Search in sources :

Example 6 with AuthorityInfoAccess

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileOcsp.

// method certprofileSubCaComplex
private static X509ProfileType certprofileOcsp() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ocsp", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null);
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 7 with AuthorityInfoAccess

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileMaxTime.

// method certprofileEeComplex
private static X509ProfileType certprofileMaxTime() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile max-time", X509CertLevel.EndEntity, "9999y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setDuplicateSubjectPermitted(false);
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 8 with AuthorityInfoAccess

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess in project xipki by xipki.

the class XmlX509Certprofile method initialize0.

// method initialize
private void initialize0(X509ProfileType conf) throws CertprofileException {
    if (conf.getVersion() != null) {
        String versionText = conf.getVersion();
        this.version = X509CertVersion.forName(versionText);
        if (this.version == null) {
            throw new CertprofileException(String.format("invalid version '%s'", versionText));
        }
    } else {
        this.version = X509CertVersion.v3;
    }
    if (conf.getSignatureAlgorithms() != null) {
        List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm();
        List<String> list = new ArrayList<>(algoNames.size());
        for (String algoName : algoNames) {
            try {
                list.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName));
            } catch (NoSuchAlgorithmException ex) {
                throw new CertprofileException(ex.getMessage(), ex);
            }
        }
        this.signatureAlgorithms = Collections.unmodifiableList(list);
    }
    this.raOnly = conf.isRaOnly();
    this.maxSize = conf.getMaxSize();
    this.validity = CertValidity.getInstance(conf.getValidity());
    String str = conf.getCertLevel();
    if ("RootCA".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.RootCA;
    } else if ("SubCA".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.SubCA;
    } else if ("EndEntity".equalsIgnoreCase(str)) {
        this.certLevel = X509CertLevel.EndEntity;
    } else {
        throw new CertprofileException("invalid CertLevel '" + str + "'");
    }
    str = conf.getNotBeforeTime();
    if ("midnight".equalsIgnoreCase(str)) {
        this.notBeforeMidnight = true;
    } else if ("current".equalsIgnoreCase(str)) {
        this.notBeforeMidnight = false;
    } else {
        throw new CertprofileException("invalid notBefore '" + str + "'");
    }
    String specBehavior = conf.getSpecialBehavior();
    if (specBehavior != null) {
        this.specialBehavior = SpecialX509CertprofileBehavior.forName(specBehavior);
    }
    this.duplicateKeyPermitted = conf.isDuplicateKey();
    this.serialNumberInReqPermitted = conf.isSerialNumberInReq();
    // KeyAlgorithms
    KeyAlgorithms keyAlgos = conf.getKeyAlgorithms();
    if (keyAlgos != null) {
        this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos);
    }
    // parameters
    Parameters confParams = conf.getParameters();
    if (confParams == null) {
        parameters = null;
    } else {
        Map<String, String> tmpMap = new HashMap<>();
        for (NameValueType nv : confParams.getParameter()) {
            tmpMap.put(nv.getName(), nv.getValue());
        }
        parameters = Collections.unmodifiableMap(tmpMap);
    }
    // Subject
    Subject subject = conf.getSubject();
    duplicateSubjectPermitted = subject.isDuplicateSubjectPermitted();
    List<RdnControl> subjectDnControls = new LinkedList<>();
    for (RdnType rdn : subject.getRdn()) {
        ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getValue());
        List<Pattern> patterns = null;
        if (CollectionUtil.isNonEmpty(rdn.getRegex())) {
            patterns = new LinkedList<>();
            for (String regex : rdn.getRegex()) {
                Pattern pattern = Pattern.compile(regex);
                patterns.add(pattern);
            }
        }
        if (patterns == null) {
            Pattern pattern = SubjectDnSpec.getPattern(type);
            if (pattern != null) {
                patterns = Arrays.asList(pattern);
            }
        }
        Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null;
        RdnControl rdnControl = new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs());
        subjectDnControls.add(rdnControl);
        StringType stringType = XmlX509CertprofileUtil.convertStringType(rdn.getStringType());
        rdnControl.setStringType(stringType);
        rdnControl.setStringLengthRange(range);
        rdnControl.setPatterns(patterns);
        rdnControl.setPrefix(rdn.getPrefix());
        rdnControl.setSuffix(rdn.getSuffix());
        rdnControl.setGroup(rdn.getGroup());
        SubjectDnSpec.fixRdnControl(rdnControl);
    }
    this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder());
    this.incSerialNoIfSubjectExists = subject.isIncSerialNumber();
    // Extensions
    ExtensionsType extensionsType = conf.getExtensions();
    // Extension controls
    this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType);
    Set<ASN1ObjectIdentifier> extnIds = new HashSet<>(this.extensionControls.keySet());
