Search in sources :

Example 1 with X509CertificateInformationAccessDescriptor

use of net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor in project rpki-validator-3 by RIPE-NCC.

the class TrustAnchorsFactory method createCaCertificate.

public X509ResourceCertificate createCaCertificate(CertificateAuthority ca, PublicKey publicKey, String issuerDN, String crlDistributionPoint, KeyPair signingKey) {
    List<X509CertificateInformationAccessDescriptor> sia = new ArrayList<>();
    sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, URI.create(ca.manifestURI)));
    sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, URI.create(ca.repositoryURI)));
    if (ca.notifyURI != null) {
        sia.add(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_NOTIFY, URI.create(ca.notifyURI)));
    }
    return new X509ResourceCertificateBuilder().withResources(ca.resources).withIssuerDN(new X500Principal(issuerDN)).withSubjectDN(new X500Principal(ca.dn)).withSubjectInformationAccess(sia.toArray(new X509CertificateInformationAccessDescriptor[0])).withCrlDistributionPoints(URI.create(crlDistributionPoint)).withCa(true).withKeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign).withSerial(nextSerial()).withValidityPeriod(new ValidityPeriod(Instant.now(), Instant.now().plus(Duration.standardDays(7)))).withSubjectKeyIdentifier(true).withPublicKey(publicKey).withSigningKeyPair(signingKey).build();
}
Also used : X509CertificateInformationAccessDescriptor(net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor) ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ValidityPeriod(net.ripe.rpki.commons.crypto.ValidityPeriod) X509ResourceCertificateBuilder(net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder)

Aggregations

ArrayList (java.util.ArrayList)1 X500Principal (javax.security.auth.x500.X500Principal)1 ValidityPeriod (net.ripe.rpki.commons.crypto.ValidityPeriod)1 X509CertificateInformationAccessDescriptor (net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor)1 X509ResourceCertificateBuilder (net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificateBuilder)1