Search in sources :

Example 56 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method createBiometricInfo.

// method createQcStatements
private static ExtensionValueType createBiometricInfo() {
    BiometricInfo extValue = new BiometricInfo();
    // type
    // predefined image (0)
    BiometricTypeType type = new BiometricTypeType();
    extValue.getType().add(type);
    IntWithDescType predefined = new IntWithDescType();
    predefined.setValue(0);
    predefined.setDescription("image");
    type.setPredefined(predefined);
    // predefined handwritten-signature(1)
    type = new BiometricTypeType();
    predefined = new IntWithDescType();
    predefined.setValue(1);
    predefined.setDescription("handwritten-signature");
    type.setPredefined(predefined);
    extValue.getType().add(type);
    // OID
    type = new BiometricTypeType();
    type.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5.6"), "dummy biometric type"));
    extValue.getType().add(type);
    // hash algorithm
    HashAlgo[] hashAlgos = new HashAlgo[] { HashAlgo.SHA256, HashAlgo.SHA384 };
    for (HashAlgo hashAlgo : hashAlgos) {
        extValue.getHashAlgorithm().add(createOidType(hashAlgo.getOid(), hashAlgo.getName()));
    }
    extValue.setIncludeSourceDataUri(TripleState.REQUIRED);
    return createExtensionValueType(extValue);
}
Also used : BiometricInfo(org.xipki.ca.certprofile.x509.jaxb.BiometricInfo) BiometricTypeType(org.xipki.ca.certprofile.x509.jaxb.BiometricTypeType) HashAlgo(org.xipki.security.HashAlgo) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 57 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileTlsWithIncSerial.

// method certprofileTlsC
private static X509ProfileType certprofileTlsWithIncSerial() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile tls-inc-sn " + "(serial number will be added automatically)", X509CertLevel.EndEntity, "5y", false);
    profile.setDuplicateKey(true);
    // Subject
    Subject subject = profile.getSubject();
    subject.setDuplicateSubjectPermitted(true);
    subject.setIncSerialNumber(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    // Extensions - controls
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 58 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method sortOidList.

private static List<ASN1ObjectIdentifier> sortOidList(List<ASN1ObjectIdentifier> oids) {
    ParamUtil.requireNonNull("oids", oids);
    List<String> list = new ArrayList<>(oids.size());
    for (ASN1ObjectIdentifier m : oids) {
        list.add(m.getId());
    }
    Collections.sort(list);
    List<ASN1ObjectIdentifier> sorted = new ArrayList<>(oids.size());
    for (String m : list) {
        for (ASN1ObjectIdentifier n : oids) {
            if (m.equals(n.getId()) && !sorted.contains(n)) {
                sorted.add(n);
            }
        }
    }
    return sorted;
}
Also used : ArrayList(java.util.ArrayList) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 59 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileTlsC.

// method certprofileTls
private static X509ProfileType certprofileTlsC() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile tls-c", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }, null);
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 60 with ASN1ObjectIdentifier

use of org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileOcsp.

// method certprofileSubCaComplex
private static X509ProfileType certprofileOcsp() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ocsp", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null);
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)327 IOException (java.io.IOException)76 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)70 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)53 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)49 DEROctetString (org.bouncycastle.asn1.DEROctetString)48 DERIA5String (org.bouncycastle.asn1.DERIA5String)47 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)44 DERSequence (org.bouncycastle.asn1.DERSequence)41 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)38 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)36 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)35 Extension (org.bouncycastle.asn1.x509.Extension)33 ASN1String (org.bouncycastle.asn1.ASN1String)31 HashSet (java.util.HashSet)30 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)29 ArrayList (java.util.ArrayList)28 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)27 X500Name (org.bouncycastle.asn1.x500.X500Name)27