Beben wrote:
> I try to make extensions as Basic Constrains and Key Usage, who are
> necessary for a pki...
> With using String.toByteArray() and OCTET_STRING(byte[]), if I test
> it with string "a" I get "61 a"; with String "A", I get "41 A", with
> "aA", "61 31 1a" when I use ie to see my certificate.
> I don't know how to convert a string value for my extensions (like
> "Certificate Signing , Off-line CRL Signing" for the Extension
> keyUsage) to an OCTET_STRING...
> Is there any method to do this, or must I write byte per byte my
> OCTET_STRING? :-)
Normally extension values are not merely strings, they are actually
ASN.1 structures. For example, a KeyUsage extension is defined this way
in RFC 2459:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
You could build this with the JSS ASN.1 and PKIX packages.
http://mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/asn1/package-summary.html
http://mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/cert/package-summary.html
import org.mozilla.jss.asn1.*;
import org.mozilla.jss.pkix.cert.*;
[...]
byte[] keyUsageByte = new byte[1];
keyUsageByte[0] = 0x06; // 0000 0110 (bits 5 and 6)
BIT_STRING keyUsage = new BIT_STRING(keyUsageByte, 1); // 1 padding bit
OCTET_STRING os = new OCTET_STRING( keyUsage.encode() );
// Use the Object Identifier for KeyUsage extension, from RFC 2459
OBJECT_IDENTIFIER keyUsageOid =
new OBJECT_IDENTIFIER( new long[] {2,5,29,15} );
Extension keyUsageExtension = new Extension(keyUsageOid, true, os);
