Example 21 with ExtensionsType
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionsType in project xipki by xipki.
the class XmlX509Certprofile method initTlsFeature.
private void initTlsFeature(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_pe_tlsfeature;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
TlsFeature extConf = (TlsFeature) getExtensionValue(type, extensionsType, TlsFeature.class);
if (extConf == null) {
return;
}
List<Integer> features = new ArrayList<>(extConf.getFeature().size());
for (IntWithDescType m : extConf.getFeature()) {
int value = m.getValue();
if (value < 0 || value > 65535) {
throw new CertprofileException("invalid TLS feature (extensionType) " + value);
}
features.add(value);
}
Collections.sort(features);
ASN1EncodableVector vec = new ASN1EncodableVector();
for (Integer m : features) {
vec.add(new ASN1Integer(m));
}
ASN1Encodable extValue = new DERSequence(vec);
tlsFeature = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used :
TlsFeature(org.xipki.ca.certprofile.x509.jaxb.TlsFeature)
ArrayList(java.util.ArrayList)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
BigInteger(java.math.BigInteger)
DERSequence(org.bouncycastle.asn1.DERSequence)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
IntWithDescType(org.xipki.ca.certprofile.x509.jaxb.IntWithDescType)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 22 with ExtensionsType
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionsType in project xipki by xipki.
the class XmlX509Certprofile method initSmimeCapabilities.
private void initSmimeCapabilities(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = ObjectIdentifiers.id_smimeCapabilities;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
SMIMECapabilities extConf = (SMIMECapabilities) getExtensionValue(type, extensionsType, SMIMECapabilities.class);
if (extConf == null) {
return;
}
List<SMIMECapability> list = extConf.getSMIMECapability();
ASN1EncodableVector vec = new ASN1EncodableVector();
for (SMIMECapability m : list) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getCapabilityID().getValue());
ASN1Encodable params = null;
org.xipki.ca.certprofile.x509.jaxb.SMIMECapability.Parameters capParams = m.getParameters();
if (capParams != null) {
if (capParams.getInteger() != null) {
params = new ASN1Integer(capParams.getInteger());
} else if (capParams.getBase64Binary() != null) {
params = readAsn1Encodable(capParams.getBase64Binary().getValue());
}
}
org.bouncycastle.asn1.smime.SMIMECapability cap = new org.bouncycastle.asn1.smime.SMIMECapability(oid, params);
vec.add(cap);
}
ASN1Encodable extValue = new DERSequence(vec);
smimeCapabilities = new ExtensionValue(extensionControls.get(type).isCritical(), extValue);
}
Also used :
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
DERSequence(org.bouncycastle.asn1.DERSequence)
ExtensionValue(org.xipki.ca.api.profile.ExtensionValue)
SMIMECapabilities(org.xipki.ca.certprofile.x509.jaxb.SMIMECapabilities)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
SMIMECapability(org.xipki.ca.certprofile.x509.jaxb.SMIMECapability)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 23 with ExtensionsType
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionsType in project xipki by xipki.
the class XmlX509Certprofile method initSubjectAlternativeName.
private void initSubjectAlternativeName(Set<ASN1ObjectIdentifier> extnIds, ExtensionsType extensionsType) throws CertprofileException {
ASN1ObjectIdentifier type = Extension.subjectAlternativeName;
if (!extensionControls.containsKey(type)) {
return;
}
extnIds.remove(type);
SubjectAltName extConf = (SubjectAltName) getExtensionValue(type, extensionsType, SubjectAltName.class);
if (extConf == null) {
return;
}
this.subjectAltNameModes = XmlX509CertprofileUtil.buildGeneralNameMode(extConf);
}
Also used :
SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 24 with ExtensionsType
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionsType in project xipki by xipki.
the class ExtensionsChecker method buildConstantExtesions.
