Example 1 with GeneralNameMode
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class ExtensionsChecker method checkExtensionSubjectInfoAccess.
private void checkExtensionSubjectInfoAccess(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> conf = certProfile.getSubjectInfoAccessModes();
if (conf == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
ASN1Encodable requestExtValue = null;
if (requestedExtensions != null) {
requestExtValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
}
if (requestExtValue == null) {
failureMsg.append("extension is present but not expected; ");
return;
}
ASN1Sequence requestSeq = ASN1Sequence.getInstance(requestExtValue);
ASN1Sequence certSeq = ASN1Sequence.getInstance(extensionValue);
int size = requestSeq.size();
if (certSeq.size() != size) {
addViolation(failureMsg, "size of GeneralNames", certSeq.size(), size);
return;
}
for (int i = 0; i < size; i++) {
AccessDescription ad = AccessDescription.getInstance(requestSeq.getObjectAt(i));
ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
Set<GeneralNameMode> generalNameModes = conf.get(accessMethod);
if (generalNameModes == null) {
failureMsg.append("accessMethod in requestedExtension ").append(accessMethod.getId()).append(" is not allowed; ");
continue;
}
AccessDescription certAccessDesc = AccessDescription.getInstance(certSeq.getObjectAt(i));
ASN1ObjectIdentifier certAccessMethod = certAccessDesc.getAccessMethod();
boolean bo = (accessMethod == null) ? (certAccessMethod == null) : accessMethod.equals(certAccessMethod);
if (!bo) {
addViolation(failureMsg, "accessMethod", (certAccessMethod == null) ? "null" : certAccessMethod.getId(), (accessMethod == null) ? "null" : accessMethod.getId());
continue;
}
GeneralName accessLocation;
try {
accessLocation = createGeneralName(ad.getAccessLocation(), generalNameModes);
} catch (BadCertTemplateException ex) {
failureMsg.append("invalid requestedExtension: ").append(ex.getMessage()).append("; ");
continue;
}
GeneralName certAccessLocation = certAccessDesc.getAccessLocation();
if (!certAccessLocation.equals(accessLocation)) {
failureMsg.append("accessLocation does not match the requested one; ");
}
}
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
Set(java.util.Set)
HashSet(java.util.HashSet)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 2 with GeneralNameMode
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class ExtensionsChecker method createGeneralName.
private static GeneralName createGeneralName(GeneralName reqName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
int tag = reqName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, reqName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(reqName.getName());
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable value = ASN1TaggedObject.getInstance(reqSeq.getObjectAt(1)).getObject();
String text;
if (!(value instanceof ASN1String)) {
throw new BadCertTemplateException("otherName.value is not a String");
} else {
text = ((ASN1String) value).getString();
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, new DERUTF8String(text)));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(reqName.getName());
int size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 3 with GeneralNameMode
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class XmlX509Certprofile method initialize0.
