}
// Third, check for standard Certificate Extensions that should be added.
// Standard certificate extensions are defined in CertificateProfile and CertificateExtensionFactory
// and implemented in package org.ejbca.core.model.certextensions.standard
CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance();
List<String> usedStdCertExt = certProfile.getUsedStandardCertificateExtensions();
Iterator<String> certStdExtIter = usedStdCertExt.iterator();
overridenexts = extgen.generate();
while(certStdExtIter.hasNext()){
String oid = certStdExtIter.next();
// We don't want to try to add standard extensions with the same oid if we have already added them
// from the request, if AllowExtensionOverride is enabled.
// Two extensions with the same oid is not allowed in the standard.
if (overridenexts.getExtension(new DERObjectIdentifier(oid)) == null) {
CertificateExtension certExt = fact.getStandardCertificateExtension(oid, certProfile);
if (certExt != null) {
DEREncodable value = certExt.getValue(subject, this, certProfile, publicKey, caPublicKey);
if (value != null) {
extgen.addExtension(new DERObjectIdentifier(certExt.getOID()),certExt.isCriticalFlag(),value);
}
}
} else {
if (log.isDebugEnabled()) {
log.debug("Extension with oid "+oid+" has been overridden, standard extension will not be added.");
}
}
}
// Fourth, check for custom Certificate Extensions that should be added.
// Custom certificate extensions is defined in certextensions.properties
fact = CertificateExtensionFactory.getInstance();
List<Integer> usedCertExt = certProfile.getUsedCertificateExtensions();
Iterator<Integer> certExtIter = usedCertExt.iterator();
while(certExtIter.hasNext()){
Integer id = certExtIter.next();
CertificateExtension certExt = fact.getCertificateExtensions(id);
if (certExt != null) {
// We don't want to try to add custom extensions with the same oid if we have already added them
// from the request, if AllowExtensionOverride is enabled.
// Two extensions with the same oid is not allowed in the standard.
if (overridenexts.getExtension(new DERObjectIdentifier(certExt.getOID())) == null) {