use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileOcsp.
// method certprofileSubCaComplex
private static X509ProfileType certprofileOcsp() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile ocsp", X509CertLevel.EndEntity, "5y", false);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(true);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_organizationIdentifier, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null);
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createBasicConstraints.
private static ExtensionValueType createBasicConstraints(int pathLen) {
BasicConstraints extValue = new BasicConstraints();
extValue.setPathLen(pathLen);
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createExtendedKeyUsage.
private static ExtensionValueType createExtendedKeyUsage(ASN1ObjectIdentifier[] requiredUsages, ASN1ObjectIdentifier[] optionalUsages) {
ExtendedKeyUsage extValue = new ExtendedKeyUsage();
if (requiredUsages != null) {
List<ASN1ObjectIdentifier> oids = Arrays.asList(requiredUsages);
oids = sortOidList(oids);
for (ASN1ObjectIdentifier usage : oids) {
extValue.getUsage().add(createSingleExtKeyUsage(usage, true));
}
}
if (optionalUsages != null) {
List<ASN1ObjectIdentifier> oids = Arrays.asList(optionalUsages);
oids = sortOidList(oids);
for (ASN1ObjectIdentifier usage : oids) {
extValue.getUsage().add(createSingleExtKeyUsage(usage, false));
}
}
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createAuthorityKeyIdentifier.
private static ExtensionValueType createAuthorityKeyIdentifier(boolean includeSerialAndSerial) {
AuthorityKeyIdentifier akiType = new AuthorityKeyIdentifier();
akiType.setIncludeIssuerAndSerial(includeSerialAndSerial);
return createExtensionValueType(akiType);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileMaxTime.
// method certprofileEeComplex
private static X509ProfileType certprofileMaxTime() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile max-time", X509CertLevel.EndEntity, "9999y", false);
// Subject
Subject subject = profile.getSubject();
subject.setDuplicateSubjectPermitted(false);
subject.setIncSerialNumber(false);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
// Extensions
ExtensionsType extensions = profile.getExtensions();
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
return profile;
}
Aggregations