use of org.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileQc.
// method certprofileMultipleValuedRdn
private static X509ProfileType certprofileQc() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile qc", X509CertLevel.EndEntity, "5y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
// Extensions
// Extensions - general
ExtensionsType extensions = profile.getExtensions();
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, false, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_timeStamping }, null);
list.add(createExtension(Extension.extendedKeyUsage, true, true, extensionValue));
// privateKeyUsagePeriod
extensionValue = createPrivateKeyUsagePeriod("3y");
list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue));
// QcStatements
extensionValue = createQcStatements(false);
list.add(createExtension(Extension.qCStatements, true, false, extensionValue));
return profile;
}
use of org.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.
the class ProfileConfCreatorDemo method createKeyAlgorithms.
// method getBaseProfile
private static KeyAlgorithms createKeyAlgorithms(ASN1ObjectIdentifier[] curveIds) {
KeyAlgorithms ret = new KeyAlgorithms();
List<AlgorithmType> list = ret.getAlgorithm();
// RSA
AlgorithmType algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(PKCSObjectIdentifiers.rsaEncryption, "RSA"));
RSAParameters rsaParams = new RSAParameters();
algorithm.setParameters(createKeyParametersType(rsaParams));
RangesType ranges = new RangesType();
rsaParams.setModulusLength(ranges);
List<RangeType> modulusLengths = ranges.getRange();
modulusLengths.add(createRange(1024));
modulusLengths.add(createRange(2048));
modulusLengths.add(createRange(3072));
modulusLengths.add(createRange(4096));
// DSA
algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
DSAParameters dsaParams = new DSAParameters();
algorithm.setParameters(createKeyParametersType(dsaParams));
ranges = new RangesType();
dsaParams.setPLength(ranges);
List<RangeType> plengths = ranges.getRange();
plengths.add(createRange(1024));
plengths.add(createRange(2048));
plengths.add(createRange(3072));
ranges = new RangesType();
dsaParams.setQLength(ranges);
List<RangeType> qlengths = ranges.getRange();
qlengths.add(createRange(160));
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
ECParameters ecParams = new ECParameters();
algorithm.setParameters(createKeyParametersType(ecParams));
if (curveIds != null && curveIds.length > 0) {
Curves curves = new Curves();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.getCurve().add(createOidType(curveId, name));
}
}
ecParams.setPointEncodings(new PointEncodings());
final Byte unpressed = 4;
ecParams.getPointEncodings().getPointEncoding().add(unpressed);
return ret;
}
use of org.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.
the class ProfileConfCreatorDemo method createBiometricInfo.
// method createQcStatements
private static ExtensionValueType createBiometricInfo() {
BiometricInfo extValue = new BiometricInfo();
// type
// predefined image (0)
BiometricTypeType type = new BiometricTypeType();
extValue.getType().add(type);
IntWithDescType predefined = new IntWithDescType();
predefined.setValue(0);
predefined.setDescription("image");
type.setPredefined(predefined);
// predefined handwritten-signature(1)
type = new BiometricTypeType();
predefined = new IntWithDescType();
predefined.setValue(1);
predefined.setDescription("handwritten-signature");
type.setPredefined(predefined);
extValue.getType().add(type);
// OID
type = new BiometricTypeType();
type.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5.6"), "dummy biometric type"));
extValue.getType().add(type);
// hash algorithm
HashAlgo[] hashAlgos = new HashAlgo[] { HashAlgo.SHA256, HashAlgo.SHA384 };
for (HashAlgo hashAlgo : hashAlgos) {
extValue.getHashAlgorithm().add(createOidType(hashAlgo.getOid(), hashAlgo.getName()));
}
extValue.setIncludeSourceDataUri(TripleState.REQUIRED);
return createExtensionValueType(extValue);
}
use of org.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileTlsWithIncSerial.
// method certprofileTlsC
private static X509ProfileType certprofileTlsWithIncSerial() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile tls-inc-sn " + "(serial number will be added automatically)", X509CertLevel.EndEntity, "5y", false);
profile.setDuplicateKey(true);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(true);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
// Extensions
// Extensions - general
ExtensionsType extensions = profile.getExtensions();
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
return profile;
}
use of org.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.
the class ProfileConfCreatorDemo method sortOidList.
private static List<ASN1ObjectIdentifier> sortOidList(List<ASN1ObjectIdentifier> oids) {
ParamUtil.requireNonNull("oids", oids);
List<String> list = new ArrayList<>(oids.size());
for (ASN1ObjectIdentifier m : oids) {
list.add(m.getId());
}
Collections.sort(list);
List<ASN1ObjectIdentifier> sorted = new ArrayList<>(oids.size());
for (String m : list) {
for (ASN1ObjectIdentifier n : oids) {
if (m.equals(n.getId()) && !sorted.contains(n)) {
sorted.add(n);
}
}
}
return sorted;
}
Aggregations