I am implementing a sample code to generate CSR and sign it with a certificate. I have a requirement to add validity period as a attribute on generating the CSR and read this in the signing part to sign according to this.how can I add this attribute to CSR and retrieve back?
Current code I use to generate CSR:
public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String o, String cn) throws IOException,
OperatorCreationException {
X500Name principal = new X500NameBuilder()
.addRDN(BCStyle.O, o)
.addRDN(BCStyle.CN, cn)
.build();
ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true,
new BasicConstraints(true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
}
