Search in sources :

Example 11 with AuthorityKeyIdentifier

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier in project xipki by xipki.

the class XmlX509Certprofile method initAuthorityKeyIdentifier.

private void initAuthorityKeyIdentifier(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.authorityKeyIdentifier;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    AuthorityKeyIdentifier extConf = (AuthorityKeyIdentifier) getExtensionValue(type, extensionsType, AuthorityKeyIdentifier.class);
    if (extConf == null) {
        return;
    }
    this.includeIssuerAndSerialInAki = extConf.isIncludeIssuerAndSerial();
}
Also used : AuthorityKeyIdentifier(org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 12 with AuthorityKeyIdentifier

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileEeComplex.

// method certprofileEeComplex
private static X509ProfileType certprofileEeComplex() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ee-complex", X509CertLevel.EndEntity, "5y", true);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    subject.setKeepRdnOrder(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    // Extensions - controls
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, false, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    // Extension - subjectDirectoryAttributes
    SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
    List<OidWithDescType> attrTypes = subjectDirAttrType.getType();
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH));
    attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH));
    extensionValue = createExtensionValueType(subjectDirAttrType);
    list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue));
    // Extension - Admission
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
    AdmissionsType admissions = new AdmissionsType();
    admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
    NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
    namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL2.setUrl("http://naming-authority-level2.example.org");
    namingAuthorityL2.setText("namingAuthrityText level 2");
    admissions.setNamingAuthority(namingAuthorityL2);
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfo().add(pi);
    pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
    pi.getProfessionItem().add("demo item");
    NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
    namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL3.setUrl("http://naming-authority-level3.example.org");
    namingAuthorityL3.setText("namingAuthrityText level 3");
    pi.setNamingAuthority(namingAuthorityL3);
    pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
    RegistrationNumber regNum = new RegistrationNumber();
    pi.setRegistrationNumber(regNum);
    regNum.setRegex("a*b");
    // check the syntax
    XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
    extensionValue = createExtensionValueType(admissionSyntax);
    list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
    // restriction
    extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction");
    list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue));
    // additionalInformation
    extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information");
    list.add(createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue));
    // validationModel
    extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain");
    list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue));
    // privateKeyUsagePeriod
    extensionValue = createPrivateKeyUsagePeriod("3y");
    list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue));
    // QcStatements
    extensionValue = createQcStatements(true);
    list.add(createExtension(Extension.qCStatements, true, false, extensionValue));
    // biometricInfo
    extensionValue = createBiometricInfo();
    list.add(createExtension(Extension.biometricInfo, true, false, extensionValue));
    // authorizationTemplate
    extensionValue = createAuthorizationTemplate();
    list.add(createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue));
    // SubjectAltName
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    OtherName otherName = new OtherName();
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
    otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
    subjectAltNameMode.setOtherName(otherName);
    subjectAltNameMode.setRfc822Name("");
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setDirectoryName("");
    subjectAltNameMode.setEdiPartyName("");
    subjectAltNameMode.setUniformResourceIdentifier("");
    subjectAltNameMode.setIpAddress("");
    subjectAltNameMode.setRegisteredID("");
    extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // SubjectInfoAccess
    List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
    accessMethods.add(ObjectIdentifiers.id_ad_caRepository);
    for (int i = 0; i < 10; i++) {
        accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
    }
    SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
    for (ASN1ObjectIdentifier accessMethod : accessMethods) {
        SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
        subjectInfoAccessMode.getAccess().add(access);
        access.setAccessMethod(createOidType(accessMethod));
        GeneralNameType accessLocation = new GeneralNameType();
        access.setAccessLocation(accessLocation);
        otherName = new OtherName();
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
        otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
        accessLocation.setOtherName(otherName);
        accessLocation.setRfc822Name("");
        accessLocation.setDnsName("");
        accessLocation.setDirectoryName("");
        accessLocation.setEdiPartyName("");
        accessLocation.setUniformResourceIdentifier("");
        accessLocation.setIpAddress("");
        accessLocation.setRegisteredID("");
    }
    extensionValue = createExtensionValueType(subjectInfoAccessMode);
    list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
    return profile;
}
Also used : OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType) AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) X500Name(org.bouncycastle.asn1.x500.X500Name) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType) RegistrationNumber(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType.RegistrationNumber) GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType) OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName) SubjectDirectoryAttributs(org.xipki.ca.certprofile.x509.jaxb.SubjectDirectoryAttributs) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) LinkedList(java.util.LinkedList) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) AdmissionSyntax(org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) NamingAuthorityType(org.xipki.ca.certprofile.x509.jaxb.NamingAuthorityType)

Example 13 with AuthorityKeyIdentifier

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileCross.

// method certprofileRootCa
private static X509ProfileType certprofileCross() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile cross", X509CertLevel.SubCA, "10y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(false);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 14 with AuthorityKeyIdentifier

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileScep.

// method certprofileOcsp
private static X509ProfileType certprofileScep() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile scep", X509CertLevel.EndEntity, "5y", false);
    profile.setKeyAlgorithms(createRSAKeyAlgorithms());
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 15 with AuthorityKeyIdentifier

use of org.xipki.ca.certprofile.x509.jaxb.AuthorityKeyIdentifier in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileMultipleOus.

// method certprofileGsmcK
private static X509ProfileType certprofileMultipleOus() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile multiple-ous", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    final String regexOu1 = "[A-Z]{1,1}[\\d]{5,5}";
    final String regexOu2 = "[\\d]{5,5}";
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 2, 2, new String[] { regexOu1, regexOu2 }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Aggregations

ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)16 RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)16 Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)16 ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)15 ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)15 KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)15 X509ProfileType (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)15 TlsExtensionType (org.xipki.security.TlsExtensionType)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)12 LinkedList (java.util.LinkedList)3 SubjectAltName (org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 DERIA5String (org.bouncycastle.asn1.DERIA5String)2 DEROctetString (org.bouncycastle.asn1.DEROctetString)2 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)2 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)2 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)2