| Priyank Patel 2004-03-19, 8:54 pm |
| Hi,
I am building an application where I have a CA which hands out
certificates to clients. Besides signing the public key, I need to add
extensions which grant restricted access to clients when they use the
certificates. I looked over the bunch of available extensions, but
nothing matches my requirement. I am using the IAIK package which is
very very similar to the JCE. I have 3 questions :
* Is there some sample code somewhere which shows how to use the
extensions? I can't seem to get a hang of them.
* If I do extend the V3Extension class with a new class say
MyExtensions, and then add this extension as non-critical to the issued
certificate, will this extension ever be used during the automated setup
of the SSL connection. I mean that does the JCE or JSSE actually care
about newly added non-critical extensions? I already have my own
TrustManager during SSL setup and hence I can act on the Extensions just
fine.
* Say I created a certificate and added a private extension
(MyExtension). Now I want to transfer this over the network and hence I
call
cert.writeTo(socket.getOutputStream());
On the receiver side i will call
temp_cert = new iaik.x509.X509Certificate (
ssl_socket.getInputStream());
Now is this new certificate going to have the correct extensions which i
added?
I appreciate pointers on these topics.
Priyank
|