// method initialize
private void initialize0(X509ProfileType conf) throws CertprofileException {
if (conf.getVersion() != null) {
String versionText = conf.getVersion();
this.version = X509CertVersion.forName(versionText);
if (this.version == null) {
throw new CertprofileException(String.format("invalid version '%s'", versionText));
}
} else {
this.version = X509CertVersion.v3;
}
if (conf.getSignatureAlgorithms() != null) {
List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm();
List<String> list = new ArrayList<>(algoNames.size());
for (String algoName : algoNames) {
try {
list.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName));
} catch (NoSuchAlgorithmException ex) {
throw new CertprofileException(ex.getMessage(), ex);
}
}
this.signatureAlgorithms = Collections.unmodifiableList(list);
}
this.raOnly = conf.isRaOnly();
this.maxSize = conf.getMaxSize();
this.validity = CertValidity.getInstance(conf.getValidity());
String str = conf.getCertLevel();
if ("RootCA".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.RootCA;
} else if ("SubCA".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.SubCA;
} else if ("EndEntity".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.EndEntity;
} else {
throw new CertprofileException("invalid CertLevel '" + str + "'");
}
str = conf.getNotBeforeTime();
if ("midnight".equalsIgnoreCase(str)) {
this.notBeforeMidnight = true;
} else if ("current".equalsIgnoreCase(str)) {
this.notBeforeMidnight = false;
} else {
throw new CertprofileException("invalid notBefore '" + str + "'");
}
String specBehavior = conf.getSpecialBehavior();
if (specBehavior != null) {
this.specialBehavior = SpecialX509CertprofileBehavior.forName(specBehavior);
}
this.duplicateKeyPermitted = conf.isDuplicateKey();
this.serialNumberInReqPermitted = conf.isSerialNumberInReq();
// KeyAlgorithms
KeyAlgorithms keyAlgos = conf.getKeyAlgorithms();
if (keyAlgos != null) {
this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos);
}
// parameters
Parameters confParams = conf.getParameters();
if (confParams == null) {
parameters = null;
} else {
Map<String, String> tmpMap = new HashMap<>();
for (NameValueType nv : confParams.getParameter()) {
tmpMap.put(nv.getName(), nv.getValue());
}
parameters = Collections.unmodifiableMap(tmpMap);
}
// Subject
Subject subject = conf.getSubject();
duplicateSubjectPermitted = subject.isDuplicateSubjectPermitted();
List<RdnControl> subjectDnControls = new LinkedList<>();
for (RdnType rdn : subject.getRdn()) {
ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getValue());
List<Pattern> patterns = null;
if (CollectionUtil.isNonEmpty(rdn.getRegex())) {
patterns = new LinkedList<>();
for (String regex : rdn.getRegex()) {
Pattern pattern = Pattern.compile(regex);
patterns.add(pattern);
}
}
if (patterns == null) {
Pattern pattern = SubjectDnSpec.getPattern(type);
if (pattern != null) {
patterns = Arrays.asList(pattern);
}
}
Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null;
RdnControl rdnControl = new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs());
subjectDnControls.add(rdnControl);
StringType stringType = XmlX509CertprofileUtil.convertStringType(rdn.getStringType());
rdnControl.setStringType(stringType);
rdnControl.setStringLengthRange(range);
rdnControl.setPatterns(patterns);
rdnControl.setPrefix(rdn.getPrefix());
rdnControl.setSuffix(rdn.getSuffix());
rdnControl.setGroup(rdn.getGroup());
SubjectDnSpec.fixRdnControl(rdnControl);
}
this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder());
this.incSerialNoIfSubjectExists = subject.isIncSerialNumber();
// Extensions
ExtensionsType extensionsType = conf.getExtensions();
// Extension controls
this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType);
Set<ASN1ObjectIdentifier> extnIds = new HashSet<>(this.extensionControls.keySet());
// SubjectToSubjectAltName
initSubjectToSubjectAltNames(extensionsType);
// AdditionalInformation
initAdditionalInformation(extnIds, extensionsType);
// Admission
initAdmission(extnIds, extensionsType);
// AuthorityInfoAccess
initAuthorityInfoAccess(extnIds, extensionsType);
// AuthorityKeyIdentifier
initAuthorityKeyIdentifier(extnIds, extensionsType);
// AuthorizationTemplate
initAuthorizationTemplate(extnIds, extensionsType);
