtension(
                             X509Extensions.KeyUsage, certProfile.getKeyUsageCritical(), ku);
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("KeyUsage was already overridden by an extension, not using KeyUsage from parameter.");
               }
             }
            }
        }

        // Third, check for standard Certificate Extensions that should be added.
        // Standard certificate extensions are defined in CertificateProfile and CertificateExtensionFactory
        // and implemented in package org.ejbca.core.model.certextensions.standard
        CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance();
        List<String> usedStdCertExt = certProfile.getUsedStandardCertificateExtensions();
        Iterator<String> certStdExtIter = usedStdCertExt.iterator();
      overridenexts = extgen.generate();
        while(certStdExtIter.hasNext()){
          String oid = certStdExtIter.next();
           // We don't want to try to add standard extensions with the same oid if we have already added them
          // from the request, if AllowExtensionOverride is enabled.
          // Two extensions with the same oid is not allowed in the standard.
          if (overridenexts.getExtension(new DERObjectIdentifier(oid)) == null) {
              CertificateExtension certExt = fact.getStandardCertificateExtension(oid, certProfile);
              if (certExt != null) {
                DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
                if (value != null) {
                  extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);
                }
              }
          } else {
            if (log.isDebugEnabled()) {
              log.debug("Extension with oid "+oid+" has been overridden, standard extension will not be added.");
            }
          }
        }

         // Fourth, check for custom Certificate Extensions that should be added.
         // Custom certificate extensions is defined in certextensions.properties
         fact = CertificateExtensionFactory.getInstance();
         List<Integer> usedCertExt = certProfile.getUsedCertificateExtensions();
         Iterator<Integer> certExtIter = usedCertExt.iterator();
         while(certExtIter.hasNext()){
           Integer id = certExtIter.next();
           CertificateExtension certExt = fact.getCertificateExtensions(id);
           if (certExt != null) {
               // We don't want to try to add custom extensions with the same oid if we have already added them
               // from the request, if AllowExtensionOverride is enabled.
               // Two extensions with the same oid is not allowed in the standard.
             if (overridenexts.getExtension(new DERObjectIdentifier(certExt.getOID())) == null) {
               DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
               if (value != null) {
                 extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);
               }
             } else {
               if (log.isDebugEnabled()) {
                 log.debug("Extension with oid "+certExt.getOID()+" has been overridden, custom extension will not be added.");
               }
               }
           }
         }

         // Finally add extensions to certificate generator
         X509Extensions exts = extgen.generate();
         Enumeration en = exts.oids();
         while (en.hasMoreElements()) {
           DERObjectIdentifier oid = (DERObjectIdentifier)en.nextElement();
           X509Extension ext = exts.getExtension(oid);
           certgen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets());
         }

         //
         // End of extensions

        } catch (IOException e) {
            throw new IllegalArgumentException("error encoding value: " + e);
        }
        valuevec.add(new X509Extension(false, new DEROctetString(bOut.toByteArray())));
        oidvec.add(X509Extensions.SubjectAlternativeName);
        return generateCertReq( dn, password, transactionId, ca, new X509Extensions(oidvec,valuevec) );
    }

  @Override
  public String getRequestAltNames() {
      String ret = null;
      final CertTemplate templ = getReq().getCertReq().getCertTemplate();
      final X509Extensions exts = templ.getExtensions();
    if (exts != null) {
      final X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
      if (ext != null) {
        ret = CertTools.getAltNameStringFromExtension(ext);
      }
    }
    if (log.isDebugEnabled()) {

  }

  @Override
  public X509Extensions getRequestExtensions() {
    final CertTemplate templ = getReq().getCertReq().getCertTemplate();
    final X509Extensions exts = templ.getExtensions();
    if (log.isDebugEnabled()) {
      if (exts != null) {
        log.debug("Request contains extensions");
      } else {
        log.debug("Request does not contain extensions");

            reason = CertTools.bitStringToRevokedCertInfo(reasonbits);
            LOG.debug("CMPv1 revocation reason: "+reason);
          } else {
            LOG.debug("CMPv1 revocation reason is null");
          }
          X509Extensions crlExt = rd.getCrlEntryDetails();
          if (crlExt != null) {
            X509Extension ext = crlExt.getExtension(X509Extensions.ReasonCode);
            if (ext != null) {
              try {
                ASN1InputStream ai = new ASN1InputStream(ext.getValue().getOctets());
                DERObject obj = ai.readObject();
                DEREnumerated crlreason = DEREnumerated.getInstance(obj);

                    }

                    if (status.equals(ResponseStatus.SUCCESS)) {
                      Date notBefore = req.getRequestValidityNotBefore(); // Optionally requested validity
                      Date notAfter = req.getRequestValidityNotAfter(); // Optionally requested validity
                      X509Extensions exts = req.getRequestExtensions(); // Optionally requested extensions
                      int keyusage = -1;
                      if (exts != null) {
                          if (log.isDebugEnabled()) {
                            log.debug("we have extensions, see if we can override KeyUsage by looking for a KeyUsage extension in request");
                          }
                        X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
                        if (ext != null) {
                          ASN1OctetString os = ext.getValue();
                          ByteArrayInputStream bIs = new ByteArrayInputStream(os.getOctets());
                          ASN1InputStream dIs = new ASN1InputStream(bIs);
                          DERObject dob = dIs.readObject();

        BigInteger serialNum = new BigInteger(newCn);

        TBSCertificateStructure issuerTbsCert = getTBSCertificate(issuerCert);

        addProxyCertInfoExtension();
        X509Extensions extensions = issuerTbsCert.getExtensions();
        if (extensions != null) {
            X509Extension ext = null;
            ext = extensions.getExtension(X509Extensions.KeyUsage);
            addKeyUsage(ext);

            ext = extensions.getExtension(X509Extensions.ExtendedKeyUsage);
            addExtendedKeyUsage(ext);
        }

        X509Name issuerDn = issuerTbsCert.getSubject();
        X509Name subjectDn = buildSubjectDn(issuerDn, newCn);