Examples of org.bouncycastle.asn1.x509.ExtendedKeyUsage

• org.bouncycastle.asn1.x509.ExtendedKeyUsage
  The extendedKeyUsage object.

   extendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 

        throws IOException
    {
        ByteArrayInputStream    bIn = new ByteArrayInputStream(encoding);
        DERInputStream          dIn = new DERInputStream(bIn);

        return new DigestInfo((ASN1Sequence)dIn.readObject());
    }

    }

    private byte[] derEncode(ASN1ObjectIdentifier oid, byte[] hash) throws IOException
    {
        AlgorithmIdentifier algId = new AlgorithmIdentifier(oid, DERNull.INSTANCE);
        DigestInfo dInfo = new DigestInfo(algId, hash);

        return dInfo.getEncoded(ASN1Encoding.DER);
    }

        CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
        throws AnnotatedException
    {
        if (crldp != null)
        {
            DistributionPoint dps[] = null;
            try
            {
                dps = crldp.getDistributionPoints();
            }
            catch (Exception e)

                throw new AnnotatedException(
                    "Distribution points could not be read.", e);
            }
            for (int i = 0; i < dps.length; i++)
            {
                DistributionPointName dpn = dps[i].getDistributionPoint();
                // look for URIs in fullName
                if (dpn != null)
                {
                    if (dpn.getType() == DistributionPointName.FULL_NAME)
                    {
                        GeneralName[] genNames = GeneralNames.getInstance(
                            dpn.getName()).getNames();
                        // look for an URI
                        for (int j = 0; j < genNames.length; j++)
                        {
                            if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier)
                            {

        X509KeyUsage ku = new X509KeyUsage(bcku);
        extgen.addExtension(X509Extensions.KeyUsage, false, ku);
        // Extended Key Usage
        Vector<KeyPurposeId> usage = new Vector<KeyPurposeId>();
        usage.add(KeyPurposeId.id_kp_codeSigning);
        ExtendedKeyUsage eku = new ExtendedKeyUsage(usage);
        extgen.addExtension(X509Extensions.ExtendedKeyUsage, false, eku);
        // OcspNoCheck
        extgen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, new DERNull());
        // Netscape cert type
        extgen.addExtension(new DERObjectIdentifier("2.16.840.1.113730.1.1"), false, new NetscapeCertType(NetscapeCertType.objectSigningCA));

                        {
                            DERBitString ku = KeyUsage.getInstance(extIn.readObject());
                        }
                        else if (oid.equals(X509Extensions.ExtendedKeyUsage))
                        {
                            ExtendedKeyUsage ku = ExtendedKeyUsage.getInstance(extIn.readObject());

                            ASN1Sequence    sq = (ASN1Sequence)ku.getDERObject();
                            for (int i = 0; i != sq.size(); i++)
                            {
                                DERObjectIdentifier    p = KeyPurposeId.getInstance(sq.getObjectAt(i));
                            }
                        }

            KeyUsage keyUsage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment);
            certificateBuilder.addExtension(X509Extension.keyUsage, true,
                    keyUsage);

            ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(new KeyPurposeId[]{
                KeyPurposeId.id_kp_clientAuth,
                KeyPurposeId.id_kp_serverAuth
            });
            certificateBuilder.addExtension(X509Extension.extendedKeyUsage, false,
                    extendedKeyUsage);

        assertTrue(resultCert.getKeyUsage()[0]);
        assertTrue(resultCert.getKeyUsage()[2]);

        byte[] extendedKeyUsageExtValue = resultCert.getExtensionValue(X509Extension.extendedKeyUsage.getId());
        assertNotNull(extendedKeyUsageExtValue);
        ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(X509ExtensionUtil.fromExtensionValue(extendedKeyUsageExtValue));
        assertTrue(extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth));
        assertTrue(extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_serverAuth));
    }

        certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
            new AuthorityKeyIdentifierStructure(caCert));
        certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
              subjectKeyWriter.getSubjectKeyIdentifier(clientKeyPair, extensions));
        certGen.addExtension(X509Extensions.ExtendedKeyUsage, false,
            new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));

        // Add an alternate name if provided
        if (alternateName != null) {
            GeneralName name = new GeneralName(GeneralName.uniformResourceIdentifier,
                "CN=" + alternateName);

        try
        {
            byte[] ext = cert.getExtensionValue(EXT_KEY_USAGE);
            if (ext != null)
            {
                ExtendedKeyUsage extKeyUsage = ExtendedKeyUsage
                        .getInstance(getObject(ext));
                if (!extKeyUsage
                        .hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage)
                        && !extKeyUsage
                                .hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection))
                {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,
                            "SignedMailValidator.extKeyUsageNotPermitted");
                    errors.add(msg);