Search in sources :

Example 1 with KeyUsageControl

use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.

the class H2nChecker method checkExtnKeyUsage.

// method checkExtnIssuerAltNames
void checkExtnKeyUsage(StringBuilder failureMsg, boolean[] usages, Extensions requestedExtns, ExtensionControl extnControl) {
    int len = usages.length;
    if (len > 9) {
        failureMsg.append("invalid syntax: size of valid bits is larger than 9: ").append(len);
        failureMsg.append("; ");
    }
    Set<String> isUsages = new HashSet<>();
    for (int i = 0; i < len; i++) {
        if (usages[i]) {
            isUsages.add(ALL_USAGES.get(i));
        }
    }
    Set<String> expectedUsages = new HashSet<>();
    Set<KeyUsageControl> requiredKeyusage = getKeyusage(true);
    for (KeyUsageControl usage : requiredKeyusage) {
        expectedUsages.add(usage.getKeyUsage().getName());
    }
    Set<KeyUsageControl> optionalKeyusage = getKeyusage(false);
    if (requestedExtns != null && extnControl.isRequest() && isNotEmpty(optionalKeyusage)) {
        Extension extension = requestedExtns.getExtension(Extension.keyUsage);
        if (extension != null) {
            org.bouncycastle.asn1.x509.KeyUsage reqKeyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(extension.getParsedValue());
            for (KeyUsageControl k : optionalKeyusage) {
                if (reqKeyUsage.hasUsages(k.getKeyUsage().getBcUsage())) {
                    expectedUsages.add(k.getKeyUsage().getName());
                }
            }
        }
    }
    if (isEmpty(expectedUsages)) {
        byte[] constantExtValue = caller.getConstantExtensionValue(Extension.keyUsage);
        if (constantExtValue != null) {
            expectedUsages = getKeyUsage(constantExtValue);
        }
    }
    Set<String> diffs = CheckerUtil.strInBnotInA(expectedUsages, isUsages);
    if (isNotEmpty(diffs)) {
        failureMsg.append("usages ").append(diffs).append(" are present but not expected; ");
    }
    diffs = CheckerUtil.strInBnotInA(isUsages, expectedUsages);
    if (isNotEmpty(diffs)) {
        failureMsg.append("usages ").append(diffs).append(" are absent but are required; ");
    }
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) KeyUsageControl(org.xipki.ca.api.profile.Certprofile.KeyUsageControl) HashSet(java.util.HashSet)

Example 2 with KeyUsageControl

use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.

the class H2nChecker method getKeyusage.

// method checkExtnKeyUsage
Set<KeyUsageControl> getKeyusage(boolean required) {
    Set<KeyUsageControl> ret = new HashSet<>();
    Set<KeyUsageControl> controls = getCertprofile().extensions().getKeyusages();
    if (controls != null) {
        for (KeyUsageControl control : controls) {
            if (control.isRequired() == required) {
                ret.add(control);
            }
        }
    }
    return ret;
}
Also used : KeyUsageControl(org.xipki.ca.api.profile.Certprofile.KeyUsageControl) HashSet(java.util.HashSet)

Example 3 with KeyUsageControl

use of org.xipki.ca.api.profile.Certprofile.KeyUsageControl in project xipki by xipki.

the class KeyUsage method toXiKeyUsageOptions.

public Set<KeyUsageControl> toXiKeyUsageOptions() {
    List<Usage> usages = getUsages();
    Set<KeyUsageControl> controls = new HashSet<>();
    for (Usage m : usages) {
        controls.add(new KeyUsageControl(m.getValue(), m.isRequired()));
    }
    return Collections.unmodifiableSet(controls);
}
Also used : KeyUsageControl(org.xipki.ca.api.profile.Certprofile.KeyUsageControl)

Aggregations

KeyUsageControl (org.xipki.ca.api.profile.Certprofile.KeyUsageControl)3 HashSet (java.util.HashSet)2 Extension (org.bouncycastle.asn1.x509.Extension)1