1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
package org.spongycastle.cert;
import java.math.BigInteger;
import java.util.Date;
import java.util.Locale;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1GeneralizedTime;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.x509.AttCertIssuer;
import org.spongycastle.asn1.x509.Attribute;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.V2AttributeCertificateInfoGenerator;
import org.spongycastle.operator.ContentSigner;
/**
* class to produce an X.509 Version 2 AttributeCertificate.
*/
public class X509v2AttributeCertificateBuilder
{
private V2AttributeCertificateInfoGenerator acInfoGen;
private ExtensionsGenerator extGenerator;
/**
* Base constructor.
*
* @param holder holder certificate details
* @param issuer issuer of this attribute certificate.
* @param serialNumber serial number of this attribute certificate.
* @param notBefore the date before which the certificate is not valid.
* @param notAfter the date after which the certificate is not valid.
*/
public X509v2AttributeCertificateBuilder(AttributeCertificateHolder holder, AttributeCertificateIssuer issuer, BigInteger serialNumber, Date notBefore, Date notAfter)
{
acInfoGen = new V2AttributeCertificateInfoGenerator();
extGenerator = new ExtensionsGenerator();
acInfoGen.setHolder(holder.holder);
acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
acInfoGen.setStartDate(new ASN1GeneralizedTime(notBefore));
acInfoGen.setEndDate(new ASN1GeneralizedTime(notAfter));
}
/**
* Base constructor with locale for interpreting dates. You may need to use this constructor if the default locale
* doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible with other ASN.1 implementations.
*
* @param holder holder certificate details
* @param issuer issuer of this attribute certificate.
* @param serialNumber serial number of this attribute certificate.
* @param notBefore the date before which the certificate is not valid.
* @param notAfter the date after which the certificate is not valid.
* @param dateLocale locale to be used for date interpretation.
*/
public X509v2AttributeCertificateBuilder(AttributeCertificateHolder holder, AttributeCertificateIssuer issuer, BigInteger serialNumber, Date notBefore, Date notAfter, Locale dateLocale)
{
acInfoGen = new V2AttributeCertificateInfoGenerator();
extGenerator = new ExtensionsGenerator();
acInfoGen.setHolder(holder.holder);
acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
acInfoGen.setStartDate(new ASN1GeneralizedTime(notBefore, dateLocale));
acInfoGen.setEndDate(new ASN1GeneralizedTime(notAfter, dateLocale));
}
/**
* Add an attribute to the certification request we are building.
*
* @param attrType the OID giving the type of the attribute.
* @param attrValue the ASN.1 structure that forms the value of the attribute.
* @return this builder object.
*/
public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue)
{
acInfoGen.addAttribute(new Attribute(attrType, new DERSet(attrValue)));
return this;
}
/**
* Add an attribute with multiple values to the certification request we are building.
*
* @param attrType the OID giving the type of the attribute.
* @param attrValues an array of ASN.1 structures that form the value of the attribute.
* @return this builder object.
*/
public X509v2AttributeCertificateBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValues)
{
acInfoGen.addAttribute(new Attribute(attrType, new DERSet(attrValues)));
return this;
}
public void setIssuerUniqueId(
boolean[] iui)
{
acInfoGen.setIssuerUniqueID(CertUtils.booleanToBitString(iui));
}
/**
* Add a given extension field for the standard extensions tag
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param value the ASN.1 structure that forms the extension's value.
* @return this builder object.
*/
public X509v2AttributeCertificateBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
ASN1Encodable value)
throws CertIOException
{
CertUtils.addExtension(extGenerator, oid, isCritical, value);
return this;
}
/**
* Add a given extension field for the standard extensions tag (tag 3) using a byte encoding of the
* extension value.
*
* @param oid the OID defining the extension type.
* @param isCritical true if the extension is critical, false otherwise.
* @param encodedValue a byte array representing the encoding of the extension value.
* @return this builder object.
*/
public X509v2AttributeCertificateBuilder addExtension(
ASN1ObjectIdentifier oid,
boolean isCritical,
byte[] encodedValue)
throws CertIOException
{
extGenerator.addExtension(oid, isCritical, encodedValue);
return this;
}
/**
* Generate an X509 certificate, based on the current issuer and subject
* using the passed in signer.
*
* @param signer the content signer to be used to generate the signature validating the certificate.
* @return a holder containing the resulting signed certificate.
*/
public X509AttributeCertificateHolder build(
ContentSigner signer)
{
acInfoGen.setSignature(signer.getAlgorithmIdentifier());
if (!extGenerator.isEmpty())
{
acInfoGen.setExtensions(extGenerator.generate());
}
return CertUtils.generateFullAttrCert(signer, acInfoGen.generateAttributeCertificateInfo());
}
}
|
