Java 如何将AttCertValidityPeriod添加到PKCS10CertificationRequest CSR并从CSR检索回它?
我正在实现一个示例代码来生成CSR并用证书对其进行签名。我需要在生成CSR时将有效期添加为属性,并在签名部分中读取该属性以根据该属性进行签名。如何将该属性添加到CSR并检索回来 我用于生成CSR的当前代码:Java 如何将AttCertValidityPeriod添加到PKCS10CertificationRequest CSR并从CSR检索回它?,java,security,spongycastle,Java,Security,Spongycastle,我正在实现一个示例代码来生成CSR并用证书对其进行签名。我需要在生成CSR时将有效期添加为属性,并在签名部分中读取该属性以根据该属性进行签名。如何将该属性添加到CSR并检索回来 我用于生成CSR的当前代码: public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String o, String cn) throws IOException, OperatorCreationExcept
public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String o, String cn) throws IOException,
OperatorCreationException {
X500Name principal = new X500NameBuilder()
.addRDN(BCStyle.O, o)
.addRDN(BCStyle.CN, cn)
.build();
ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
}