Search code examples
javasecuritybouncycastle

How to use X509Extension value?

1) 

byte[] crldpExt = cert.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
String skiOid = X509Extensions.AuthorityKeyIdentifier.getId();

CRLDistributionPoints and AuthorityKeyIdentifier are deprecated in Bouncy Castle 1.46. According to the GrepCode X509Extension value should be used at this place. But i am not getting "How to use".

2) V3TBSCertificateGenerator.setSubject(x500Name);

According to the new document, It should work. But it is giving the error that it is not applicable for argument (X500Name) change it to (X509Name). But X509Name is deprecated.

3)

X509Principal principal = PrincipalUtil.getSubjectX509Principal(x509cert);
Vector <?> values = principal.getValues(X509Name.CN);
if (cn != null)
    certificate.setCn(cn.get(0).toString());

As X509Name is deprecated. That is why i changed this to following :

X500Name x500name = new JcaX509CertificateHolder(x509cert).getSubject();
RDN[] cn = null;
cn = x500name.getRDNs(BCStyle.CN);
if (cn != null)
    certificate.setCn(cn.toString());

Is it correct. Please let me know if i am wrong.

Solution

  • 1) CRLDistributionPoints and AuthorityKeyIdentifier using X509Extension available in bouncycastle 1.46

    cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
String skiOid = X509Extension.authorityKeyIdentifier.getId();

    2) Use V3TBSCertificateGenerator.setSubject(x500Name); It is available and not deprecated in 1.46. See V3TBSCertificateGenerator. Ensure you have the correct import for x500Name org.bouncycastle.asn1.x500.X500Name

    3) Alternatively you can use X500Name.getInstance()

    X500Name x500name = X500Name.getInstance(x509cert.getSubjectX500Principal().getEncoded());
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnAsString = IETFUtils.valueToString(cn.getFirst().getValue());