use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createKeyUsages.
private static ExtensionValueType createKeyUsages(KeyUsageEnum[] requiredUsages, KeyUsageEnum[] optionalUsages) {
KeyUsage extValue = new KeyUsage();
if (requiredUsages != null) {
for (KeyUsageEnum m : requiredUsages) {
UsageType usage = new UsageType();
usage.setValue(m);
usage.setRequired(true);
extValue.getUsage().add(usage);
}
}
if (optionalUsages != null) {
for (KeyUsageEnum m : optionalUsages) {
UsageType usage = new UsageType();
usage.setValue(m);
usage.setRequired(false);
extValue.getUsage().add(usage);
}
}
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createCertificatePolicies.
private static ExtensionValueType createCertificatePolicies(ASN1ObjectIdentifier... policyOids) {
if (policyOids == null || policyOids.length == 0) {
return null;
}
CertificatePolicies extValue = new CertificatePolicies();
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformation();
for (ASN1ObjectIdentifier oid : policyOids) {
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(oid));
}
return createExtensionValueType(extValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createAuthorityInfoAccess.
private static ExtensionValueType createAuthorityInfoAccess() {
AuthorityInfoAccess extnValue = new AuthorityInfoAccess();
extnValue.setIncludeCaIssuers(true);
extnValue.setIncludeOcsp(true);
return createExtensionValueType(extnValue);
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method certprofileEeComplex.
// method certprofileEeComplex
private static X509ProfileType certprofileEeComplex() throws Exception {
X509ProfileType profile = getBaseProfile("certprofile ee-complex", X509CertLevel.EndEntity, "5y", true);
// Subject
Subject subject = profile.getSubject();
subject.setIncSerialNumber(false);
subject.setKeepRdnOrder(true);
List<RdnType> rdnControls = subject.getRdn();
rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
rdnControls.add(createRdn(ObjectIdentifiers.DN_DATE_OF_BIRTH, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_POSTAL_ADDRESS, 0, 1));
rdnControls.add(createRdn(ObjectIdentifiers.DN_UNIQUE_IDENTIFIER, 1, 1));
// Extensions
// Extensions - general
ExtensionsType extensions = profile.getExtensions();
// Extensions - controls
List<ExtensionType> list = extensions.getExtension();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
ExtensionValueType extensionValue = null;
list.add(createExtension(Extension.basicConstraints, true, false, extensionValue));
// Extensions - AuthorityInfoAccess
extensionValue = createAuthorityInfoAccess();
list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
// Extensions - AuthorityKeyIdentifier
extensionValue = createAuthorityKeyIdentifier(true);
list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
// Extensions - keyUsage
extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
// Extensions - extenedKeyUsage
extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
// Extension - subjectDirectoryAttributes
SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
List<OidWithDescType> attrTypes = subjectDirAttrType.getType();
attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_CITIZENSHIP));
attrTypes.add(createOidType(ObjectIdentifiers.DN_COUNTRY_OF_RESIDENCE));
attrTypes.add(createOidType(ObjectIdentifiers.DN_GENDER));
attrTypes.add(createOidType(ObjectIdentifiers.DN_DATE_OF_BIRTH));
attrTypes.add(createOidType(ObjectIdentifiers.DN_PLACE_OF_BIRTH));
extensionValue = createExtensionValueType(subjectDirAttrType);
list.add(createExtension(Extension.subjectDirectoryAttributes, true, false, extensionValue));
// Extension - Admission
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
AdmissionsType admissions = new AdmissionsType();
admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL2.setUrl("http://naming-authority-level2.example.org");
namingAuthorityL2.setText("namingAuthrityText level 2");
admissions.setNamingAuthority(namingAuthorityL2);
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfo().add(pi);
pi.getProfessionOid().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
pi.getProfessionItem().add("demo item");
NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL3.setUrl("http://naming-authority-level3.example.org");
namingAuthorityL3.setText("namingAuthrityText level 3");
pi.setNamingAuthority(namingAuthorityL3);
pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
RegistrationNumber regNum = new RegistrationNumber();
pi.setRegistrationNumber(regNum);
regNum.setRegex("a*b");
// check the syntax
XmlX509CertprofileUtil.buildAdmissionSyntax(false, admissionSyntax);
extensionValue = createExtensionValueType(admissionSyntax);
list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue));
// restriction
extensionValue = createRestriction(DirectoryStringType.UTF_8_STRING, "demo restriction");
list.add(createExtension(ObjectIdentifiers.id_extension_restriction, true, false, extensionValue));
// additionalInformation
extensionValue = createAdditionalInformation(DirectoryStringType.UTF_8_STRING, "demo additional information");
list.add(createExtension(ObjectIdentifiers.id_extension_additionalInformation, true, false, extensionValue));
// validationModel
extensionValue = createConstantExtValue(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1").getEncoded(), "chain");
list.add(createExtension(ObjectIdentifiers.id_extension_validityModel, true, false, extensionValue));
// privateKeyUsagePeriod
extensionValue = createPrivateKeyUsagePeriod("3y");
list.add(createExtension(Extension.privateKeyUsagePeriod, true, false, extensionValue));
// QcStatements
extensionValue = createQcStatements(true);
list.add(createExtension(Extension.qCStatements, true, false, extensionValue));
// biometricInfo
extensionValue = createBiometricInfo();
list.add(createExtension(Extension.biometricInfo, true, false, extensionValue));
// authorizationTemplate
extensionValue = createAuthorizationTemplate();
list.add(createExtension(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, true, false, extensionValue));
// SubjectAltName
SubjectAltName subjectAltNameMode = new SubjectAltName();
OtherName otherName = new OtherName();
otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
subjectAltNameMode.setOtherName(otherName);
subjectAltNameMode.setRfc822Name("");
subjectAltNameMode.setDnsName("");
subjectAltNameMode.setDirectoryName("");
subjectAltNameMode.setEdiPartyName("");
subjectAltNameMode.setUniformResourceIdentifier("");
subjectAltNameMode.setIpAddress("");
subjectAltNameMode.setRegisteredID("");
extensionValue = createExtensionValueType(subjectAltNameMode);
list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
// SubjectInfoAccess
List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
accessMethods.add(ObjectIdentifiers.id_ad_caRepository);
for (int i = 0; i < 10; i++) {
accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
}
SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
for (ASN1ObjectIdentifier accessMethod : accessMethods) {
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccessMode.getAccess().add(access);
access.setAccessMethod(createOidType(accessMethod));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
otherName = new OtherName();
otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.1"), "dummy oid 1"));
otherName.getType().add(createOidType(new ASN1ObjectIdentifier("1.2.3.2"), "dummy oid 2"));
accessLocation.setOtherName(otherName);
accessLocation.setRfc822Name("");
accessLocation.setDnsName("");
accessLocation.setDirectoryName("");
accessLocation.setEdiPartyName("");
accessLocation.setUniformResourceIdentifier("");
accessLocation.setIpAddress("");
accessLocation.setRegisteredID("");
}
extensionValue = createExtensionValueType(subjectInfoAccessMode);
list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
return profile;
}
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType in project xipki by xipki.
the class ProfileConfCreatorDemo method createValidityModel.
@SuppressWarnings("unused")
private static ExtensionValueType createValidityModel(OidWithDescType modelId) {
ValidityModel extValue = new ValidityModel();
extValue.setModelId(modelId);
return createExtensionValueType(extValue);
}
Aggregations