Search in sources :

Example 6 with PolicyMappings

use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileSubCaComplex.

// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = createBasicConstraints(1);
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(false);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Certificate Policies
    extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
    list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
    // Policy Mappings
    PolicyMappings policyMappings = new PolicyMappings();
    policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
    policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
    extensionValue = createExtensionValueType(policyMappings);
    list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
    // Policy Constraints
    PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
    extensionValue = createExtensionValueType(policyConstraints);
    list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
    // Name Constrains
    NameConstraints nameConstraints = createNameConstraints();
    extensionValue = createExtensionValueType(nameConstraints);
    list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
    // Inhibit anyPolicy
    InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
    extensionValue = createExtensionValueType(inhibitAnyPolicy);
    list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
    // SubjectAltName
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    OtherName otherName = new OtherName();
    otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
    subjectAltNameMode.setOtherName(otherName);
    subjectAltNameMode.setRfc822Name("");
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setDirectoryName("");
    subjectAltNameMode.setEdiPartyName("");
    subjectAltNameMode.setUniformResourceIdentifier("");
    subjectAltNameMode.setIpAddress("");
    subjectAltNameMode.setRegisteredID("");
    extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // SubjectInfoAccess
    SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
    SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
    subjectInfoAccessMode.getAccess().add(access);
    access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
    GeneralNameType accessLocation = new GeneralNameType();
    access.setAccessLocation(accessLocation);
    accessLocation.setDirectoryName("");
    accessLocation.setUniformResourceIdentifier("");
    extensionValue = createExtensionValueType(subjectInfoAccessMode);
    list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
    // Custom Extension
    ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
    extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
    list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
    return profile;
}
Also used : PolicyConstraints(org.xipki.ca.certprofile.x509.jaxb.PolicyConstraints) NameConstraints(org.xipki.ca.certprofile.x509.jaxb.NameConstraints) InhibitAnyPolicy(org.xipki.ca.certprofile.x509.jaxb.InhibitAnyPolicy) OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName) AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings) GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 7 with PolicyMappings

use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.

the class ExtensionsChecker method getExensionTypes.

// getExpectedExtValue
private Set<ASN1ObjectIdentifier> getExensionTypes(Certificate cert, X509IssuerInfo issuerInfo, Extensions requestedExtensions) {
    Set<ASN1ObjectIdentifier> types = new HashSet<>();
    // profile required extension types
    Map<ASN1ObjectIdentifier, ExtensionControl> extensionControls = certProfile.getExtensionControls();
    for (ASN1ObjectIdentifier oid : extensionControls.keySet()) {
        if (extensionControls.get(oid).isRequired()) {
            types.add(oid);
        }
    }
    Set<ASN1ObjectIdentifier> wantedExtensionTypes = new HashSet<>();
    if (requestedExtensions != null) {
        Extension reqExtension = requestedExtensions.getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
        if (reqExtension != null) {
            ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue());
            types.addAll(ee.getNeedExtensions());
            wantedExtensionTypes.addAll(ee.getWantExtensions());
        }
    }
    if (CollectionUtil.isEmpty(wantedExtensionTypes)) {
        return types;
    }
    // wanted extension types
    // Authority key identifier
    ASN1ObjectIdentifier type = Extension.authorityKeyIdentifier;
    if (wantedExtensionTypes.contains(type)) {
        types.add(type);
    }
    // Subject key identifier
    type = Extension.subjectKeyIdentifier;
    if (wantedExtensionTypes.contains(type)) {
        types.add(type);
    }
    // KeyUsage
    type = Extension.keyUsage;
    if (wantedExtensionTypes.contains(type)) {
        boolean required = false;
        if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
            required = true;
        }
        if (!required) {
            Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
            if (CollectionUtil.isNonEmpty(requiredKeyusage)) {
                required = true;
            }
        }
        if (required) {
            types.add(type);
        }
    }
    // CertificatePolicies
    type = Extension.certificatePolicies;
    if (wantedExtensionTypes.contains(type)) {
        if (certificatePolicies != null) {
            types.add(type);
        }
    }
    // Policy Mappings
    type = Extension.policyMappings;
    if (wantedExtensionTypes.contains(type)) {
        if (policyMappings != null) {
            types.add(type);
        }
    }
    // SubjectAltNames
    type = Extension.subjectAlternativeName;
    if (wantedExtensionTypes.contains(type)) {
        if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
            types.add(type);
        }
    }
    // IssuerAltName
    type = Extension.issuerAlternativeName;
    if (wantedExtensionTypes.contains(type)) {
        if (cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectAlternativeName) != null) {
            types.add(type);
        }
    }
    // BasicConstraints
    type = Extension.basicConstraints;
    if (wantedExtensionTypes.contains(type)) {
        types.add(type);
    }
    // Name Constraints
    type = Extension.nameConstraints;
    if (wantedExtensionTypes.contains(type)) {
        if (nameConstraints != null) {
            types.add(type);
        }
    }
    // PolicyConstrains
    type = Extension.policyConstraints;
    if (wantedExtensionTypes.contains(type)) {
        if (policyConstraints != null) {
            types.add(type);
        }
    }
    // ExtendedKeyUsage
    type = Extension.extendedKeyUsage;
    if (wantedExtensionTypes.contains(type)) {
        boolean required = false;
        if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
            required = true;
        }
        if (!required) {
            Set<ExtKeyUsageControl> requiredExtKeyusage = getExtKeyusage(true);
            if (CollectionUtil.isNonEmpty(requiredExtKeyusage)) {
                required = true;
            }
        }
        if (required) {
            types.add(type);
        }
    }
    // CRLDistributionPoints
    type = Extension.cRLDistributionPoints;
    if (wantedExtensionTypes.contains(type)) {
        if (issuerInfo.getCrlUrls() != null) {
            types.add(type);
        }
    }
    // Inhibit anyPolicy
    type = Extension.inhibitAnyPolicy;
    if (wantedExtensionTypes.contains(type)) {
        if (inhibitAnyPolicy != null) {
            types.add(type);
        }
    }
    // FreshestCRL
    type = Extension.freshestCRL;
    if (wantedExtensionTypes.contains(type)) {
        if (issuerInfo.getDeltaCrlUrls() != null) {
            types.add(type);
        }
    }
    // AuthorityInfoAccess
    type = Extension.authorityInfoAccess;
    if (wantedExtensionTypes.contains(type)) {
        if (issuerInfo.getOcspUrls() != null) {
            types.add(type);
        }
    }
    // SubjectInfoAccess
    type = Extension.subjectInfoAccess;
    if (wantedExtensionTypes.contains(type)) {
        if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
            types.add(type);
        }
    }
    // Admission
    type = ObjectIdentifiers.id_extension_admission;
    if (wantedExtensionTypes.contains(type)) {
        if (certProfile.getAdmission() != null) {
            types.add(type);
        }
    }
    // ocsp-nocheck
    type = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
    if (wantedExtensionTypes.contains(type)) {
        types.add(type);
    }
    wantedExtensionTypes.removeAll(types);
    for (ASN1ObjectIdentifier oid : wantedExtensionTypes) {
        if (requestedExtensions != null && requestedExtensions.getExtension(oid) != null) {
            if (constantExtensions.containsKey(oid)) {
                types.add(oid);
            }
        }
    }
    return types;
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) ExtensionExistence(org.xipki.security.ExtensionExistence) ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl) ExtensionControl(org.xipki.ca.api.profile.ExtensionControl) KeyUsageControl(org.xipki.ca.api.profile.x509.KeyUsageControl) ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet)