// BasicConstrains
initBasicConstraints(extnIds, extensionsType);
// BiometricInfo
initBiometricInfo(extnIds, extensionsType);
// Certificate Policies
initCertificatePolicies(extnIds, extensionsType);
// ExtendedKeyUsage
initExtendedKeyUsage(extnIds, extensionsType);
// Inhibit anyPolicy
initInhibitAnyPolicy(extnIds, extensionsType);
// KeyUsage
initKeyUsage(extnIds, extensionsType);
// Name Constrains
initNameConstraints(extnIds, extensionsType);
// Policy Constraints
initPolicyConstraints(extnIds, extensionsType);
// Policy Mappings
initPolicyMappings(extnIds, extensionsType);
// PrivateKeyUsagePeriod
initPrivateKeyUsagePeriod(extnIds, extensionsType);
// QCStatements
initQcStatements(extnIds, extensionsType);
// Restriction
initRestriction(extnIds, extensionsType);
// SMIMECapatibilities
initSmimeCapabilities(extnIds, extensionsType);
// SubjectAltNameMode
initSubjectAlternativeName(extnIds, extensionsType);
// SubjectInfoAccess
initSubjectInfoAccess(extnIds, extensionsType);
// TlsFeature
initTlsFeature(extnIds, extensionsType);
// validityModel
initValidityModel(extnIds, extensionsType);
// SubjectDirectoryAttributes
initSubjectDirAttrs(extnIds, extensionsType);
// constant extensions
this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType);
if (this.constantExtensions != null) {
extnIds.removeAll(this.constantExtensions.keySet());
}
// validate the configuration
if (subjectToSubjectAltNameModes != null) {
ASN1ObjectIdentifier type = Extension.subjectAlternativeName;
if (!extensionControls.containsKey(type)) {
throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension" + " subjectAltNames is not permitted");
}
if (subjectAltNameModes != null) {
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag nameTag = subjectToSubjectAltNameModes.get(attrType);
boolean allowed = false;
for (GeneralNameMode m : subjectAltNameModes) {
if (m.getTag() == nameTag) {
allowed = true;
break;
}
}
if (!allowed) {
throw new CertprofileException("target SubjectAltName type " + nameTag + " is not allowed");
}
}
}
}
// Remove the extension processed not be the CertProfile, but by the CA
extnIds.remove(Extension.issuerAlternativeName);
extnIds.remove(Extension.authorityInfoAccess);
extnIds.remove(Extension.cRLDistributionPoints);
extnIds.remove(Extension.freshestCRL);
extnIds.remove(Extension.subjectKeyIdentifier);
extnIds.remove(Extension.subjectInfoAccess);
extnIds.remove(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck);
Set<ASN1ObjectIdentifier> copyOfExtnIds = new HashSet<>(extnIds);
for (ASN1ObjectIdentifier extnId : copyOfExtnIds) {
Object extnValue = getExtensionValue(extnId, extensionsType, Object.class);
boolean processed = initExtraExtension(extnId, extensionControls.get(extnId), extnValue);
if (processed) {
extnIds.remove(extnId);
}
}
if (!extnIds.isEmpty()) {
throw new CertprofileException("Cannot process the extensions: " + extnIds);
}
}
Also used :
NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType)
HashMap(java.util.HashMap)
DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType)
StringType(org.xipki.ca.api.profile.StringType)
ArrayList(java.util.ArrayList)
KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RdnControl(org.xipki.ca.api.profile.RdnControl)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
SubjectControl(org.xipki.ca.api.profile.x509.SubjectControl)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
HashSet(java.util.HashSet)
Pattern(java.util.regex.Pattern)
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters)
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
Range(org.xipki.ca.api.profile.Range)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
LinkedList(java.util.LinkedList)
RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 4 with GeneralNameMode
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class X509CertprofileUtil method createGeneralName.
/**
* Creates GeneralName.
*
* @param requestedName
* Requested name. Must not be {@code null}.
* @param modes
* Modes to be considered. Must not be {@code null}.
* @return the created GeneralName
* @throws BadCertTemplateException
* If requestedName is invalid or contains entries which are not allowed in the modes.
