use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createRestriction.
private static ExtensionValueType createRestriction(DirectoryStringType type, String text) {
Restriction extValue = new Restriction();
extValue.setType(type);
extValue.setText(text);
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createBiometricInfo.
// method createQcStatements
private static ExtensionValueType createBiometricInfo() {
BiometricInfo extValue = new BiometricInfo();
// type
// predefined image (0)
BiometricTypeType type = new BiometricTypeType();
extValue.getType().add(type);
IntWithDescType predefined = new IntWithDescType();
predefined.setValue(0);
predefined.setDescription("image");
type.setPredefined(predefined);
// predefined handwritten-signature(1)
type = new BiometricTypeType();
predefined = new IntWithDescType();
predefined.setValue(1);
predefined.setDescription("handwritten-signature");
type.setPredefined(predefined);
extValue.getType().add(type);
// OID
type = new BiometricTypeType();
type.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5.6"), "dummy biometric type"));
extValue.getType().add(type);
// hash algorithm
HashAlgo[] hashAlgos = new HashAlgo[] { HashAlgo.SHA256, HashAlgo.SHA384 };
for (HashAlgo hashAlgo : hashAlgos) {
extValue.getHashAlgorithm().add(createOidType(hashAlgo.getOid(), hashAlgo.getName()));
}
extValue.setIncludeSourceDataUri(TripleState.REQUIRED);
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createExtension.
private static ExtensionType createExtension(ASN1ObjectIdentifier type, boolean required, boolean critical, ExtensionValueType extValue, String description) {
ExtensionType ret = new ExtensionType();
// attributes
ret.setRequired(required);
ret.setPermittedInRequest(REQUEST_EXTENSIONS.contains(type));
// children
ret.setType(createOidType(type, description));
ret.setCritical(critical);
ret.setValue(extValue);
return ret;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileTlsWithIncSerial.
// method certprofileTlsC
private static X509ProfileType certprofileTlsWithIncSerial() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile tls-inc-sn " + "(serial number will be added automatically)", X509CertLevel.EndEntity, "5y", false);
profile.setDuplicateKey(true);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(true);
subject.setIncSerialNumber(true);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
// Extensions
// Extensions - general
ExtensionsType extensions = profile.getExtensions();
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileTlsC.
// method certprofileTls
private static X509ProfileType certprofileTlsC() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile tls-c", X509CertLevel.EndEntity, "5y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }, null);
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
return profile;
}
Aggregations