String oid = certStdExtIter.next();
// We don't want to try to add standard extensions with the same oid if we have already added them
// from the request, if AllowExtensionOverride is enabled.
// Two extensions with the same oid is not allowed in the standard.
if (overridenexts.getExtension(new DERObjectIdentifier(oid)) == null) {
CertificateExtension certExt = fact.getStandardCertificateExtension(oid, certProfile);
if (certExt != null) {
DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
if (value != null) {
extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("Extension with oid "+oid+" has been overridden, standard extension will not be added.");
}
}
}
// Fourth, check for custom Certificate Extensions that should be added.
// Custom certificate extensions is defined in certextensions.properties
fact = CertificateExtensionFactory.getInstance();
List<Integer> usedCertExt = certProfile.getUsedCertificateExtensions();
Iterator<Integer> certExtIter = usedCertExt.iterator();
while(certExtIter.hasNext()){
Integer id = certExtIter.next();
CertificateExtension certExt = fact.getCertificateExtensions(id);
if (certExt != null) {
// We don't want to try to add custom extensions with the same oid if we have already added them
// from the request, if AllowExtensionOverride is enabled.
// Two extensions with the same oid is not allowed in the standard.
if (overridenexts.getExtension(new DERObjectIdentifier(certExt.getOID())) == null) {
DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
if (value != null) {
extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Extension with oid "+certExt.getOID()+" has been overridden, custom extension will not be added.");
}
}
}
}