Example 21 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class X509CertprofileQa method buildConstantExtesions.
public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
if (extensionsType == null) {
return null;
}
Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
continue;
}
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
byte[] encodedValue = extConf.getValue();
ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
try {
parser.readObject();
} catch (IOException ex) {
throw new CertprofileException("could not parse the constant extension value", ex);
}
QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
map.put(oid, extension);
}
if (CollectionUtil.isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
Also used :
QaExtensionValue(org.xipki.ca.qa.internal.QaExtensionValue)
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
IOException(java.io.IOException)
ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)
Example 22 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildExtensionControls.
// method buildKeyAlgorithms
public static Map<ASN1ObjectIdentifier, ExtensionControl> buildExtensionControls(ExtensionsType extensionsType) throws CertprofileException {
ParamUtil.requireNonNull("extensionsType", extensionsType);
// Extension controls
Map<ASN1ObjectIdentifier, ExtensionControl> controls = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (controls.containsKey(oid)) {
throw new CertprofileException("duplicated definition of extension " + oid.getId());
}
ExtensionControl ctrl = new ExtensionControl(m.isCritical(), m.isRequired(), m.isPermittedInRequest());
controls.put(oid, ctrl);
}
return Collections.unmodifiableMap(controls);
}
Also used :
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ExtensionControl(org.xipki.ca.api.profile.ExtensionControl)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 23 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildGeneralNameMode.
// method buildPolicyConstrains
public static Set<GeneralNameMode> buildGeneralNameMode(GeneralNameType name) throws CertprofileException {
ParamUtil.requireNonNull("name", name);
Set<GeneralNameMode> ret = new HashSet<>();
if (name.getOtherName() != null) {
List<OidWithDescType> list = name.getOtherName().getType();
Set<ASN1ObjectIdentifier> set = new HashSet<>();
for (OidWithDescType entry : list) {
set.add(new ASN1ObjectIdentifier(entry.getValue()));
}
ret.add(new GeneralNameMode(GeneralNameTag.otherName, set));
}
if (name.getRfc822Name() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.rfc822Name));
}
if (name.getDnsName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.dNSName));
}
if (name.getDirectoryName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.directoryName));
}
if (name.getEdiPartyName() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.ediPartyName));
}
if (name.getUniformResourceIdentifier() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.uniformResourceIdentifier));
}
if (name.getIpAddress() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.iPAddress));
}
if (name.getRegisteredID() != null) {
ret.add(new GeneralNameMode(GeneralNameTag.registeredID));
}
if (ret.isEmpty()) {
throw new CertprofileException("GeneralNameType must not be empty");
}
return ret;
}
Also used :
OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType)
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
Example 24 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildConstantExtesions.
// method buildExtKeyUsageOptions
public static Map<ASN1ObjectIdentifier, ExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
if (extensionsType == null) {
return null;
}
Map<ASN1ObjectIdentifier, ExtensionValue> map = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
continue;
}
ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
byte[] encodedValue = extConf.getValue();
ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
ASN1Encodable value;
try {
value = parser.readObject();
} catch (IOException ex) {
throw new CertprofileException("could not parse the constant extension value", ex);
}
ExtensionValue extension = new ExtensionValue(m.isCritical(), value);
map.put(oid, extension);
}
if (CollectionUtil.isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
Also used :
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
IOException(java.io.IOException)
ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)
Example 25 with CertprofileException
use of org.xipki.ca.api.profile.CertprofileException in project xipki by xipki.
the class XmlX509CertprofileUtil method buildGeneralSubtree.
// method buildGeneralSubtrees
private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeBaseType type) throws CertprofileException {
ParamUtil.requireNonNull("type", type);
GeneralName base = null;
if (type.getDirectoryName() != null) {
base = new GeneralName(X509Util.reverse(new X500Name(type.getDirectoryName())));
} else if (type.getDnsName() != null) {
base = new GeneralName(GeneralName.dNSName, type.getDnsName());
} else if (type.getIpAddress() != null) {
base = new GeneralName(GeneralName.iPAddress, type.getIpAddress());
} else if (type.getRfc822Name() != null) {
base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name());
} else if (type.getUri() != null) {
base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri());
} else {
throw new RuntimeException("should not reach here, unknown child of GeneralSubtreeBaseType");
}
Integer min = type.getMinimum();
if (min != null && min < 0) {
throw new CertprofileException("negative minimum is not allowed: " + min);
}
BigInteger minimum = (min == null) ? null : BigInteger.valueOf(min.intValue());
Integer max = type.getMaximum();
if (max != null && max < 0) {
throw new CertprofileException("negative maximum is not allowed: " + max);
}
BigInteger maximum = (max == null) ? null : BigInteger.valueOf(max.intValue());
return new GeneralSubtree(base, minimum, maximum);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
X500Name(org.bouncycastle.asn1.x500.X500Name)
GeneralSubtree(org.bouncycastle.asn1.x509.GeneralSubtree)
Aggregations
CertprofileException (org.xipki.ca.api.profile.CertprofileException)27
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)18
HashMap (java.util.HashMap)8
IOException (java.io.IOException)7
HashSet (java.util.HashSet)7
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)6
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)6
ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)6
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5
DERIA5String (org.bouncycastle.asn1.DERIA5String)5
DEROctetString (org.bouncycastle.asn1.DEROctetString)5
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)5
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)5
X500Name (org.bouncycastle.asn1.x500.X500Name)5
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5
BigInteger (java.math.BigInteger)4
ArrayList (java.util.ArrayList)4
LinkedList (java.util.LinkedList)4
