Example 66 with OID
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class ManageCertificates method addExtensionArguments.
/**
* Adds arguments for each of the provided extensions to the given list.
*
* @param keytoolArguments The list to which the extension arguments should
* be added.
* @param basicConstraints The basic constraints extension to include. It
* may be {@code null} if this extension should not
* be included.
* @param keyUsage The key usage extension to include. It may be
* {@code null} if this extension should not be
* included.
* @param extendedKeyUsage The extended key usage extension to include. It
* may be {@code null} if this extension should not
* be included.
* @param sanValues The list of subject alternative name values to
* include. It must not be {@code null} but may be
* empty.
* @param ianValues The list of issuer alternative name values to
* include. It must not be {@code null} but may be
* empty.
* @param genericExtensions The list of generic extensions to include. It
* must not be {@code null} but may be empty.
*/
private static void addExtensionArguments(@NotNull final List<String> keytoolArguments, @Nullable final BasicConstraintsExtension basicConstraints, @Nullable final KeyUsageExtension keyUsage, @Nullable final ExtendedKeyUsageExtension extendedKeyUsage, @NotNull final Set<String> sanValues, @NotNull final Set<String> ianValues, @NotNull final List<X509CertificateExtension> genericExtensions) {
if (basicConstraints != null) {
final StringBuilder basicConstraintsValue = new StringBuilder();
basicConstraintsValue.append("ca:");
basicConstraintsValue.append(basicConstraints.isCA());
if (basicConstraints.getPathLengthConstraint() != null) {
basicConstraintsValue.append(",pathlen:");
basicConstraintsValue.append(basicConstraints.getPathLengthConstraint());
}
keytoolArguments.add("-ext");
keytoolArguments.add("BasicConstraints=" + basicConstraintsValue);
}
if (keyUsage != null) {
final StringBuilder keyUsageValue = new StringBuilder();
if (keyUsage.isDigitalSignatureBitSet()) {
commaAppend(keyUsageValue, "digitalSignature");
}
if (keyUsage.isNonRepudiationBitSet()) {
commaAppend(keyUsageValue, "nonRepudiation");
}
if (keyUsage.isKeyEnciphermentBitSet()) {
commaAppend(keyUsageValue, "keyEncipherment");
}
if (keyUsage.isDataEnciphermentBitSet()) {
commaAppend(keyUsageValue, "dataEncipherment");
}
if (keyUsage.isKeyAgreementBitSet()) {
commaAppend(keyUsageValue, "keyAgreement");
}
if (keyUsage.isKeyCertSignBitSet()) {
commaAppend(keyUsageValue, "keyCertSign");
}
if (keyUsage.isCRLSignBitSet()) {
commaAppend(keyUsageValue, "cRLSign");
}
if (keyUsage.isEncipherOnlyBitSet()) {
commaAppend(keyUsageValue, "encipherOnly");
}
if (keyUsage.isEncipherOnlyBitSet()) {
commaAppend(keyUsageValue, "decipherOnly");
}
keytoolArguments.add("-ext");
keytoolArguments.add("KeyUsage=" + keyUsageValue);
}
if (extendedKeyUsage != null) {
final StringBuilder extendedKeyUsageValue = new StringBuilder();
for (final OID oid : extendedKeyUsage.getKeyPurposeIDs()) {
final ExtendedKeyUsageID id = ExtendedKeyUsageID.forOID(oid);
if (id == null) {
commaAppend(extendedKeyUsageValue, oid.toString());
} else {
switch(id) {
case TLS_SERVER_AUTHENTICATION:
commaAppend(extendedKeyUsageValue, "serverAuth");
break;
case TLS_CLIENT_AUTHENTICATION:
commaAppend(extendedKeyUsageValue, "clientAuth");
break;
case CODE_SIGNING:
commaAppend(extendedKeyUsageValue, "codeSigning");
break;
case EMAIL_PROTECTION:
commaAppend(extendedKeyUsageValue, "emailProtection");
break;
case TIME_STAMPING:
commaAppend(extendedKeyUsageValue, "timeStamping");
break;
case OCSP_SIGNING:
commaAppend(extendedKeyUsageValue, "OCSPSigning");
break;
default:
// This should never happen.
commaAppend(extendedKeyUsageValue, id.getOID().toString());
break;
}
}
}
keytoolArguments.add("-ext");
keytoolArguments.add("ExtendedKeyUsage=" + extendedKeyUsageValue);
}
if (!sanValues.isEmpty()) {
final StringBuilder subjectAltNameValue = new StringBuilder();
for (final String sanValue : sanValues) {
commaAppend(subjectAltNameValue, sanValue);
}
keytoolArguments.add("-ext");
keytoolArguments.add("SAN=" + subjectAltNameValue);
}
if (!ianValues.isEmpty()) {
final StringBuilder issuerAltNameValue = new StringBuilder();
for (final String ianValue : ianValues) {
commaAppend(issuerAltNameValue, ianValue);
}
keytoolArguments.add("-ext");
keytoolArguments.add("IAN=" + issuerAltNameValue);
}
for (final X509CertificateExtension e : genericExtensions) {
keytoolArguments.add("-ext");
if (e.isCritical()) {
keytoolArguments.add(e.getOID().toString() + ":critical=" + toColonDelimitedHex(e.getValue()));
} else {
keytoolArguments.add(e.getOID().toString() + '=' + toColonDelimitedHex(e.getValue()));
}
}
}
Also used :
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
Aggregations
OID (com.unboundid.util.OID)66
Test (org.testng.annotations.Test)53
ASN1BitString (com.unboundid.asn1.ASN1BitString)38
DN (com.unboundid.ldap.sdk.DN)38
ASN1Null (com.unboundid.asn1.ASN1Null)32
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)30
ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)25
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)23
ASN1Element (com.unboundid.asn1.ASN1Element)21
ASN1Integer (com.unboundid.asn1.ASN1Integer)18
ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)16
ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9
NotNull (com.unboundid.util.NotNull)8
ArrayList (java.util.ArrayList)7
ASN1UTCTime (com.unboundid.asn1.ASN1UTCTime)6
Date (java.util.Date)6
ASN1Set (com.unboundid.asn1.ASN1Set)4
RDN (com.unboundid.ldap.sdk.RDN)4
File (java.io.File)4
KeyPair (java.security.KeyPair)4
