use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileSubCaComplex.
// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = createBasicConstraints(1);
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(false);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Certificate Policies
extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Policy Mappings
PolicyMappings policyMappings = new PolicyMappings();
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
extensionValue = createExtensionValueType(policyMappings);
list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
// Policy Constraints
PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
extensionValue = createExtensionValueType(policyConstraints);
list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
// Name Constrains
NameConstraints nameConstraints = createNameConstraints();
extensionValue = createExtensionValueType(nameConstraints);
list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
// Inhibit anyPolicy
InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
extensionValue = createExtensionValueType(inhibitAnyPolicy);
list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
// SubjectAltName
SubjectAltName subjectAltNameMode = new SubjectAltName();
OtherName otherName = new OtherName();
otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
subjectAltNameMode.setOtherName(otherName);
subjectAltNameMode.setRfc822Name("");
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setDirectoryName("");
subjectAltNameMode.setEdiPartyName("");
subjectAltNameMode.setUniformResourceIdentifier("");
subjectAltNameMode.setIpAddress("");
subjectAltNameMode.setRegisteredID("");
extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// SubjectInfoAccess
SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccessMode.getAccess().add(access);
access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.setDirectoryName("");
accessLocation.setUniformResourceIdentifier("");
extensionValue = createExtensionValueType(subjectInfoAccessMode);
list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
// Custom Extension
ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
return profile;
}
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class ExtensionsChecker method getExensionTypes.
// getExpectedExtValue
private Set<ASN1ObjectIdentifier> getExensionTypes(Certificate cert, X509IssuerInfo issuerInfo, Extensions requestedExtensions) {
Set<ASN1ObjectIdentifier> types = new HashSet<>();
// profile required extension types
Map<ASN1ObjectIdentifier, ExtensionControl> extensionControls = certProfile.getExtensionControls();
for (ASN1ObjectIdentifier oid : extensionControls.keySet()) {
if (extensionControls.get(oid).isRequired()) {
types.add(oid);
}
}
Set<ASN1ObjectIdentifier> wantedExtensionTypes = new HashSet<>();
if (requestedExtensions != null) {
Extension reqExtension = requestedExtensions.getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
if (reqExtension != null) {
ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue());
types.addAll(ee.getNeedExtensions());
wantedExtensionTypes.addAll(ee.getWantExtensions());
}
}
if (CollectionUtil.isEmpty(wantedExtensionTypes)) {
return types;
}
// wanted extension types
// Authority key identifier
ASN1ObjectIdentifier type = Extension.authorityKeyIdentifier;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// Subject key identifier
type = Extension.subjectKeyIdentifier;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// KeyUsage
type = Extension.keyUsage;
if (wantedExtensionTypes.contains(type)) {
boolean required = false;
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
required = true;
}
if (!required) {
Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
if (CollectionUtil.isNonEmpty(requiredKeyusage)) {
required = true;
}
}
if (required) {
types.add(type);
}
}
// CertificatePolicies
type = Extension.certificatePolicies;
if (wantedExtensionTypes.contains(type)) {
if (certificatePolicies != null) {
types.add(type);
}
}
// Policy Mappings
type = Extension.policyMappings;
if (wantedExtensionTypes.contains(type)) {
if (policyMappings != null) {
types.add(type);
}
}
// SubjectAltNames
type = Extension.subjectAlternativeName;
if (wantedExtensionTypes.contains(type)) {
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
types.add(type);
}
}
// IssuerAltName
type = Extension.issuerAlternativeName;
if (wantedExtensionTypes.contains(type)) {
