I know how to add key usage and cert usage extensions to a Cert Request (CRMF) but how do you add a Subject Alternative Name Extension for an email address in java? Particulary the third parmeter in the Extension Class Constructor. Any code sample would be very usefull.
Thanks, Herb
Here is some more information about setting the SubjectAlternativeName extension on a CMS generated Cert. We used the below java code to set the KeyUsage with no problem.
byte[] keyUsageByte = { -16}; OBJECT_IDENTIFIER keyUsageOid = new OBJECT_IDENTIFIER(new long[] {2, 5, 29, 15}); BIT_STRING keyUsage = new BIT_STRING(keyUsageByte , 1); ByteArrayOutputStream oStream = new ByteArrayOutputStream(); keyUsage.encode(oStream); // DER encode OCTET_STRING os = new OCTET_STRING(oStream.toByteArray()); Extension keyUsageExtension = new Extension(keyUsageOid, true, os);
We used this for the email address but it doesn't work.
OBJECT_IDENTIFIER subAltNameOid =
new OBJECT_IDENTIFIER(new long[] {2, 5, 29, 17});
IA5String emailAddressIA5 =
emailAddress = new IA5String(emailAddr);
org.mozilla.jss.pkix.primitive.Name subAltNameValue = new org.mozilla.jss.pkix.primitive.Name();
AVA ava = new AVA(new OBJECT_IDENTIFIER("1.2.840.113549.1.9.1"), emailAddressIA5);
subAltNameValue.addElement(ava);
ByteArrayOutputStream oStream = new ByteArrayOutputStream();
subAltNameValue.encode(oStream);
OCTET_STRING subAltNameString = new OCTET_STRING(oStream.toByteArray());
Extension exEmail =new Extension(subAltNameOid, false, subAltNameString);
Can anyone help us with this? Is this the wrong place for such questions? I didn't see an NSS or JSS group here on the server.
Dave _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
