use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.
the class H2nChecker method checkExtnKeyUsage.
// method checkExtnIssuerAltNames
void checkExtnKeyUsage(StringBuilder failureMsg, boolean[] usages, Extensions requestedExtns, ExtensionControl extnControl) {
int len = usages.length;
if (len > 9) {
failureMsg.append("invalid syntax: size of valid bits is larger than 9: ").append(len);
failureMsg.append("; ");
}
Set<String> isUsages = new HashSet<>();
for (int i = 0; i < len; i++) {
if (usages[i]) {
isUsages.add(ALL_USAGES.get(i));
}
}
Set<String> expectedUsages = new HashSet<>();
Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
for (KeyUsageControl usage : requiredKeyusage) {
expectedUsages.add(usage.getKeyUsage().getName());
}
Set<KeyUsageControl> optionalKeyusage = getKeyusage(false);
if (requestedExtns != null && extnControl.isRequest() && isNotEmpty(optionalKeyusage)) {
Extension extension = requestedExtns.getExtension(Extension.keyUsage);
if (extension != null) {
org.bouncycastle.asn1.x509.KeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extension.getParsedValue());
for (KeyUsageControl k : optionalKeyusage) {
if (reqKeyUsage.hasUsages(k.getKeyUsage().getBcUsage())) {
expectedUsages.add(k.getKeyUsage().getName());
}
}
}
}
if (isEmpty(expectedUsages)) {
byte[] constantExtValue = caller.getConstantExtensionValue(Extension.keyUsage);
if (constantExtValue != null) {
expectedUsages = getKeyUsage(constantExtValue);
}
}
Set<String> diffs = CheckerUtil.strInBnotInA(expectedUsages, isUsages);
if (isNotEmpty(diffs)) {
failureMsg.append("usages ").append(diffs).append(" are present but not expected; ");
}
diffs = CheckerUtil.strInBnotInA(isUsages, expectedUsages);
if (isNotEmpty(diffs)) {
failureMsg.append("usages ").append(diffs).append(" are absent but are required; ");
}
}
use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.
the class H2nChecker method getKeyusage.
// method checkExtnKeyUsage
Set<KeyUsageControl> getKeyusage(boolean required) {
Set<KeyUsageControl> ret = new HashSet<>();
Set<KeyUsageControl> controls = getCertprofile().extensions().getKeyusages();
if (controls != null) {
for (KeyUsageControl control : controls) {
if (control.isRequired() == required) {
ret.add(control);
}
}
}
return ret;
}
use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.
the class KeyUsage method toXiKeyUsageOptions.
public Set<KeyUsageControl> toXiKeyUsageOptions() {
List<Usage> usages = getUsages();
Set<KeyUsageControl> controls = new HashSet<>();
for (Usage m : usages) {
controls.add(new KeyUsageControl(m.getValue(), m.isRequired()));
}
return Collections.unmodifiableSet(controls);
}
Aggregations