Search in sources :

Example 1 with CertificatePolicyInformationType

use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.

the class ProfileConfCreatorDemo method createCertificatePolicies.

private static ExtensionValueType createCertificatePolicies(ASN1ObjectIdentifier... policyOids) {
    if (policyOids == null || policyOids.length == 0) {
        return null;
    }
    CertificatePolicies extValue = new CertificatePolicies();
    List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformation();
    for (ASN1ObjectIdentifier oid : policyOids) {
        CertificatePolicyInformationType single = new CertificatePolicyInformationType();
        pis.add(single);
        single.setPolicyIdentifier(createOidType(oid));
    }
    return createExtensionValueType(extValue);
}
Also used : CertificatePolicyInformationType(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType) CertificatePolicies(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with CertificatePolicyInformationType

use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileGsmcK.

// method certprofileTlsWithIncSerial
private static X509ProfileType certprofileGsmcK() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile gsmc-k", X509CertLevel.EndEntity, "5y", false);
    // SpecialBehavior
    profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name());
    // Maximal life time
    Parameters profileParams = new Parameters();
    profile.setParameters(profileParams);
    NameValueType nv = new NameValueType();
    nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME);
    nv.setValue(Integer.toString(20 * 365));
    profileParams.getParameter().add(nv);
    // Subject
    Subject subject = profile.getSubject();
    subject.setDuplicateSubjectPermitted(true);
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1));
    // regex: ICCSN-yyyyMMdd
    String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])";
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    // Extensions - Policy
    CertificatePolicies policies = new CertificatePolicies();
    ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") };
    for (ASN1ObjectIdentifier id : policyIds) {
        CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType();
        policies.getCertificatePolicyInformation().add(policyInfo);
        policyInfo.setPolicyIdentifier(createOidType(id));
    }
    extensionValue = createExtensionValueType(policies);
    list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
    // Extension - Admission
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    AdmissionsType admissions = new AdmissionsType();
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfo().add(pi);
    pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103")));
    pi.getProfessionItem().add("Anwendungskonnektor");
    extensionValue = createExtensionValueType(admissionSyntax);
    // check the syntax
    XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
    list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
    // SubjectAltNames
    extensionValue = null;
    list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue));
    return profile;
}
Also used : DSAParameters(org.xipki.ca.certprofile.x509.jaxb.DSAParameters) RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters) ECParameters(org.xipki.ca.certprofile.x509.jaxb.ECParameters) Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters) NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) AdmissionsType(org.xipki.ca.certprofile.x509.jaxb.AdmissionsType) CertificatePolicyInformationType(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType) CertificatePolicies(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies) AdmissionSyntax(org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) ProfessionInfoType(org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 3 with CertificatePolicyInformationType

use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.

the class XmlX509CertprofileUtil method buildCertificatePolicies.

// method parse
public static List<CertificatePolicyInformation> buildCertificatePolicies(CertificatePolicies type) {
    List<CertificatePolicyInformationType> policyPairs = type.getCertificatePolicyInformation();
    List<CertificatePolicyInformation> policies = new ArrayList<CertificatePolicyInformation>(policyPairs.size());
    for (CertificatePolicyInformationType policyPair : policyPairs) {
        List<CertificatePolicyQualifier> qualifiers = null;
        PolicyQualifiers policyQualifiers = policyPair.getPolicyQualifiers();
        if (policyQualifiers != null) {
            List<JAXBElement<String>> cpsUriOrUserNotice = policyQualifiers.getCpsUriOrUserNotice();
            qualifiers = new ArrayList<CertificatePolicyQualifier>(cpsUriOrUserNotice.size());
            for (JAXBElement<String> element : cpsUriOrUserNotice) {
                String elementValue = element.getValue();
                CertificatePolicyQualifier qualifier = null;
                String elementName = element.getName().getLocalPart();
                qualifier = "cpsUri".equals(elementName) ? CertificatePolicyQualifier.getInstanceForCpsUri(elementValue) : CertificatePolicyQualifier.getInstanceForUserNotice(elementValue);
                qualifiers.add(qualifier);
            }
        }
        CertificatePolicyInformation cpi = new CertificatePolicyInformation(policyPair.getPolicyIdentifier().getValue(), qualifiers);
        policies.add(cpi);
    }
    return policies;
}
Also used : ArrayList(java.util.ArrayList) JAXBElement(javax.xml.bind.JAXBElement) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) CertificatePolicyQualifier(org.xipki.ca.api.profile.x509.CertificatePolicyQualifier) CertificatePolicyInformationType(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType) CertificatePolicyInformation(org.xipki.ca.api.profile.x509.CertificatePolicyInformation) PolicyQualifiers(org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType.PolicyQualifiers)

Aggregations

CertificatePolicyInformationType (org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType)3 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2 CertificatePolicies (org.xipki.ca.certprofile.x509.jaxb.CertificatePolicies)2 ArrayList (java.util.ArrayList)1 JAXBElement (javax.xml.bind.JAXBElement)1 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 CertificatePolicyInformation (org.xipki.ca.api.profile.x509.CertificatePolicyInformation)1 CertificatePolicyQualifier (org.xipki.ca.api.profile.x509.CertificatePolicyQualifier)1 AdmissionSyntax (org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax)1 AdmissionsType (org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)1 PolicyQualifiers (org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType.PolicyQualifiers)1 DSAParameters (org.xipki.ca.certprofile.x509.jaxb.DSAParameters)1 ECParameters (org.xipki.ca.certprofile.x509.jaxb.ECParameters)1 ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)1 ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)1 ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)1 KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)1 NameValueType (org.xipki.ca.certprofile.x509.jaxb.NameValueType)1 ProfessionInfoType (org.xipki.ca.certprofile.x509.jaxb.ProfessionInfoType)1 RSAParameters (org.xipki.ca.certprofile.x509.jaxb.RSAParameters)1