Example 1 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method convertKeyParametersOption.
private static KeyParametersOption convertKeyParametersOption(AlgorithmType type) throws CertprofileException {
ParamUtil.requireNonNull("type", type);
if (type.getParameters() == null || type.getParameters().getAny() == null) {
return KeyParametersOption.ALLOW_ALL;
}
Object paramsObj = type.getParameters().getAny();
if (paramsObj instanceof ECParameters) {
ECParameters params = (ECParameters) paramsObj;
KeyParametersOption.ECParamatersOption option = new KeyParametersOption.ECParamatersOption();
if (params.getCurves() != null) {
Curves curves = params.getCurves();
Set<ASN1ObjectIdentifier> curveOids = toOidSet(curves.getCurve());
option.setCurveOids(curveOids);
}
if (params.getPointEncodings() != null) {
List<Byte> bytes = params.getPointEncodings().getPointEncoding();
Set<Byte> pointEncodings = new HashSet<>(bytes);
option.setPointEncodings(pointEncodings);
}
return option;
} else if (paramsObj instanceof RSAParameters) {
RSAParameters params = (RSAParameters) paramsObj;
KeyParametersOption.RSAParametersOption option = new KeyParametersOption.RSAParametersOption();
Set<Range> modulusLengths = buildParametersMap(params.getModulusLength());
option.setModulusLengths(modulusLengths);
return option;
} else if (paramsObj instanceof RSAPSSParameters) {
RSAPSSParameters params = (RSAPSSParameters) paramsObj;
KeyParametersOption.RSAPSSParametersOption option = new KeyParametersOption.RSAPSSParametersOption();
Set<Range> modulusLengths = buildParametersMap(params.getModulusLength());
option.setModulusLengths(modulusLengths);
return option;
} else if (paramsObj instanceof DSAParameters) {
DSAParameters params = (DSAParameters) paramsObj;
KeyParametersOption.DSAParametersOption option = new KeyParametersOption.DSAParametersOption();
Set<Range> plengths = buildParametersMap(params.getPLength());
option.setPlengths(plengths);
Set<Range> qlengths = buildParametersMap(params.getQLength());
option.setQlengths(qlengths);
return option;
} else if (paramsObj instanceof DHParameters) {
DHParameters params = (DHParameters) paramsObj;
KeyParametersOption.DHParametersOption option = new KeyParametersOption.DHParametersOption();
Set<Range> plengths = buildParametersMap(params.getPLength());
option.setPlengths(plengths);
Set<Range> qlengths = buildParametersMap(params.getQLength());
option.setQlengths(qlengths);
return option;
} else if (paramsObj instanceof GostParameters) {
GostParameters params = (GostParameters) paramsObj;
KeyParametersOption.GostParametersOption option = new KeyParametersOption.GostParametersOption();
Set<ASN1ObjectIdentifier> set = toOidSet(params.getPublicKeyParamSet());
option.setPublicKeyParamSets(set);
set = toOidSet(params.getDigestParamSet());
option.setDigestParamSets(set);
set = toOidSet(params.getEncryptionParamSet());
option.setEncryptionParamSets(set);
return option;
} else {
throw new CertprofileException("unknown public key parameters type " + paramsObj.getClass().getName());
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ECParameters(org.xipki.ca.certprofile.x509.jaxb.ECParameters)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
GostParameters(org.xipki.ca.certprofile.x509.jaxb.GostParameters)
RSAPSSParameters(org.xipki.ca.certprofile.x509.jaxb.RSAPSSParameters)
HashSet(java.util.HashSet)
RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters)
DHParameters(org.xipki.ca.certprofile.x509.jaxb.DHParameters)
Range(org.xipki.ca.api.profile.Range)
KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
DSAParameters(org.xipki.ca.certprofile.x509.jaxb.DSAParameters)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Curves(org.xipki.ca.certprofile.x509.jaxb.ECParameters.Curves)
Example 2 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method parse.
public static X509ProfileType parse(InputStream xmlConfStream) throws CertprofileException {
ParamUtil.requireNonNull("xmlConfStream", xmlConfStream);
synchronized (JAXB_LOCK) {
JAXBElement<?> rootElement;
try {
if (jaxbUnmarshaller == null) {
JAXBContext context = JAXBContext.newInstance(ObjectFactory.class);
jaxbUnmarshaller = context.createUnmarshaller();
final SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
URL url = XmlX509CertprofileUtil.class.getResource("/xsd/certprofile.xsd");
jaxbUnmarshaller.setSchema(schemaFact.newSchema(url));
}
rootElement = (JAXBElement<?>) jaxbUnmarshaller.unmarshal(xmlConfStream);
} catch (SAXException ex) {
throw new CertprofileException("parse profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new CertprofileException("parse profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
try {
xmlConfStream.close();
} catch (IOException ex) {
LOG.warn("could not close xmlConfStream: {}", ex.getMessage());
}
Object rootType = rootElement.getValue();
if (rootType instanceof X509ProfileType) {
return (X509ProfileType) rootElement.getValue();
} else {
throw new CertprofileException("invalid root element type");
}
}
}
Also used :
SchemaFactory(javax.xml.validation.SchemaFactory)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
JAXBException(javax.xml.bind.JAXBException)
JAXBContext(javax.xml.bind.JAXBContext)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)
IOException(java.io.IOException)
URL(java.net.URL)
SAXException(org.xml.sax.SAXException)
Example 3 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildPolicyConstrains.
