Example 6 with PolicyMappings
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileSubCaComplex.
// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = createBasicConstraints(1);
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(false);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Certificate Policies
extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Policy Mappings
PolicyMappings policyMappings = new PolicyMappings();
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
extensionValue = createExtensionValueType(policyMappings);
list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
// Policy Constraints
PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
extensionValue = createExtensionValueType(policyConstraints);
list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
// Name Constrains
NameConstraints nameConstraints = createNameConstraints();
extensionValue = createExtensionValueType(nameConstraints);
list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
// Inhibit anyPolicy
InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
extensionValue = createExtensionValueType(inhibitAnyPolicy);
list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
// SubjectAltName
SubjectAltName subjectAltNameMode = new SubjectAltName();
OtherName otherName = new OtherName();
otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
subjectAltNameMode.setOtherName(otherName);
subjectAltNameMode.setRfc822Name("");
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setDirectoryName("");
subjectAltNameMode.setEdiPartyName("");
subjectAltNameMode.setUniformResourceIdentifier("");
subjectAltNameMode.setIpAddress("");
subjectAltNameMode.setRegisteredID("");
extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// SubjectInfoAccess
SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccessMode.getAccess().add(access);
access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.setDirectoryName("");
accessLocation.setUniformResourceIdentifier("");
extensionValue = createExtensionValueType(subjectInfoAccessMode);
list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
// Custom Extension
ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
return profile;
}
Also used :
PolicyConstraints(org.xipki.ca.certprofile.x509.jaxb.PolicyConstraints)
NameConstraints(org.xipki.ca.certprofile.x509.jaxb.NameConstraints)
InhibitAnyPolicy(org.xipki.ca.certprofile.x509.jaxb.InhibitAnyPolicy)
OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName)
AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)
SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess)
X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)
ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType)
KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)
SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)
SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
TlsExtensionType(org.xipki.security.TlsExtensionType)
PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings)
GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 7 with PolicyMappings
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class ExtensionsChecker method getExensionTypes.
// getExpectedExtValue
private Set<ASN1ObjectIdentifier> getExensionTypes(Certificate cert, X509IssuerInfo issuerInfo, Extensions requestedExtensions) {
Set<ASN1ObjectIdentifier> types = new HashSet<>();
// profile required extension types
Map<ASN1ObjectIdentifier, ExtensionControl> extensionControls = certProfile.getExtensionControls();
for (ASN1ObjectIdentifier oid : extensionControls.keySet()) {
if (extensionControls.get(oid).isRequired()) {
types.add(oid);
}
}
Set<ASN1ObjectIdentifier> wantedExtensionTypes = new HashSet<>();
if (requestedExtensions != null) {
Extension reqExtension = requestedExtensions.getExtension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions);
if (reqExtension != null) {
ExtensionExistence ee = ExtensionExistence.getInstance(reqExtension.getParsedValue());
types.addAll(ee.getNeedExtensions());
wantedExtensionTypes.addAll(ee.getWantExtensions());
}
}
if (CollectionUtil.isEmpty(wantedExtensionTypes)) {
return types;
}
// wanted extension types
// Authority key identifier
ASN1ObjectIdentifier type = Extension.authorityKeyIdentifier;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// Subject key identifier
type = Extension.subjectKeyIdentifier;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// KeyUsage
type = Extension.keyUsage;
if (wantedExtensionTypes.contains(type)) {
boolean required = false;
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
required = true;
}
if (!required) {
Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
if (CollectionUtil.isNonEmpty(requiredKeyusage)) {
required = true;
}
}
if (required) {
types.add(type);
}
}
// CertificatePolicies
type = Extension.certificatePolicies;
if (wantedExtensionTypes.contains(type)) {
if (certificatePolicies != null) {
types.add(type);
}
}
// Policy Mappings
type = Extension.policyMappings;
if (wantedExtensionTypes.contains(type)) {
if (policyMappings != null) {
types.add(type);
}
}
// SubjectAltNames
type = Extension.subjectAlternativeName;
if (wantedExtensionTypes.contains(type)) {
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
types.add(type);
}
}
// IssuerAltName
type = Extension.issuerAlternativeName;
if (wantedExtensionTypes.contains(type)) {
if (cert.getTBSCertificate().getExtensions().getExtension(Extension.subjectAlternativeName) != null) {
types.add(type);
}
}
// BasicConstraints
type = Extension.basicConstraints;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
// Name Constraints
type = Extension.nameConstraints;
if (wantedExtensionTypes.contains(type)) {
if (nameConstraints != null) {
types.add(type);
}
}
// PolicyConstrains
type = Extension.policyConstraints;
