"DAU123456789");
ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
roleSyntax.add(roleName);
// roleSyntax OID: 2.5.24.72
X509Attribute attributes = new X509Attribute("2.5.24.72",
new DERSequence(roleSyntax));
acGen.addAttribute(attributes);
// finally create the AC
X509V2AttributeCertificate att = (X509V2AttributeCertificate) acGen
.generate(caPrivKey, "BC");
//String encoded = new String(att.getEncoded());
//System.out.println("CERT CERT: " + encoded);
//KeyStore store = KeyStore.getInstance("PKCS12");
//String pass = "redhat";
/*FileOutputStream fout = new FileOutputStream("/tmp/foo.file");
store.load(null, null);
store.store(fout, pass.toCharArray());
X509CertificateObject ccert = new
X509CertificateObject(new X509CertificateStructure(new DERSequence(att)));*/
//
// starting here, we parse the newly generated AC
//
// Holder
AttributeCertificateHolder h = att.getHolder();
if (h.match(clientCert)) {
if (h.getEntityNames() != null) {
// System.out.println(h.getEntityNames().length +
// " entity names found");
}
if (h.getIssuer() != null) {
// System.out.println(h.getIssuer().length +
// " issuer names found, serial number " +
// h.getSerialNumber());
}
// System.out.println("Matches original client x509 cert");
}
// Issuer
AttributeCertificateIssuer issuer = att.getIssuer();
if (issuer.match(caCert)) {
if (issuer.getPrincipals() != null) {
// System.out.println(issuer.getPrincipals().length +
// " entity names found");
}
// System.out.println("Matches original ca x509 cert");
}
// Dates
// System.out.println("valid not before: " + att.getNotBefore());
// System.out.println("valid not before: " + att.getNotAfter());
// check the dates, an exception is thrown in checkValidity()...
try {
att.checkValidity();
att.checkValidity(new Date());
}
catch (Exception e) {
System.out.println(e);
}
// verify
try {
att.verify(caPubKey, "BC");
}
catch (Exception e) {
System.out.println(e);
}
// Attribute
X509Attribute[] attribs = att.getAttributes();
// System.out.println("cert has " + attribs.length + " attributes:");
for (int i = 0; i < attribs.length; i++) {
X509Attribute a = attribs[i];
// System.out.println("OID: " + a.getOID());
// currently we only check for the presence of a 'RoleSyntax'
// attribute
if (a.getOID().equals("2.5.24.72")) {
// System.out.println("rolesyntax read from cert!");
}
}
}