Examples with ExtensionType org.xipki.ca.certprofile.x509.jaxb.ExtensionType used on opensource projects

Search in sources :

Example 6 with ExtensionType

use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileTlsC.

// method certprofileTls
private static X509ProfileType certprofileTlsC() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile tls-c", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }, null);
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 7 with ExtensionType

use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileOcsp.

// method certprofileSubCaComplex
private static X509ProfileType certprofileOcsp() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ocsp", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(true);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null);
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 8 with ExtensionType

use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileMaxTime.

// method certprofileEeComplex
private static X509ProfileType certprofileMaxTime() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile max-time", X509CertLevel.EndEntity, "9999y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setDuplicateSubjectPermitted(false);
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 9 with ExtensionType

use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.

the class XmlX509Certprofile method initTlsFeature.

private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
    ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
    if (extConf == null) {
        return;
    }
    List<Integer> features = new ArrayList<>(extConf.getFeature().size());
    for (IntWithDescType m : extConf.getFeature()) {
        int value = m.getValue();
        if (value < 0 || value > 65535) {
            throw new CertprofileException("invalid TLS feature (extensionType) " + value);
        }
        features.add(value);
    }
    Collections.sort(features);
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (Integer m : features) {
        vec.add(new ASN1Integer(m));
    }
    ASN1Encodable extValue = new DERSequence(vec);
    tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used : TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature) ArrayList(java.util.ArrayList) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) DERSequence(org.bouncycastle.asn1.DERSequence) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 10 with ExtensionType

use of org.xipki.ca.certprofile.x509.jaxb.ExtensionType in project xipki by xipki.

the class ExtensionsChecker method buildConstantExtesions.

// method getExtensionValue
public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
    if (extensionsType == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
    for (ExtensionType m : extensionsType.getExtension()) {
        if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
            continue;
        }
        ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
        byte[] encodedValue = extConf.getValue();
        ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
        try {
            parser.readObject();
        } catch (IOException ex) {
            throw new CertprofileException("could not parse the constant extension value", ex);
        }
        QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
        map.put(oid, extension);
    }
    if (CollectionUtil.isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : QaExtensionValue(org.xipki.ca.qa.internal.QaExtensionValue) HashMap(java.util.HashMap) CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) IOException(java.io.IOException) ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)

Aggregations

ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)21 TlsExtensionType (org.xipki.security.TlsExtensionType)17 ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)16 ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)16 KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)16 RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)16 X509ProfileType (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)16 Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)16 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14 CertprofileException (org.xipki.ca.api.profile.CertprofileException)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 SubjectAltName (org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)4 ASN1StreamParser (org.bouncycastle.asn1.ASN1StreamParser)3 ConstantExtValue (org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue)3 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2 ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)2 AdmissionSyntax (org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax)2 AdmissionsType (org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)2 AuthorityInfoAccess (org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial