use of net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor in project rpki-validator-3 by RIPE-NCC.
the class TrustAnchorsFactory method createCaCertificate.
public X509ResourceCertificate createCaCertificate(CertificateAuthority ca, PublicKey publicKey, String issuerDN, String crlDistributionPoint, KeyPair signingKey) {
List<X509CertificateInformationAccessDescriptor> sia = new ArrayList<>();
sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, URI.create(ca.manifestURI)));
sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, URI.create(ca.repositoryURI)));
if (ca.notifyURI != null) {
sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_NOTIFY, URI.create(ca.notifyURI)));
}
return new X509ResourceCertificateBuilder().withResources(ca.resources).withIssuerDN(new X500Principal(issuerDN)).withSubjectDN(new X500Principal(ca.dn)).withSubjectInformationAccess(sia.toArray(new X509CertificateInformationAccessDescriptor[0])).withCrlDistributionPoints(URI.create(crlDistributionPoint)).withCa(true).withKeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign).withSerial(nextSerial()).withValidityPeriod(new ValidityPeriod(Instant.now(), Instant.now().plus(Duration.standardDays(7)))).withSubjectKeyIdentifier(true).withPublicKey(publicKey).withSigningKeyPair(signingKey).build();
}
Aggregations