// method buildGeneralSubtree
public static ASN1Sequence buildPolicyConstrains(PolicyConstraints type) throws CertprofileException {
ParamUtil.requireNonNull("type", type);
Integer requireExplicitPolicy = type.getRequireExplicitPolicy();
if (requireExplicitPolicy != null && requireExplicitPolicy < 0) {
throw new CertprofileException("negative requireExplicitPolicy is not allowed: " + requireExplicitPolicy);
}
Integer inhibitPolicyMapping = type.getInhibitPolicyMapping();
if (inhibitPolicyMapping != null && inhibitPolicyMapping < 0) {
throw new CertprofileException("negative inhibitPolicyMapping is not allowed: " + inhibitPolicyMapping);
}
if (requireExplicitPolicy == null && inhibitPolicyMapping == null) {
return null;
}
final boolean explicit = false;
ASN1EncodableVector vec = new ASN1EncodableVector();
if (requireExplicitPolicy != null) {
vec.add(new DERTaggedObject(explicit, 0, new ASN1Integer(BigInteger.valueOf(requireExplicitPolicy))));
}
if (inhibitPolicyMapping != null) {
vec.add(new DERTaggedObject(explicit, 1, new ASN1Integer(BigInteger.valueOf(inhibitPolicyMapping))));
}
return new DERSequence(vec);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
Example 4 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildKeyAlgorithms.
public static Map<ASN1ObjectIdentifier, KeyParametersOption> buildKeyAlgorithms(KeyAlgorithms keyAlgos) throws CertprofileException {
ParamUtil.requireNonNull("keyAlgos", keyAlgos);
Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = new HashMap<>();
for (AlgorithmType type : keyAlgos.getAlgorithm()) {
List<OidWithDescType> algIds = type.getAlgorithm();
List<ASN1ObjectIdentifier> oids = new ArrayList<>(algIds.size());
for (OidWithDescType algId : algIds) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(algId.getValue());
if (keyAlgorithms.containsKey(oid)) {
throw new CertprofileException("duplicate definition of keyAlgorithm " + oid.getId());
}
oids.add(oid);
}
KeyParametersOption keyParamsOption = convertKeyParametersOption(type);
for (ASN1ObjectIdentifier oid : oids) {
keyAlgorithms.put(oid, keyParamsOption);
}
}
return CollectionUtil.unmodifiableMap(keyAlgorithms);
}
Also used :
OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType)
AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)
KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption)
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ArrayList(java.util.ArrayList)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 5 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class SubjectDnSpec method fixRdnControl.
// static
public static void fixRdnControl(RdnControl control) throws CertprofileException {
ParamUtil.requireNonNull("control", control);
ASN1ObjectIdentifier type = control.getType();
StringType stringType = control.getStringType();
if (stringType != null) {
if (STRING_TYPE_SET.containsKey(type) && !STRING_TYPE_SET.get(type).contains(stringType)) {
throw new CertprofileException(String.format("%s is not allowed %s", stringType.name(), type.getId()));
}
} else {
StringType specStrType = DFLT_STRING_TYPES.get(type);
if (specStrType != null) {
control.setStringType(specStrType);
}
}
if (control.getPatterns() == null && PATTERNS.containsKey(type)) {
control.setPatterns(Arrays.asList(PATTERNS.get(type)));
}
Range specRange = RANGES.get(type);
if (specRange == null) {
control.setStringLengthRange(null);
return;
}
Range isRange = control.getStringLengthRange();
if (isRange == null) {
control.setStringLengthRange(specRange);
return;
}
boolean changed = false;
Integer specMin = specRange.getMin();
Integer min = isRange.getMin();
if (min == null) {
changed = true;
min = specMin;
} else if (specMin != null && specMin > min) {
changed = true;
min = specMin;
}
Integer specMax = specRange.getMax();
Integer max = isRange.getMax();
if (max == null) {
changed = true;
max = specMax;
} else if (specMax != null && specMax < max) {
changed = true;
max = specMax;
}
if (changed) {
isRange.setRange(min, max);
}
// isRange
}
Also used :
StringType(org.xipki.ca.api.profile.StringType)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
Range(org.xipki.ca.api.profile.Range)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
CertprofileException (org.xipki.ca.api.profile.CertprofileException)27
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18
HashMap (java.util.HashMap)8
IOException (java.io.IOException)7
HashSet (java.util.HashSet)7
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)6
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)6
ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)6
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5
DERIA5String (org.bouncycastle.asn1.DERIA5String)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)5
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)5
X500Name (org.bouncycastle.asn1.x500.X500Name)5
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5
BigInteger (java.math.BigInteger)4
ArrayList (java.util.ArrayList)4
LinkedList (java.util.LinkedList)4
