ShellWen
diff --git a/‎core/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java‎
Lines changed: 9 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/asn1/x509/ExtensionsGenerator.java‎
Lines changed: 82 additions & 25 deletions b/‎core/src/main/java/org/bouncycastle/asn1/x509/ExtensionsGenerator.java‎
Lines changed: 82 additions & 25 deletions
@@ -30,6 +30,15 @@ public ASN1EncodableVector(int initialCapacity)
         this.copyOnWrite = false;
     }
 
+    public ASN1EncodableVector(ASN1Encodable[] items)
+    {
+        this();
+        for (ASN1Encodable enc : items)
+        {
+            add(enc);
+        }
+    }
+
     public void add(ASN1Encodable element)
     {
         if (null == element)
 
@@ -1,13 +1,19 @@
 package org.bouncycastle.asn1.x509;
 
 import java.io.IOException;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.Hashtable;
+import java.util.Set;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
 
 /**
  * Generator for X.509 extensions
@@ -16,6 +22,18 @@ public class ExtensionsGenerator
 {
     private Hashtable extensions = new Hashtable();
     private Vector extOrdering = new Vector();
+    private static final Set dupsAllowed;
+
+
+    static
+    {
+        Set dups = new HashSet();
+        dups.add(Extension.subjectAlternativeName);
+        dups.add(Extension.issuerAlternativeName);
+        dups.add(Extension.subjectDirectoryAttributes);
+        dups.add(Extension.certificateIssuer);
+        dupsAllowed = Collections.unmodifiableSet(dups);
+    }
 
     /**
      * Reset the generator
@@ -30,14 +48,14 @@ public void reset()
      * Add an extension with the given oid and the passed in value to be included
      * in the OCTET STRING associated with the extension.
      *
-     * @param oid  OID for the extension.
-     * @param critical  true if critical, false otherwise.
-     * @param value the ASN.1 object to be included in the extension.
+     * @param oid      OID for the extension.
+     * @param critical true if critical, false otherwise.
+     * @param value    the ASN.1 object to be included in the extension.
      */
     public void addExtension(
         ASN1ObjectIdentifier oid,
-        boolean              critical,
-        ASN1Encodable        value)
+        boolean critical,
+        ASN1Encodable value)
         throws IOException
     {
         this.addExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER));
@@ -47,22 +65,52 @@ public void addExtension(
      * Add an extension with the given oid and the passed in byte array to be wrapped in the
      * OCTET STRING associated with the extension.
      *
-     * @param oid OID for the extension.
+     * @param oid      OID for the extension.
      * @param critical true if critical, false otherwise.
-     * @param value the byte array to be wrapped.
+     * @param value    the byte array to be wrapped.
      */
     public void addExtension(
         ASN1ObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
+        boolean critical,
+        byte[] value)
     {
+
         if (extensions.containsKey(oid))
         {
-            throw new IllegalArgumentException("extension " + oid + " already added");
-        }
+            if (dupsAllowed.contains(oid))
+            {
 
-        extOrdering.addElement(oid);
-        extensions.put(oid, new Extension(oid, critical, new DEROctetString(value)));
+                Extension existingExtension = (Extension)extensions.get(oid);
+                ASN1Sequence seq1 = ASN1Sequence.getInstance(DEROctetString.getInstance(existingExtension.getExtnValue()).getOctets());
+                ASN1EncodableVector items = new ASN1EncodableVector();
+                for (ASN1Encodable enc : seq1)
+                {
+                    items.add(enc);
+                }
+                ASN1Sequence seq2 = ASN1Sequence.getInstance(value);
+                for (ASN1Encodable enc : seq2)
+                {
+                    items.add(enc);
+                }
+                try
+                {
+                    extensions.put(oid, new Extension(oid, critical, new DERSequence(items).getEncoded()));
+                }
+                catch (IOException e)
+                {
+                    throw new RuntimeException(e.getMessage(), e);
+                }
+            }
+            else
+            {
+                throw new IllegalArgumentException("extension " + oid + " already added");
+            }
+        }
+        else
+        {
+            extOrdering.addElement(oid);
+            extensions.put(oid, new Extension(oid, critical, new DEROctetString(value)));
+        }
     }
 
     /**
@@ -86,14 +134,14 @@ public void addExtension(
      * Replace an extension with the given oid and the passed in value to be included
      * in the OCTET STRING associated with the extension.
      *
-     * @param oid  OID for the extension.
-     * @param critical  true if critical, false otherwise.
-     * @param value the ASN.1 object to be included in the extension.
+     * @param oid      OID for the extension.
+     * @param critical true if critical, false otherwise.
+     * @param value    the ASN.1 object to be included in the extension.
      */
     public void replaceExtension(
         ASN1ObjectIdentifier oid,
-        boolean              critical,
-        ASN1Encodable        value)
+        boolean critical,
+        ASN1Encodable value)
         throws IOException
     {
         this.replaceExtension(oid, critical, value.toASN1Primitive().getEncoded(ASN1Encoding.DER));
@@ -103,14 +151,14 @@ public void replaceExtension(
      * Replace an extension with the given oid and the passed in byte array to be wrapped in the
      * OCTET STRING associated with the extension.
      *
-     * @param oid OID for the extension.
+     * @param oid      OID for the extension.
      * @param critical true if critical, false otherwise.
-     * @param value the byte array to be wrapped.
+     * @param value    the byte array to be wrapped.
      */
     public void replaceExtension(
         ASN1ObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
+        boolean critical,
+        byte[] value)
     {
         this.replaceExtension(new Extension(oid, critical, value));
     }
@@ -156,7 +204,7 @@ public void removeExtension(
      */
     public boolean hasExtension(ASN1ObjectIdentifier oid)
     {
-         return extensions.containsKey(oid);
+        return extensions.containsKey(oid);
     }
 
     /**
@@ -167,7 +215,7 @@ public boolean hasExtension(ASN1ObjectIdentifier oid)
      */
     public Extension getExtension(ASN1ObjectIdentifier oid)
     {
-         return (Extension)extensions.get(oid);
+        return (Extension)extensions.get(oid);
     }
 
     /**
@@ -183,7 +231,7 @@ public boolean isEmpty()
     /**
      * Generate an Extensions object based on the current state of the generator.
      *
-     * @return  an X09Extensions object.
+     * @return an X09Extensions object.
      */
     public Extensions generate()
     {
@@ -196,4 +244,13 @@ public Extensions generate()
 
         return new Extensions(exts);
     }
+
+    public void addExtension(Extensions extensions)
+    {
+        for (ASN1ObjectIdentifier _ident : extensions.getExtensionOIDs())
+        {
+            Extension ext = extensions.getExtension(_ident);
+            addExtension(ASN1ObjectIdentifier.getInstance(_ident), ext.isCritical(), ext.getExtnValue().getOctets());
+        }
+    }
 }