    // SubjectToSubjectAltName
    initSubjectToSubjectAltNames(extensionsType);
    // AdditionalInformation
    initAdditionalInformation(extnIds, extensionsType);
    // Admission
    initAdmission(extnIds, extensionsType);
    // AuthorityInfoAccess
    initAuthorityInfoAccess(extnIds, extensionsType);
    // AuthorityKeyIdentifier
    initAuthorityKeyIdentifier(extnIds, extensionsType);
    // AuthorizationTemplate
    initAuthorizationTemplate(extnIds, extensionsType);
    // BasicConstrains
    initBasicConstraints(extnIds, extensionsType);
    // BiometricInfo
    initBiometricInfo(extnIds, extensionsType);
    // Certificate Policies
    initCertificatePolicies(extnIds, extensionsType);
    // ExtendedKeyUsage
    initExtendedKeyUsage(extnIds, extensionsType);
    // Inhibit anyPolicy
    initInhibitAnyPolicy(extnIds, extensionsType);
    // KeyUsage
    initKeyUsage(extnIds, extensionsType);
    // Name Constrains
    initNameConstraints(extnIds, extensionsType);
    // Policy Constraints
    initPolicyConstraints(extnIds, extensionsType);
    // Policy Mappings
    initPolicyMappings(extnIds, extensionsType);
    // PrivateKeyUsagePeriod
    initPrivateKeyUsagePeriod(extnIds, extensionsType);
    // QCStatements
    initQcStatements(extnIds, extensionsType);
    // Restriction
    initRestriction(extnIds, extensionsType);
    // SMIMECapatibilities
    initSmimeCapabilities(extnIds, extensionsType);
    // SubjectAltNameMode
    initSubjectAlternativeName(extnIds, extensionsType);
    // SubjectInfoAccess
    initSubjectInfoAccess(extnIds, extensionsType);
    // TlsFeature
    initTlsFeature(extnIds, extensionsType);
    // validityModel
    initValidityModel(extnIds, extensionsType);
    // SubjectDirectoryAttributes
    initSubjectDirAttrs(extnIds, extensionsType);
    // constant extensions
    this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType);
    if (this.constantExtensions != null) {
        extnIds.removeAll(this.constantExtensions.keySet());
    }
    // validate the configuration
    if (subjectToSubjectAltNameModes != null) {
        ASN1ObjectIdentifier type = Extension.subjectAlternativeName;
        if (!extensionControls.containsKey(type)) {
            throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension" + " subjectAltNames is not permitted");
        }
        if (subjectAltNameModes != null) {
            for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
                GeneralNameTag nameTag = subjectToSubjectAltNameModes.get(attrType);
                boolean allowed = false;
                for (GeneralNameMode m : subjectAltNameModes) {
                    if (m.getTag() == nameTag) {
                        allowed = true;
                        break;
                    }
                }
                if (!allowed) {
                    throw new CertprofileException("target SubjectAltName type " + nameTag + " is not allowed");
                }
            }
        }
    }
    // Remove the extension processed not be the CertProfile, but by the CA
    extnIds.remove(Extension.issuerAlternativeName);
    extnIds.remove(Extension.authorityInfoAccess);
    extnIds.remove(Extension.cRLDistributionPoints);
    extnIds.remove(Extension.freshestCRL);
    extnIds.remove(Extension.subjectKeyIdentifier);
    extnIds.remove(Extension.subjectInfoAccess);
    extnIds.remove(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck);
    Set<ASN1ObjectIdentifier> copyOfExtnIds = new HashSet<>(extnIds);
    for (ASN1ObjectIdentifier extnId : copyOfExtnIds) {
        Object extnValue = getExtensionValue(extnId, extensionsType, Object.class);
        boolean processed = initExtraExtension(extnId, extensionControls.get(extnId), extnValue);
        if (processed) {
            extnIds.remove(extnId);
        }
    }
    if (!extnIds.isEmpty()) {
        throw new CertprofileException("Cannot process the extensions: " + extnIds);
    }
}
Also used : NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType) HashMap(java.util.HashMap) DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType) StringType(org.xipki.ca.api.profile.StringType) ArrayList(java.util.ArrayList) KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RdnControl(org.xipki.ca.api.profile.RdnControl) CertprofileException(org.xipki.ca.api.profile.CertprofileException) SubjectControl(org.xipki.ca.api.profile.x509.SubjectControl) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) HashSet(java.util.HashSet) Pattern(java.util.regex.Pattern) GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode) Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters) GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag) Range(org.xipki.ca.api.profile.Range) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) LinkedList(java.util.LinkedList) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 9 with AuthorityInfoAccess

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess in project xipki by xipki.

the class ProfileConfCreatorDemo method createAuthorityInfoAccess.

private static ExtensionValueType createAuthorityInfoAccess() {
    AuthorityInfoAccess extnValue = new AuthorityInfoAccess();
    extnValue.setIncludeCaIssuers(true);
    extnValue.setIncludeOcsp(true);
    return createExtensionValueType(extnValue);
}
Also used : AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)

Example 10 with AuthorityInfoAccess

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileEeComplex.

