use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class ManageCertificates method addExtensionArguments.
/**
* Adds arguments for each of the provided extensions to the given list.
*
* @param keytoolArguments The list to which the extension arguments should
* be added.
* @param basicConstraints The basic constraints extension to include. It
* may be {@code null} if this extension should not
* be included.
* @param keyUsage The key usage extension to include. It may be
* {@code null} if this extension should not be
* included.
* @param extendedKeyUsage The extended key usage extension to include. It
* may be {@code null} if this extension should not
* be included.
* @param sanValues The list of subject alternative name values to
* include. It must not be {@code null} but may be
* empty.
* @param ianValues The list of issuer alternative name values to
* include. It must not be {@code null} but may be
* empty.
* @param genericExtensions The list of generic extensions to include. It
* must not be {@code null} but may be empty.
*/
private static void addExtensionArguments(@NotNull final List<String> keytoolArguments, @Nullable final BasicConstraintsExtension basicConstraints, @Nullable final KeyUsageExtension keyUsage, @Nullable final ExtendedKeyUsageExtension extendedKeyUsage, @NotNull final Set<String> sanValues, @NotNull final Set<String> ianValues, @NotNull final List<X509CertificateExtension> genericExtensions) {
if (basicConstraints != null) {
final StringBuilder basicConstraintsValue = new StringBuilder();
basicConstraintsValue.append("ca:");
basicConstraintsValue.append(basicConstraints.isCA());
if (basicConstraints.getPathLengthConstraint() != null) {
basicConstraintsValue.append(",pathlen:");
basicConstraintsValue.append(basicConstraints.getPathLengthConstraint());
}
keytoolArguments.add("-ext");
keytoolArguments.add("BasicConstraints=" + basicConstraintsValue);
}
if (keyUsage != null) {
final StringBuilder keyUsageValue = new StringBuilder();
if (keyUsage.isDigitalSignatureBitSet()) {
commaAppend(keyUsageValue, "digitalSignature");
}
if (keyUsage.isNonRepudiationBitSet()) {
commaAppend(keyUsageValue, "nonRepudiation");
}
if (keyUsage.isKeyEnciphermentBitSet()) {
commaAppend(keyUsageValue, "keyEncipherment");
}
if (keyUsage.isDataEnciphermentBitSet()) {
commaAppend(keyUsageValue, "dataEncipherment");
}
if (keyUsage.isKeyAgreementBitSet()) {
commaAppend(keyUsageValue, "keyAgreement");
}
if (keyUsage.isKeyCertSignBitSet()) {
commaAppend(keyUsageValue, "keyCertSign");
}
if (keyUsage.isCRLSignBitSet()) {
commaAppend(keyUsageValue, "cRLSign");
}
if (keyUsage.isEncipherOnlyBitSet()) {
commaAppend(keyUsageValue, "encipherOnly");
}
if (keyUsage.isEncipherOnlyBitSet()) {
commaAppend(keyUsageValue, "decipherOnly");
}
keytoolArguments.add("-ext");
keytoolArguments.add("KeyUsage=" + keyUsageValue);
}
if (extendedKeyUsage != null) {
final StringBuilder extendedKeyUsageValue = new StringBuilder();
for (final OID oid : extendedKeyUsage.getKeyPurposeIDs()) {
final ExtendedKeyUsageID id = ExtendedKeyUsageID.forOID(oid);
if (id == null) {
commaAppend(extendedKeyUsageValue, oid.toString());
} else {
switch(id) {
case TLS_SERVER_AUTHENTICATION:
commaAppend(extendedKeyUsageValue, "serverAuth");
break;
case TLS_CLIENT_AUTHENTICATION:
commaAppend(extendedKeyUsageValue, "clientAuth");
break;
case CODE_SIGNING:
commaAppend(extendedKeyUsageValue, "codeSigning");
break;
case EMAIL_PROTECTION:
commaAppend(extendedKeyUsageValue, "emailProtection");
break;
case TIME_STAMPING:
commaAppend(extendedKeyUsageValue, "timeStamping");
break;
case OCSP_SIGNING:
commaAppend(extendedKeyUsageValue, "OCSPSigning");
break;
default:
// This should never happen.
commaAppend(extendedKeyUsageValue, id.getOID().toString());
break;
}
}
}
keytoolArguments.add("-ext");
keytoolArguments.add("ExtendedKeyUsage=" + extendedKeyUsageValue);
}
if (!sanValues.isEmpty()) {
final StringBuilder subjectAltNameValue = new StringBuilder();
for (final String sanValue : sanValues) {
commaAppend(subjectAltNameValue, sanValue);
}
keytoolArguments.add("-ext");
keytoolArguments.add("SAN=" + subjectAltNameValue);
}
if (!ianValues.isEmpty()) {
final StringBuilder issuerAltNameValue = new StringBuilder();
for (final String ianValue : ianValues) {
commaAppend(issuerAltNameValue, ianValue);
}
keytoolArguments.add("-ext");
keytoolArguments.add("IAN=" + issuerAltNameValue);
}
for (final X509CertificateExtension e : genericExtensions) {
keytoolArguments.add("-ext");
if (e.isCritical()) {
keytoolArguments.add(e.getOID().toString() + ":critical=" + toColonDelimitedHex(e.getValue()));
} else {
keytoolArguments.add(e.getOID().toString() + '=' + toColonDelimitedHex(e.getValue()));
}
}
}
Aggregations