1

There is an option to store the X509Certificate local with the class JcaPEMWriter from the Bouncy Castle API. After storing the X509Certificate I can open it with openssl with the following command:

openssl x509 -in certificate.pem -text

I have the following code:

X509AttributeCertificateHolder att = acBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(caprivkey));

Now I want to store the attrCert (the Attribute Certificate) local, which is contained in the att variable. How can I do this? And how can I open the attrCert, it is possible to open it with openssl or any other tool?

Hakikat41
  • 172
  • 3
  • 9

1 Answers1

1

To save your Attribute Certificate in a PEM file, you can use JcaPEMWriter as well:

// save the Attribute Certificate to attcert.pem file
JcaPEMWriter writer = new JcaPEMWriter(new FileWriter("attcert.pem"));
writer.writeObject(att);
writer.close();

The file will contain a base64 content, like this:

-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIBvzCCASgCAQEwZ6BlMGCkXjBcMQswCQYDVQQGEwJBVTEoMCYGA1UECgwfVGhl
IExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECwwaQm91bmN5IFBy
aW1hcnkgQ2VydGlmaWNhdGUCAQKgYjBgpF4wXDELMAkGA1UEBhMCQVUxKDAmBgNV
BAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxIzAhBgNVBAsMGkJv
dW5jeSBQcmltYXJ5IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAAgF7MCIYDzIw
MTcwNzA2MTE1MDExWhgPMjAxNzA3MDYxMTUxNTFaMCAwHgYDVQRIMRcwFaEThhFp
ZDovL0RBVTEyMzQ1Njc4OTANBgkqhkiG9w0BAQUFAAOBgQBy3epbynwILi/H0DkQ
UXDgIWXXN5oRQem9DJ2AhYl6JHeKOk3ML87axq+ukWYjZoo3eP2rIxuDU6jWRak1
+n92KLsc/zSFaAdxxYjXQbjTpqEafvEea4QPd4PfPHA9nd4QNKox4H1lNhDeyqtP
B4iU+bkA1bKDo4dnhXVtJaAlkg==
-----END ATTRIBUTE CERTIFICATE-----

Unfortunately, it seems that there's no specific command in openssl to check the Attribute Certificate (check this discussion and this message with no replies - there's an extended version of openssl that seems to support it, although I haven't tested it).

But you can check the ASN.1 structure using the asn1parse option:

openssl asn1parse -dump -i -in attcert.pem

The output will be the ASN.1 structure, like this:

    0:d=0  hl=4 l= 447 cons: SEQUENCE          
    4:d=1  hl=4 l= 296 cons:  SEQUENCE          
    8:d=2  hl=2 l=   1 prim:   INTEGER           :01
   11:d=2  hl=2 l= 103 cons:   SEQUENCE          
   13:d=3  hl=2 l= 101 cons:    cont [ 0 ]        
   15:d=4  hl=2 l=  96 cons:     SEQUENCE          
   17:d=5  hl=2 l=  94 cons:      cont [ 4 ]        
   19:d=6  hl=2 l=  92 cons:       SEQUENCE          
   21:d=7  hl=2 l=  11 cons:        SET               
   23:d=8  hl=2 l=   9 cons:         SEQUENCE          
   25:d=9  hl=2 l=   3 prim:          OBJECT            :countryName
   30:d=9  hl=2 l=   2 prim:          PRINTABLESTRING   :AU
   34:d=7  hl=2 l=  40 cons:        SET               
   36:d=8  hl=2 l=  38 cons:         SEQUENCE          
   38:d=9  hl=2 l=   3 prim:          OBJECT            :organizationName
   43:d=9  hl=2 l=  31 prim:          UTF8STRING        :The Legion of the Bouncy Castle
... and so on

Or you can read the file using Bouncy Castle:

import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.util.encoders.Base64;

String pem = // read contents from PEM file
// Convert to AC object
byte[] data = Base64.decode(pem.getBytes());
X509AttributeCertificateHolder holder = new X509AttributeCertificateHolder(data);