Example 6 with Admissions
use of org.bouncycastle.asn1.isismtt.x509.Admissions in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileGsmcK.
// method certprofileTlsWithIncSerial
private static X509ProfileType certprofileGsmcK() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile gsmc-k", X509CertLevel.EndEntity, "5y", false);
// SpecialBehavior
profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name());
// Maximal life time
Parameters profileParams = new Parameters();
profile.setParameters(profileParams);
NameValueType nv = new NameValueType();
nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME);
nv.setValue(Integer.toString(20 * 365));
profileParams.getParameter().add(nv);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1));
// regex: ICCSN-yyyyMMdd
String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])";
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
// Extensions - Policy
CertificatePolicies policies = new CertificatePolicies();
ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") };
for (ASN1ObjectIdentifier id : policyIds) {
CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType();
policies.getCertificatePolicyInformation().add(policyInfo);
policyInfo.setPolicyIdentifier(createOidType(id));
}
extensionValue = createExtensionValueType(policies);
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Extension - Admission
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
AdmissionsType admissions = new AdmissionsType();
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfo().add(pi);
pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103")));
pi.getProfessionItem().add("Anwendungskonnektor");
extensionValue = createExtensionValueType(admissionSyntax);
// check the syntax
XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
// SubjectAltNames
extensionValue = null;
list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue));
return profile;
}
Also used :
DSAParameters(org.xipki.ca.certprofile.x509.jaxb.DSAParameters)
RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters)
ECParameters(org.xipki.ca.certprofile.x509.jaxb.ECParameters)
Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters)
NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType)
X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)
ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType)
KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)
AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)
CertificatePolicyInformationType(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType)
CertificatePolicies(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies)
AdmissionSyntax(org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
TlsExtensionType(org.xipki.security.TlsExtensionType)
ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 7 with Admissions
use of org.bouncycastle.asn1.isismtt.x509.Admissions in project keystore-explorer by kaikramer.
the class X509Ext method getAdmissionStringValue.
private String getAdmissionStringValue(byte[] octets) throws IOException {
// @formatter:off
/*
AdmissionSyntax ::= SEQUENCE
{
admissionAuthority GeneralName OPTIONAL,
contentsOfAdmissions SEQUENCE OF Admissions
}
Admissions ::= SEQUENCE
{
admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
professionInfos SEQUENCE OF ProfessionInfo
}
NamingAuthority ::= SEQUENCE
{
namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
namingAuthorityUrl IA5String OPTIONAL,
namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
}
ProfessionInfo ::= SEQUENCE
{
namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
addProfessionInfo OCTET STRING OPTIONAL
}
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
int indentLevel = 1;
AdmissionSyntax admissionSyntax = AdmissionSyntax.getInstance(ASN1Sequence.getInstance(octets));
GeneralName admissionAuthority = admissionSyntax.getAdmissionAuthority();
if (admissionAuthority != null) {
sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority)));
sb.append(NEWLINE);
}
Admissions[] admissions = admissionSyntax.getContentsOfAdmissions();
int admissionNr = 0;
for (Admissions admission : admissions) {
sb.append(MessageFormat.format(res.getString("Admission.Admission"), ++admissionNr));
sb.append(NEWLINE);
admissionAuthority = admission.getAdmissionAuthority();
NamingAuthority namingAuthority = admission.getNamingAuthority();
ProfessionInfo[] professionInfos = admission.getProfessionInfos();
if (admissionAuthority != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.AdmissionAuthority"), GeneralNameUtil.toString(admissionAuthority)));
sb.append(NEWLINE);
}
if (namingAuthority != null) {
sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel));
}
for (ProfessionInfo professionInfo : professionInfos) {
namingAuthority = professionInfo.getNamingAuthority();
ASN1ObjectIdentifier[] professionOIDs = professionInfo.getProfessionOIDs();
String registrationNumber = professionInfo.getRegistrationNumber();
ASN1OctetString addProfessionInfo = professionInfo.getAddProfessionInfo();
sb.append(INDENT.toString(indentLevel));
sb.append(res.getString("Admission.ProfessionInfo"));
sb.append(NEWLINE);
indentLevel++;
if (namingAuthority != null) {
sb.append(getNamingAuthorityStringValue(namingAuthority, indentLevel));
}
DirectoryString[] professionItems = professionInfo.getProfessionItems();
for (DirectoryString professionItem : professionItems) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.ProfessionItem"), professionItem.toString()));
sb.append(NEWLINE);
}
if (professionOIDs != null) {
for (ASN1ObjectIdentifier professionOID : professionOIDs) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.ProfessionOID"), professionOID.getId()));
sb.append(NEWLINE);
}
}
if (registrationNumber != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.RegistrationNumber"), registrationNumber));
sb.append(NEWLINE);
}
if (addProfessionInfo != null) {
sb.append(INDENT.toString(indentLevel));
sb.append(MessageFormat.format(res.getString("Admission.AddProfessionInfo"), HexUtil.getHexString(addProfessionInfo.getOctets())));
sb.append(NEWLINE);
}
indentLevel--;
}
}
return sb.toString();
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
AdmissionSyntax(org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax)
Admissions(org.bouncycastle.asn1.isismtt.x509.Admissions)
NamingAuthority(org.bouncycastle.asn1.isismtt.x509.NamingAuthority)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ProfessionInfo(org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
Admissions (org.bouncycastle.asn1.isismtt.x509.Admissions)5
ProfessionInfo (org.bouncycastle.asn1.isismtt.x509.ProfessionInfo)5
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)5
LinkedList (java.util.LinkedList)4
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)4
ArrayList (java.util.ArrayList)3
List (java.util.List)3
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)3
DERIA5String (org.bouncycastle.asn1.DERIA5String)3
DERSequence (org.bouncycastle.asn1.DERSequence)3
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3
AdmissionSyntax (org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax)3
Extension (org.bouncycastle.asn1.x509.Extension)3
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)3
IOException (java.io.IOException)2
Vector (java.util.Vector)2
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)2
