Search in sources :

Example 11 with PrivateKeyUsagePeriod

use of org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileEeComplex.

// method certprofileEeComplex
private static X509ProfileType certprofileEeComplex() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ee-complex", X509CertLevel.EndEntity, "5y", true);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    subject.setKeepRdnOrder(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    // Extensions - controls
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, false, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    // Extension - subjectDirectoryAttributes
    SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
    List<OidWithDescType> attrTypes = subjectDirAttrType.getType();
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH));
    extensionValue = createExtensionValueType(subjectDirAttrType);
    list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue));
    // Extension - Admission
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
    AdmissionsType admissions = new AdmissionsType();
    admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
    NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
    namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL2.setUrl("http://naming-authority-level2.example.org");
    namingAuthorityL2.setText("namingAuthrityText level 2");
    admissions.setNamingAuthority(namingAuthorityL2);
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfo().add(pi);
    pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
    pi.getProfessionItem().add("demo item");
    NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
    namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL3.setUrl("http://naming-authority-level3.example.org");
    namingAuthorityL3.setText("namingAuthrityText level 3");
    pi.setNamingAuthority(namingAuthorityL3);
    pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
    RegistrationNumber regNum = new RegistrationNumber();
    pi.setRegistrationNumber(regNum);
    regNum.setRegex("a*b");
    // check the syntax
    XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
    extensionValue = createExtensionValueType(admissionSyntax);
    list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
    // restriction
    extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction");
    list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue));
    // additionalInformation
    extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information");
    list.add(createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue));
    // validationModel
    extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain");
    list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue));
    // privateKeyUsagePeriod
    extensionValue = createPrivateKeyUsagePeriod("3y");
    list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue));
    // QcStatements
    extensionValue = createQcStatements(true);
    list.add(createExtension(Extension.qCStatements, true, false, extensionValue));
    // biometricInfo
    extensionValue = createBiometricInfo();
    list.add(createExtension(Extension.biometricInfo, true, false, extensionValue));
    // authorizationTemplate
    extensionValue = createAuthorizationTemplate();
    list.add(createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue));
    // SubjectAltName
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    OtherName otherName = new OtherName();
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
    subjectAltNameMode.setOtherName(otherName);
    subjectAltNameMode.setRfc822Name("");
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setDirectoryName("");
    subjectAltNameMode.setEdiPartyName("");
    subjectAltNameMode.setUniformResourceIdentifier("");
    subjectAltNameMode.setIpAddress("");
    subjectAltNameMode.setRegisteredID("");
    extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // SubjectInfoAccess
    List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
    accessMethods.add(ObjectIdentifiers.id_ad_caRepository);
    for (int i = 0; i < 10; i++) {
        accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
    }
    SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
    for (ASN1ObjectIdentifier accessMethod : accessMethods) {
        SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
        subjectInfoAccessMode.getAccess().add(access);
        access.setAccessMethod(createOidType(accessMethod));
        GeneralNameType accessLocation = new GeneralNameType();
        access.setAccessLocation(accessLocation);
        otherName = new OtherName();
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
        accessLocation.setOtherName(otherName);
        accessLocation.setRfc822Name("");
        accessLocation.setDnsName("");
        accessLocation.setDirectoryName("");
        accessLocation.setEdiPartyName("");
        accessLocation.setUniformResourceIdentifier("");
        accessLocation.setIpAddress("");
        accessLocation.setRegisteredID("");
    }
    extensionValue = createExtensionValueType(subjectInfoAccessMode);
    list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
    return profile;
}
Also used : OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType) AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType) RegistrationNumber(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType.RegistrationNumber) GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType) OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName) SubjectDirectoryAttributs(org.xipki.ca.certprofile.x509.jaxb.SubjectDirectoryAttributs) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) LinkedList(java.util.LinkedList) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) AdmissionSyntax(org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) NamingAuthorityType(org.xipki.ca.certprofile.x509.jaxb.NamingAuthorityType)

Example 12 with PrivateKeyUsagePeriod

use of org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod in project keystore-explorer by kaikramer.

the class X509Ext method getPrivateKeyUsagePeriodStringValue.

private String getPrivateKeyUsagePeriodStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * PrivateKeyUsagePeriod ::= ASN1Sequence { notBefore [0]
		 * ASN1GeneralizedTime OPTIONAL, notAfter [1] ASN1GeneralizedTime OPTIONAL }
		 */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    PrivateKeyUsagePeriod privateKeyUsagePeriod = PrivateKeyUsagePeriod.getInstance(value);
    ASN1GeneralizedTime notBefore = privateKeyUsagePeriod.getNotBefore();
    ASN1GeneralizedTime notAfter = privateKeyUsagePeriod.getNotAfter();
    if (notBefore != null) {
        sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), getGeneralizedTimeString(notBefore)));
    } else {
        sb.append(MessageFormat.format(res.getString("NotBeforePrivateKeyUsagePeriod"), res.getString("NoValue")));
    }
    sb.append(NEWLINE);
    if (notAfter != null) {
        sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), getGeneralizedTimeString(notAfter)));
    } else {
        sb.append(MessageFormat.format(res.getString("NotAfterPrivateKeyUsagePeriod"), res.getString("NoValue")));
    }
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) PrivateKeyUsagePeriod(org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 Date (java.util.Date)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 LinkedList (java.util.LinkedList)4 ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)4 List (java.util.List)3 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)3 PrivateKeyUsagePeriod (org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod)3 ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)3 RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)3 Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 AlgorithmIdentifier (org.apache.harmony.security.x509.AlgorithmIdentifier)2 GeneralName (org.apache.harmony.security.x509.GeneralName)2 NameConstraints (org.apache.harmony.security.x509.NameConstraints)2 PolicyInformation (org.apache.harmony.security.x509.PolicyInformation)2 PrivateKeyUsagePeriod (org.apache.harmony.security.x509.PrivateKeyUsagePeriod)2