Example 8 with PolicyMappings

use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.

the class XmlX509CertprofileUtil method buildPolicyMappings.

// method buildCertificatePolicies
public static PolicyMappings buildPolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings type) {
    ParamUtil.requireNonNull("type", type);
    List<PolicyIdMappingType> mappings = type.getMapping();
    final int n = mappings.size();
    CertPolicyId[] issuerDomainPolicy = new CertPolicyId[n];
    CertPolicyId[] subjectDomainPolicy = new CertPolicyId[n];
    for (int i = 0; i < n; i++) {
        PolicyIdMappingType mapping = mappings.get(i);
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(mapping.getIssuerDomainPolicy().getValue());
        issuerDomainPolicy[i] = CertPolicyId.getInstance(oid);
        oid = new ASN1ObjectIdentifier(mapping.getSubjectDomainPolicy().getValue());
        subjectDomainPolicy[i] = CertPolicyId.getInstance(oid);
    }
    return new PolicyMappings(issuerDomainPolicy, subjectDomainPolicy);
}
Also used : CertPolicyId(org.bouncycastle.asn1.x509.CertPolicyId) PolicyMappings(org.bouncycastle.asn1.x509.PolicyMappings) PolicyIdMappingType(org.xipki.ca.certprofile.x509.jaxb.PolicyIdMappingType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 9 with PolicyMappings

use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.

the class XmlX509Certprofile method initPolicyMappings.

private void initPolicyMappings(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.policyMappings;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType, PolicyMappings.class);
    if (extConf == null) {
        return;
    }
    org.bouncycastle.asn1.x509.PolicyMappings value = XmlX509CertprofileUtil.buildPolicyMappings(extConf);
    this.policyMappings = new ExtensionValue(extensionControls.get(type).isCritical(), value);
}
Also used : ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 10 with PolicyMappings

use of org.bouncycastle.asn1.x509.PolicyMappings in project keystore-explorer by kaikramer.

the class PolicyMappingsUtil method getListOfPolicyMappings.

/**
 * Creates list of <code>PolicyMapping</code> objects from an <code>PolicyMappings</code> object.
 *
 * @param policyMappings
 * @return List of PolicyMapping
 */
public static List<PolicyMapping> getListOfPolicyMappings(PolicyMappings policyMappings) {
    ASN1Sequence policyMappingsSeq = (ASN1Sequence) policyMappings.toASN1Primitive();
    ASN1Encodable[] policyMappingsArray = policyMappingsSeq.toArray();
    List<PolicyMapping> policyMappingsList = new ArrayList<PolicyMapping>();
    for (ASN1Encodable asn1Encodable : policyMappingsArray) {
        policyMappingsList.add(PolicyMapping.getInstance(asn1Encodable));
    }
    return policyMappingsList;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ArrayList(java.util.ArrayList) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6 PolicyMappings (org.bouncycastle.asn1.x509.PolicyMappings)5 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4 CertPolicyId (org.bouncycastle.asn1.x509.CertPolicyId)3 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 DERIA5String (org.bouncycastle.asn1.DERIA5String)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)2 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)2 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)2 Extension (org.bouncycastle.asn1.x509.Extension)2 PolicyMappings (org.xipki.ca.certprofile.x509.jaxb.PolicyMappings)2 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Date (java.util.Date)1