if (wantedExtensionTypes.contains(type)) {
if (policyConstraints != null) {
types.add(type);
}
}
// ExtendedKeyUsage
type = Extension.extendedKeyUsage;
if (wantedExtensionTypes.contains(type)) {
boolean required = false;
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
required = true;
}
if (!required) {
Set<ExtKeyUsageControl> requiredExtKeyusage = getExtKeyusage(true);
if (CollectionUtil.isNonEmpty(requiredExtKeyusage)) {
required = true;
}
}
if (required) {
types.add(type);
}
}
// CRLDistributionPoints
type = Extension.cRLDistributionPoints;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getCrlUrls() != null) {
types.add(type);
}
}
// Inhibit anyPolicy
type = Extension.inhibitAnyPolicy;
if (wantedExtensionTypes.contains(type)) {
if (inhibitAnyPolicy != null) {
types.add(type);
}
}
// FreshestCRL
type = Extension.freshestCRL;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getDeltaCrlUrls() != null) {
types.add(type);
}
}
// AuthorityInfoAccess
type = Extension.authorityInfoAccess;
if (wantedExtensionTypes.contains(type)) {
if (issuerInfo.getOcspUrls() != null) {
types.add(type);
}
}
// SubjectInfoAccess
type = Extension.subjectInfoAccess;
if (wantedExtensionTypes.contains(type)) {
if (requestedExtensions != null && requestedExtensions.getExtension(type) != null) {
types.add(type);
}
}
// Admission
type = ObjectIdentifiers.id_extension_admission;
if (wantedExtensionTypes.contains(type)) {
if (certProfile.getAdmission() != null) {
types.add(type);
}
}
// ocsp-nocheck
type = ObjectIdentifiers.id_extension_pkix_ocsp_nocheck;
if (wantedExtensionTypes.contains(type)) {
types.add(type);
}
wantedExtensionTypes.removeAll(types);
for (ASN1ObjectIdentifier oid : wantedExtensionTypes) {
if (requestedExtensions != null && requestedExtensions.getExtension(oid) != null) {
if (constantExtensions.containsKey(oid)) {
types.add(oid);
}
}
}
return types;
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
ExtensionExistence(org.xipki.security.ExtensionExistence)
ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl)
ExtensionControl(org.xipki.ca.api.profile.ExtensionControl)
KeyUsageControl(org.xipki.ca.api.profile.x509.KeyUsageControl)
ExtKeyUsageControl(org.xipki.ca.api.profile.x509.ExtKeyUsageControl)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
Example 8 with PolicyMappings
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class XmlX509CertprofileUtil method buildPolicyMappings.
// method buildCertificatePolicies
public static PolicyMappings buildPolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings type) {
ParamUtil.requireNonNull("type", type);
List<PolicyIdMappingType> mappings = type.getMapping();
final int n = mappings.size();
CertPolicyId[] issuerDomainPolicy = new CertPolicyId[n];
CertPolicyId[] subjectDomainPolicy = new CertPolicyId[n];
for (int i = 0; i < n; i++) {
PolicyIdMappingType mapping = mappings.get(i);
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(mapping.getIssuerDomainPolicy().getValue());
issuerDomainPolicy[i] = CertPolicyId.getInstance(oid);
oid = new ASN1ObjectIdentifier(mapping.getSubjectDomainPolicy().getValue());
subjectDomainPolicy[i] = CertPolicyId.getInstance(oid);
}
return new PolicyMappings(issuerDomainPolicy, subjectDomainPolicy);
}
Also used :
CertPolicyId(org.bouncycastle.asn1.x509.CertPolicyId)
PolicyMappings(org.bouncycastle.asn1.x509.PolicyMappings)
PolicyIdMappingType(org.xipki.ca.certprofile.x509.jaxb.PolicyIdMappingType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 9 with PolicyMappings
use of org.bouncycastle.asn1.x509.PolicyMappings in project xipki by xipki.
the class XmlX509Certprofile method initPolicyMappings.
private void initPolicyMappings(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = Extension.policyMappings;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
PolicyMappings extConf = (PolicyMappings) getExtensionValue(type, extensionsType, PolicyMappings.class);
if (extConf == null) {
return;
}
org.bouncycastle.asn1.x509.PolicyMappings value = XmlX509CertprofileUtil.buildPolicyMappings(extConf);
this.policyMappings = new ExtensionValue(extensionControls.get(type).isCritical(), value);
}
Also used :
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 10 with PolicyMappings
use of org.bouncycastle.asn1.x509.PolicyMappings in project keystore-explorer by kaikramer.
the class PolicyMappingsUtil method getListOfPolicyMappings.
/**
* Creates list of <code>PolicyMapping</code> objects from an <code>PolicyMappings</code> object.
*
* @param policyMappings
* @return List of PolicyMapping
*/
public static List<PolicyMapping> getListOfPolicyMappings(PolicyMappings policyMappings) {
ASN1Sequence policyMappingsSeq = (ASN1Sequence) policyMappings.toASN1Primitive();
ASN1Encodable[] policyMappingsArray = policyMappingsSeq.toArray();
List<PolicyMapping> policyMappingsList = new ArrayList<PolicyMapping>();
for (ASN1Encodable asn1Encodable : policyMappingsArray) {
policyMappingsList.add(PolicyMapping.getInstance(asn1Encodable));
}
return policyMappingsList;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ArrayList(java.util.ArrayList)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6
PolicyMappings (org.bouncycastle.asn1.x509.PolicyMappings)5
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4
CertPolicyId (org.bouncycastle.asn1.x509.CertPolicyId)3
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
DERIA5String (org.bouncycastle.asn1.DERIA5String)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)2
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)2
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)2
Extension (org.bouncycastle.asn1.x509.Extension)2
PolicyMappings (org.xipki.ca.certprofile.x509.jaxb.PolicyMappings)2
IOException (java.io.IOException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Date (java.util.Date)1
