Examples of org.apache.harmony.security.x509.AuthorityKeyIdentifier

• org.bouncycastle.asn1.x509.AuthorityKeyIdentifier
  etf.org/rfc/rfc3280.txt):

   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier             [0] KeyIdentifier           OPTIONAL, authorityCertIssuer       [1] GeneralNames            OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  } KeyIdentifier ::= OCTET STRING 

        final ByteArrayInputStream in2 =
                new ByteArrayInputStream(newprincipal.getEncoded());
        final GeneralNames generalNames = new GeneralNames(
                (ASN1Sequence)new DERInputStream(in2).readObject());
        final AuthorityKeyIdentifier aki =
                new AuthorityKeyIdentifier(spki, generalNames, BigInteger.ZERO);


        this.certGen.addExtension(X509Extensions.BasicConstraints,
                                 true,
                                 new BasicConstraints(true));

        // this is how you'd actually add an entry if we wanted one:
        //this.crlGen.addCRLEntry(BigInteger.ONE, new Date(), CRLReason.PRIVILEGE_WITHDRAWN);

        this.crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
                 new AuthorityKeyIdentifier(
                         new SubjectPublicKeyInfo(
                                 new AlgorithmIdentifier("RSA"), this.caX509.getEncoded())));

        this.crlGen.addExtension(X509Extensions.CRLNumber,
                 false, new CRLNumber(BigInteger.ONE));

        final ByteArrayInputStream in2 =
                new ByteArrayInputStream(newprincipal.getEncoded());
        final GeneralNames generalNames = new GeneralNames(
                (ASN1Sequence)new DERInputStream(in2).readObject());
        final AuthorityKeyIdentifier aki =
                new AuthorityKeyIdentifier(spki, generalNames, BigInteger.ZERO);


        this.certGen.addExtension(X509Extensions.BasicConstraints,
                                 true,
                                 new BasicConstraints(true));

            , subjectPublicKeyInfo
        );

        X509ExtensionUtils exUtils = new X509ExtensionUtils(digestCalc);
        SubjectKeyIdentifier subKeyId = exUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        AuthorityKeyIdentifier autKeyId = (issuerCertificate != null)
            ? exUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(issuerCertificate.getEncoded()))
            : exUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);

        certificateGenerator.addExtension(Extension.subjectKeyIdentifier, false, subKeyId);
        certificateGenerator.addExtension(Extension.authorityKeyIdentifier, false, autKeyId);

            byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

            if (ext != null)
            {
                ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(ext);
                AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Object.fromByteArray(oct.getOctets()));

                certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
                certSelectX509.setSubjectKeyIdentifier(new DEROctetString(authID.getKeyIdentifier()).getEncoded());
            }
        }
        catch (IOException ex)
        {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");

                byte[] akiBytes = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
                if (akiBytes != null)
                {
                    try
                    {
                        AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(
                            X509ExtensionUtil.fromExtensionValue(akiBytes));
                        GeneralNames issuerNames = aki.getAuthorityCertIssuer();
                        if (issuerNames != null)
                        {
                            GeneralName name = issuerNames.getNames()[0];
                            BigInteger serial = aki.getAuthorityCertSerialNumber();
                            if (serial != null)
                            {
                                Object[] extraArgs = {new LocaleString(RESOURCE_NAME, "missingIssuer"), " \"", name ,
                                        "\" ", new LocaleString(RESOURCE_NAME, "missingSerial") , " ", serial};
                                msg.setExtraArguments(extraArgs);

                        ASN1InputStream         aIn = new ASN1InputStream(bytes);

                        byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets();
                        aIn = new ASN1InputStream(authBytes);

                        AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject());
                        if (id.getKeyIdentifier() != null)
                        {
                            nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier()));
                        }

                    }
                    catch (IOException e)
                    {

    JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(request.getSignAlgorithm());
    contentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);

    if ((request.getIssuerPrivateKey() != null) && (request.getIssuerCertificate() != null)) {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerCertificate(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Principal(), request.getPublicKey());
      AuthorityKeyIdentifier authorityKeyIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(request.getIssuerCertificate());
      builder.addExtension(X509Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
      contentSigner = contentSignerBuilder.build(request.getIssuerPrivateKey());
    } else {
      builder = new JcaX509v3CertificateBuilder(request.getIssuerAsX500Name(), request.getSerialNumber(), request.getNotBefore(), request.getNotAfter(), request.getSubjectAsX500Name(), request.getPublicKey());
      contentSigner = contentSignerBuilder.build(request.getPrivateKey());

                byte[] authKeyIdentBytes = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
                if (authKeyIdentBytes != null)
                {
                    try
                    {
                        AuthorityKeyIdentifier kid = AuthorityKeyIdentifier.getInstance(getObject(authKeyIdentBytes));
                        if (kid.getKeyIdentifier() != null)
                        {
                            select.setSubjectKeyIdentifier(new DEROctetString(kid.getKeyIdentifier()).getDEREncoded());
                        }
                    }
                    catch (IOException ioe)
                    {
                        // ignore

    {
        ByteArrayInputStream bIn = new ByteArrayInputStream(pub.getEncoded());
        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
            (ASN1Sequence)new ASN1InputStream(bIn).readObject());

        return new AuthorityKeyIdentifier(info);
    }