Thursday 15 March 2012

java - Issued certificate does not show issuer details -



java - Issued certificate does not show issuer details -

in application creating certificate , signing self signed ca. code can see details such issuer details, validity. issued certificate not show issuer details when see in windows certificate explorer under "certification path" tab. doing wrong here.

thanks in advance.

public void issuecertificate(keypair keypair, string cn, int days, keypurposeid purposeid) throws exception { if (keypair != null) { this.issuedkeypair = keypair; } else { this.issuedkeypair = generatersakeypair(); } pkcs10certificationrequest request = generatecsr(issuedkeypair, cn); x509v3certificategenerator certgen = new x509v3certificategenerator(); certgen.setserialnumber(biginteger.valueof(system.currenttimemillis())); certgen.setissuerdn(cacertificate.getsubjectx500principal()); certgen.setnotbefore(new date(system.currenttimemillis())); certgen.setnotafter(new date(system.currenttimemillis() + (1000l * 60 * 60 * 24 * days))); certgen.setsubjectdn(request.getcertificationrequestinfo().getsubject()); certgen.setpublickey(request.getpublickey("bc")); certgen.setsignaturealgorithm("sha256withrsaencryption"); certgen.addextension(x509extensions.authoritykeyidentifier, false, new authoritykeyidentifierstructure(cacertificate)); certgen.addextension(x509extensions.subjectkeyidentifier, false, new subjectkeyidentifierstructure(request.getpublickey("bc"))); certgen.addextension(x509extensions.basicconstraints, true, new basicconstraints(false)); certgen.addextension(x509extensions.keyusage, true, new keyusage( keyusage.digitalsignature | keyusage.keyencipherment)); certgen.addextension(x509extensions.extendedkeyusage, true, new extendedkeyusage(purposeid)); asn1set attributes = request.getcertificationrequestinfo() .getattributes(); if (attributes != null) { (int = 0; != attributes.size(); i++) { org.bouncycastle.asn1.pkcs.attribute attr = org.bouncycastle.asn1.pkcs.attribute .getinstance(attributes.getobjectat(i)); if (attr.getattrtype().equals( pkcsobjectidentifiers.pkcs_9_at_extensionrequest)) { x509extensions extensions = x509extensions.getinstance(attr .getattrvalues().getobjectat(0)); enumeration e = extensions.oids(); while (e.hasmoreelements()) { derobjectidentifier oid = (derobjectidentifier) e .nextelement(); x509extension ext = extensions.getextension(oid); certgen.addextension(oid, ext.iscritical(), ext .getvalue().getoctets()); } } } } this.issuedcertificate = certgen.generate(cakeypair.getprivate()); }

java security ssl x509certificate bouncycastle

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)