// method certprofileEeComplex
private static X509ProfileType certprofileEeComplex() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ee-complex", X509CertLevel.EndEntity, "5y", true);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    subject.setKeepRdnOrder(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    // Extensions - controls
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, false, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    // Extension - subjectDirectoryAttributes
    SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
    List<OidWithDescType> attrTypes = subjectDirAttrType.getType();
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH));
    extensionValue = createExtensionValueType(subjectDirAttrType);
    list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue));
    // Extension - Admission
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
    AdmissionsType admissions = new AdmissionsType();
    admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
    NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
    namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL2.setUrl("http://naming-authority-level2.example.org");
    namingAuthorityL2.setText("namingAuthrityText level 2");
    admissions.setNamingAuthority(namingAuthorityL2);
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfo().add(pi);
    pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
    pi.getProfessionItem().add("demo item");
    NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
    namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL3.setUrl("http://naming-authority-level3.example.org");
    namingAuthorityL3.setText("namingAuthrityText level 3");
    pi.setNamingAuthority(namingAuthorityL3);
    pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
    RegistrationNumber regNum = new RegistrationNumber();
    pi.setRegistrationNumber(regNum);
    regNum.setRegex("a*b");
    // check the syntax
    XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
    extensionValue = createExtensionValueType(admissionSyntax);
    list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
    // restriction
    extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction");
    list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue));
    // additionalInformation
    extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information");
    list.add(createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue));
    // validationModel
    extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain");
    list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue));
    // privateKeyUsagePeriod
    extensionValue = createPrivateKeyUsagePeriod("3y");
    list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue));
    // QcStatements
    extensionValue = createQcStatements(true);
    list.add(createExtension(Extension.qCStatements, true, false, extensionValue));
    // biometricInfo
    extensionValue = createBiometricInfo();
    list.add(createExtension(Extension.biometricInfo, true, false, extensionValue));
    // authorizationTemplate
    extensionValue = createAuthorizationTemplate();
    list.add(createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue));
    // SubjectAltName
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    OtherName otherName = new OtherName();
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
    subjectAltNameMode.setOtherName(otherName);
    subjectAltNameMode.setRfc822Name("");
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setDirectoryName("");
    subjectAltNameMode.setEdiPartyName("");
    subjectAltNameMode.setUniformResourceIdentifier("");
    subjectAltNameMode.setIpAddress("");
    subjectAltNameMode.setRegisteredID("");
    extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // SubjectInfoAccess
    List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
    accessMethods.add(ObjectIdentifiers.id_ad_caRepository);
    for (int i = 0; i < 10; i++) {
        accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
    }
    SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
    for (ASN1ObjectIdentifier accessMethod : accessMethods) {
        SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
        subjectInfoAccessMode.getAccess().add(access);
        access.setAccessMethod(createOidType(accessMethod));
        GeneralNameType accessLocation = new GeneralNameType();
        access.setAccessLocation(accessLocation);
        otherName = new OtherName();
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
        accessLocation.setOtherName(otherName);
        accessLocation.setRfc822Name("");
        accessLocation.setDnsName("");
        accessLocation.setDirectoryName("");
        accessLocation.setEdiPartyName("");
        accessLocation.setUniformResourceIdentifier("");
        accessLocation.setIpAddress("");
        accessLocation.setRegisteredID("");
    }
    extensionValue = createExtensionValueType(subjectInfoAccessMode);
    list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
    return profile;
}
Also used : OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType) AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType) RegistrationNumber(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType.RegistrationNumber) GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType) OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName) SubjectDirectoryAttributs(org.xipki.ca.certprofile.x509.jaxb.SubjectDirectoryAttributs) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) LinkedList(java.util.LinkedList) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) AdmissionSyntax(org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) NamingAuthorityType(org.xipki.ca.certprofile.x509.jaxb.NamingAuthorityType)

Aggregations

ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)17 RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)17 Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)17 ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)16 ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)16 KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)16 X509ProfileType (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)16 TlsExtensionType (org.xipki.security.TlsExtensionType)16 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 AuthorityInfoAccess (org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)4 SubjectAltName (org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)4 LinkedList (java.util.LinkedList)2 AdmissionSyntax (org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax)2 AdmissionsType (org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)2 GeneralNameType (org.xipki.ca.certprofile.x509.jaxb.GeneralNameType)2 OtherName (org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName)2 NameValueType (org.xipki.ca.certprofile.x509.jaxb.NameValueType)2 ProfessionInfoType (org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType)2 SubjectInfoAccess (org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess)2 SubjectToSubjectAltNameType (org.xipki.ca.certprofile.x509.jaxb.SubjectToSubjectAltNameType)2