*/
public static GeneralName createGeneralName(GeneralName requestedName, Set<GeneralNameMode> modes) throws BadCertTemplateException {
ParamUtil.requireNonNull("requestedName", requestedName);
int tag = requestedName.getTagNo();
GeneralNameMode mode = null;
if (modes != null) {
for (GeneralNameMode m : modes) {
if (m.getTag().getTag() == tag) {
mode = m;
break;
}
}
if (mode == null) {
throw new BadCertTemplateException("generalName tag " + tag + " is not allowed");
}
}
switch(tag) {
case GeneralName.rfc822Name:
case GeneralName.dNSName:
case GeneralName.uniformResourceIdentifier:
case GeneralName.iPAddress:
case GeneralName.registeredID:
case GeneralName.directoryName:
return new GeneralName(tag, requestedName.getName());
case GeneralName.otherName:
ASN1Sequence reqSeq = ASN1Sequence.getInstance(requestedName.getName());
int size = reqSeq.size();
if (size != 2) {
throw new BadCertTemplateException("invalid otherName sequence: size is not 2: " + size);
}
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(reqSeq.getObjectAt(0));
if (mode != null && !mode.getAllowedTypes().contains(type)) {
throw new BadCertTemplateException("otherName.type " + type.getId() + " is not allowed");
}
ASN1Encodable asn1 = reqSeq.getObjectAt(1);
if (!(asn1 instanceof ASN1TaggedObject)) {
throw new BadCertTemplateException("otherName.value is not tagged Object");
}
int tagNo = ASN1TaggedObject.getInstance(asn1).getTagNo();
if (tagNo != 0) {
throw new BadCertTemplateException("otherName.value does not have tag 0: " + tagNo);
}
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(type);
vector.add(new DERTaggedObject(true, 0, ASN1TaggedObject.getInstance(asn1).getObject()));
DERSequence seq = new DERSequence(vector);
return new GeneralName(GeneralName.otherName, seq);
case GeneralName.ediPartyName:
reqSeq = ASN1Sequence.getInstance(requestedName.getName());
size = reqSeq.size();
String nameAssigner = null;
int idx = 0;
if (size > 1) {
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
nameAssigner = ds.getString();
}
DirectoryString ds = DirectoryString.getInstance(ASN1TaggedObject.getInstance(reqSeq.getObjectAt(idx++)).getObject());
String partyName = ds.getString();
vector = new ASN1EncodableVector();
if (nameAssigner != null) {
vector.add(new DERTaggedObject(false, 0, new DirectoryString(nameAssigner)));
}
vector.add(new DERTaggedObject(false, 1, new DirectoryString(partyName)));
seq = new DERSequence(vector);
return new GeneralName(GeneralName.ediPartyName, seq);
default:
throw new RuntimeException("should not reach here, unknown GeneralName tag " + tag);
}
// end switch (tag)
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 5 with GeneralNameMode
use of org.xipki.ca.api.profile.GeneralNameMode in project xipki by xipki.
the class IdentifiedX509Certprofile method createSubjectInfoAccess.
// method addRequestedExtKeyusage
private static ASN1Sequence createSubjectInfoAccess(Extensions requestedExtensions, Map<ASN1ObjectIdentifier, Set<GeneralNameMode>> modes) throws BadCertTemplateException {
if (modes == null) {
return null;
}
ASN1Encodable extValue = requestedExtensions.getExtensionParsedValue(Extension.subjectInfoAccess);
if (extValue == null) {
return null;
}
ASN1Sequence reqSeq = ASN1Sequence.getInstance(extValue);
int size = reqSeq.size();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (int i = 0; i < size; i++) {
AccessDescription ad = AccessDescription.getInstance(reqSeq.getObjectAt(i));
ASN1ObjectIdentifier accessMethod = ad.getAccessMethod();
Set<GeneralNameMode> generalNameModes = modes.get(accessMethod);
if (generalNameModes == null) {
throw new BadCertTemplateException("subjectInfoAccess.accessMethod " + accessMethod.getId() + " is not allowed");
}
GeneralName accessLocation = X509CertprofileUtil.createGeneralName(ad.getAccessLocation(), generalNameModes);
vec.add(new AccessDescription(accessMethod, accessLocation));
}
return vec.size() > 0 ? new DERSequence(vec) : null;
}
Also used :
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
GeneralNameMode (org.xipki.ca.api.profile.GeneralNameMode)8
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7
GeneralName (org.bouncycastle.asn1.x509.GeneralName)6
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)6
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)5
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)5
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)4
DERIA5String (org.bouncycastle.asn1.DERIA5String)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)4
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)4
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)4
CertprofileException (org.xipki.ca.api.profile.CertprofileException)4
HashSet (java.util.HashSet)3
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
ASN1String (org.bouncycastle.asn1.ASN1String)3
DERBMPString (org.bouncycastle.asn1.DERBMPString)3
DERSequence (org.bouncycastle.asn1.DERSequence)3
