begin, ends, subject, pubKey);
if (subject.equals(issuer)) {
certificateBuilder.addExtension(
X509Extension.basicConstraints, true,
new BasicConstraints(5));
} else {
JcaX509ExtensionUtils jxeu = new JcaX509ExtensionUtils();
if (baseCrt != null) {
byte[] sans = baseCrt.getExtensionValue(X509Extension.subjectAlternativeName.getId());
if (sans != null) {
certificateBuilder.copyAndAddExtension(X509Extension.subjectAlternativeName, true, baseCrt);
}
}
SubjectKeyIdentifier subjectKeyIdentifier = jxeu.createSubjectKeyIdentifier(pubKey);
certificateBuilder.addExtension(
X509Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
AuthorityKeyIdentifier authorityKeyIdentifier = jxeu.createAuthorityKeyIdentifier(caPubKey);
certificateBuilder.addExtension(
X509Extension.authorityKeyIdentifier, false,
authorityKeyIdentifier);
certificateBuilder.addExtension(
X509Extension.basicConstraints, true,
new BasicConstraints(false));
NetscapeCertType netscapeCertType = new NetscapeCertType(NetscapeCertType.sslClient | NetscapeCertType.sslServer);
certificateBuilder.addExtension(
MiscObjectIdentifiers.netscapeCertType, false,
netscapeCertType);