// method getExtensionValue
public static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(ExtensionsType extensionsType) throws CertprofileException {
if (extensionsType == null) {
return null;
}
Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
for (ExtensionType m : extensionsType.getExtension()) {
if (m.getValue() == null || !(m.getValue().getAny() instanceof ConstantExtValue)) {
continue;
}
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(m.getType().getValue());
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
ConstantExtValue extConf = (ConstantExtValue) m.getValue().getAny();
byte[] encodedValue = extConf.getValue();
ASN1StreamParser parser = new ASN1StreamParser(encodedValue);
try {
parser.readObject();
} catch (IOException ex) {
throw new CertprofileException("could not parse the constant extension value", ex);
}
QaExtensionValue extension = new QaExtensionValue(m.isCritical(), encodedValue);
map.put(oid, extension);
}
if (CollectionUtil.isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
Also used :
QaExtensionValue(org.xipki.ca.qa.internal.QaExtensionValue)
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType)
IOException(java.io.IOException)
ConstantExtValue(org.xipki.ca.certprofile.x509.jaxb.ConstantExtValue)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
ASN1StreamParser(org.bouncycastle.asn1.ASN1StreamParser)
Example 25 with ExtensionsType
use of org.xipki.ca.certprofile.x509.jaxb.ExtensionsType in project xipki by xipki.
the class ProfileConfCreatorDemo method getBaseProfile.
private static X509ProfileType getBaseProfile(String description, X509CertLevel certLevel, String validity, boolean useMidnightNotBefore) {
X509ProfileType profile = new X509ProfileType();
profile.setAppInfo(createDescription(description));
profile.setCertLevel(certLevel.toString());
profile.setMaxSize(5000);
profile.setVersion(X509CertVersion.v3.name());
profile.setValidity(validity);
profile.setNotBeforeTime(useMidnightNotBefore ? "midnight" : "current");
profile.setDuplicateKey(false);
profile.setSerialNumberInReq(false);
// SignatureAlgorithms
String[] sigHashAlgos = new String[] { "SHA3-512", "SHA3-384", "SHA3-256", "SHA3-224", "SHA512", "SHA384", "SHA256", "SHA1" };
SignatureAlgorithms sigAlgosType = new SignatureAlgorithms();
profile.setSignatureAlgorithms(sigAlgosType);
List<String> algos = sigAlgosType.getAlgorithm();
String[] algoPart2s = new String[] { "withRSA", "withDSA", "withECDSA", "withRSAandMGF1" };
for (String part2 : algoPart2s) {
for (String hashAlgo : sigHashAlgos) {
algos.add(hashAlgo + part2);
}
}
String part2 = "withPlainECDSA";
for (String hashAlgo : sigHashAlgos) {
if (!hashAlgo.startsWith("SHA3-")) {
algos.add(hashAlgo + part2);
}
}
algos.add("SM3withSM2");
// Subject
Subject subject = new Subject();
subject.setDuplicateSubjectPermitted(false);
profile.setSubject(subject);
subject.setKeepRdnOrder(false);
ASN1ObjectIdentifier[] curveIds = (X509CertLevel.EndEntity != certLevel) ? null : new ASN1ObjectIdentifier[] { SECObjectIdentifiers.secp256r1, TeleTrusTObjectIdentifiers.brainpoolP256r1, GMObjectIdentifiers.sm2p256v1 };
// Key
profile.setKeyAlgorithms(createKeyAlgorithms(curveIds));
// Extensions
ExtensionsType extensions = new ExtensionsType();
profile.setExtensions(extensions);
return profile;
}
Also used :
SignatureAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.SignatureAlgorithms)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)39
ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)20
ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)18
Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)18
RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)17
X509ProfileType (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)17
ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)16
KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)16
TlsExtensionType (org.xipki.security.TlsExtensionType)16
ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)13
CertprofileException (org.xipki.ca.api.profile.CertprofileException)9
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)8
IOException (java.io.IOException)5
HashMap (java.util.HashMap)5
DERSequence (org.bouncycastle.asn1.DERSequence)5
SubjectAltName (org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)5
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)4
ASN1StreamParser (org.bouncycastle.asn1.ASN1StreamParser)4
AuthorityInfoAccess (org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess)4