if (cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectAlternativeName) != null) {
types.add(type);
}
}
// BasicConstraints
type = Extension.basicConstraints;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// Name Constraints
type = Extension.nameConstraints;
if (wantedExtensionTypes.contains(type)) {
if (nameConstraints != null) {
types.add(type);
}
}
// PolicyConstrains
type = Extension.policyConstraints;
if (wantedExtensionTypes.contains(type)) {
if (policyConstraints != null) {
types.add(type);
}
}
// ExtendedKeyUsage
type = Extension.extendedKeyUsage;
if (wantedExtensionTypes.contains(type)) {
boolean required = false;
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
required = true;
}
if (!required) {
Set<ExtKeyUsageControl> requiredExtKeyusage = getExtKeyusage(true);
if (CollectionUtil.isNonEmpty(requiredExtKeyusage)) {
required = true;
}
}
if (required) {
types.add(type);
}
}
// CRLDistributionPoints
type = Extension.cRLDistributionPoints;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getCrlUrls() != null) {
types.add(type);
}
}
// Inhibit anyPolicy
type = Extension.inhibitAnyPolicy;
if (wantedExtensionTypes.contains(type)) {
if (inhibitAnyPolicy != null) {
types.add(type);
}
}
// FreshestCRL
type = Extension.freshestCRL;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getDeltaCrlUrls() != null) {
types.add(type);
}
}
// AuthorityInfoAccess
type = Extension.authorityInfoAccess;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getOcspUrls() != null) {
types.add(type);
}
}
// SubjectInfoAccess
type = Extension.subjectInfoAccess;
if (wantedExtensionTypes.contains(type)) {
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
types.add(type);
}
}
// Admission
type = ObjectIdentifiers.id_extension_admission;
if (wantedExtensionTypes.contains(type)) {
if (certProfile.getAdmission() != null) {
types.add(type);
}
}
// ocsp-nocheck
type = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
wantedExtensionTypes.removeAll(types);
for (ASN1ObjectIdentifier oid : wantedExtensionTypes) {
if (requestedExtensions != null && requestedExtensions.getExtension(oid) != null) {
if (constantExtensions.containsKey(oid)) {
types.add(oid);
}
}
}
return types;
}
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class XmlX509CertprofileUtil method buildPolicyMappings.
// method buildCertificatePolicies
public static PolicyMappings buildPolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings type) {
ParamUtil.requireNonNull("type", type);
List<PolicyIdMappingType> mappings = type.getMapping();
final int n = mappings.size();
CertPolicyId[] issuerDomainPolicy = new CertPolicyId[n];
CertPolicyId[] subjectDomainPolicy = new CertPolicyId[n];
for (int i = 0; i < n; i++) {
PolicyIdMappingType mapping = mappings.get(i);
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(mapping.getIssuerDomainPolicy().getValue());
issuerDomainPolicy[i] = CertPolicyId.getInstance(oid);
oid = new ASN1ObjectIdentifier(mapping.getSubjectDomainPolicy().getValue());
subjectDomainPolicy[i] = CertPolicyId.getInstance(oid);
}
return new PolicyMappings(issuerDomainPolicy, subjectDomainPolicy);
}
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class XmlX509Certprofile method initPolicyMappings.
private void initPolicyMappings(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = Extension.policyMappings;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType, PolicyMappings.class);
if (extConf == null) {
return;
}
org.bouncycastle.asn1.x509.PolicyMappings value = XmlX509CertprofileUtil.buildPolicyMappings(extConf);
this.policyMappings = new ExtensionValue(extensionControls.get(type).isCritical(), value);
}
use of org.bouncycastle.asn1.x509.PolicyMappings in project keystore-explorer by kaikramer.
the class PolicyMappingsUtil method getListOfPolicyMappings.
/**
* Creates list of <code>PolicyMapping</code> objects from an <code>PolicyMappings</code> object.
*
* @param policyMappings
* @return List of PolicyMapping
*/
public static List<PolicyMapping> getListOfPolicyMappings(PolicyMappings policyMappings) {
ASN1Sequence policyMappingsSeq = (ASN1Sequence) policyMappings.toASN1Primitive();
ASN1Encodable[] policyMappingsArray = policyMappingsSeq.toArray();
List<PolicyMapping> policyMappingsList = new ArrayList<PolicyMapping>();
for (ASN1Encodable asn1Encodable : policyMappingsArray) {
policyMappingsList.add(PolicyMapping.getInstance(asn1Encodable));
}
return policyMappingsList;
}
Aggregations