use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.
the class ProfileConfCreatorDemo method createCertificatePolicies.
private static ExtensionValueType createCertificatePolicies(ASN1ObjectIdentifier... policyOids) {
if (policyOids == null || policyOids.length == 0) {
return null;
}
CertificatePolicies extValue = new CertificatePolicies();
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformation();
for (ASN1ObjectIdentifier oid : policyOids) {
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(oid));
}
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileGsmcK.
// method certprofileTlsWithIncSerial
private static X509ProfileType certprofileGsmcK() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile gsmc-k", X509CertLevel.EndEntity, "5y", false);
// SpecialBehavior
profile.setSpecialBehavior(SpecialX509CertprofileBehavior.gematik_gSMC_K.name());
// Maximal life time
Parameters profileParams = new Parameters();
profile.setParameters(profileParams);
NameValueType nv = new NameValueType();
nv.setName(SpecialX509CertprofileBehavior.PARAMETER_MAXLIFTIME);
nv.setValue(Integer.toString(20 * 365));
profileParams.getParameter().add(nv);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_ST, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_L, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_CODE, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_STREET, 0, 1));
// regex: ICCSN-yyyyMMdd
String regex = "80276[\\d]{15,15}-20\\d\\d(0[1-9]|1[012])(0[1-9]|[12][0-9]|3[01])";
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { regex }, null, null));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
// Extensions - Policy
CertificatePolicies policies = new CertificatePolicies();
ASN1ObjectIdentifier[] policyIds = new ASN1ObjectIdentifier[] { ID_GEMATIK.branch("79"), ID_GEMATIK.branch("163") };
for (ASN1ObjectIdentifier id : policyIds) {
CertificatePolicyInformationType policyInfo = new CertificatePolicyInformationType();
policies.getCertificatePolicyInformation().add(policyInfo);
policyInfo.setPolicyIdentifier(createOidType(id));
}
extensionValue = createExtensionValueType(policies);
list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
// Extension - Admission
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
AdmissionsType admissions = new AdmissionsType();
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfo().add(pi);
pi.getProfessionOid().add(createOidType(ID_GEMATIK.branch("103")));
pi.getProfessionItem().add("Anwendungskonnektor");
extensionValue = createExtensionValueType(admissionSyntax);
// check the syntax
XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
// SubjectAltNames
extensionValue = null;
list.add(createExtension(Extension.subjectAlternativeName, false, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.CertificatePolicyInformationType in project xipki by xipki.
the class XmlX509CertprofileUtil method buildCertificatePolicies.
// method parse
public static List<CertificatePolicyInformation> buildCertificatePolicies(CertificatePolicies type) {
List<CertificatePolicyInformationType> policyPairs = type.getCertificatePolicyInformation();
List<CertificatePolicyInformation> policies = new ArrayList<CertificatePolicyInformation>(policyPairs.size());
for (CertificatePolicyInformationType policyPair : policyPairs) {
List<CertificatePolicyQualifier> qualifiers = null;
PolicyQualifiers policyQualifiers = policyPair.getPolicyQualifiers();
if (policyQualifiers != null) {
List<JAXBElement<String>> cpsUriOrUserNotice = policyQualifiers.getCpsUriOrUserNotice();
qualifiers = new ArrayList<CertificatePolicyQualifier>(cpsUriOrUserNotice.size());
for (JAXBElement<String> element : cpsUriOrUserNotice) {
String elementValue = element.getValue();
CertificatePolicyQualifier qualifier = null;
String elementName = element.getName().getLocalPart();
qualifier = "cpsUri".equals(elementName) ? CertificatePolicyQualifier.getInstanceForCpsUri(elementValue) : CertificatePolicyQualifier.getInstanceForUserNotice(elementValue);
qualifiers.add(qualifier);
}
}
CertificatePolicyInformation cpi = new CertificatePolicyInformation(policyPair.getPolicyIdentifier().getValue(), qualifiers);
policies.add(cpi);
}
return policies;
}
Aggregations