private X509Certificate createSignedCertificate(X509Certificate cetrificate, X509Certificate issuerCertificate, PrivateKey issuerPrivateKey) throws Exception { Principal issuer = issuerCertificate.getSubjectDN(); String issuerSigAlg = issuerCertificate.getSigAlgName(); byte[] inCertBytes = cetrificate.getTBSCertificate(); X509CertInfo info = new X509CertInfo(inCertBytes); info.set(X509CertInfo.ISSUER, issuer); //No need to add the BasicContraint for leaf cert if (!cetrificate.getSubjectDN().getName().equals("CN=TOP")) { CertificateExtensions exts = new CertificateExtensions(); BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1); exts.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(false, bce.getExtensionValue())); info.set(X509CertInfo.EXTENSIONS, exts); } X509CertImpl outCert = new X509CertImpl(info); outCert.sign(issuerPrivateKey, issuerSigAlg); return outCert; }
public static void main(String [] args) throws Exception { new BasicConstraintsExtension(false, -1).encode(new ByteArrayOutputStream()); }
/** * Set the Basic Constraints Extension for a certificate. * * @param crit {@code true} if critical, {@code false} otherwise * @param isCA {@code true} if the extension will be on a CA certificate, * {@code false} otherwise * @param maxPathLen The maximum path length issued by this CA. Values * less than zero will omit this field from the resulting extension and * no path length constraint will be asserted. * * @throws IOException if an encoding error occurs. */ public void addBasicConstraintsExt(boolean crit, boolean isCA, int maxPathLen) throws IOException { addExtension(new BasicConstraintsExtension(crit, isCA, maxPathLen)); }
