Example 1 with KeyAlgorithms
use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms in project xipki by xipki.
the class ProfileConfCreatorDemo method createKeyAlgorithms.
// method getBaseProfile
private static KeyAlgorithms createKeyAlgorithms(ASN1ObjectIdentifier[] curveIds) {
KeyAlgorithms ret = new KeyAlgorithms();
List<AlgorithmType> list = ret.getAlgorithm();
// RSA
AlgorithmType algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(PKCSObjectIdentifiers.rsaEncryption, "RSA"));
RSAParameters rsaParams = new RSAParameters();
algorithm.setParameters(createKeyParametersType(rsaParams));
RangesType ranges = new RangesType();
rsaParams.setModulusLength(ranges);
List<RangeType> modulusLengths = ranges.getRange();
modulusLengths.add(createRange(1024));
modulusLengths.add(createRange(2048));
modulusLengths.add(createRange(3072));
modulusLengths.add(createRange(4096));
// DSA
algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
DSAParameters dsaParams = new DSAParameters();
algorithm.setParameters(createKeyParametersType(dsaParams));
ranges = new RangesType();
dsaParams.setPLength(ranges);
List<RangeType> plengths = ranges.getRange();
plengths.add(createRange(1024));
plengths.add(createRange(2048));
plengths.add(createRange(3072));
ranges = new RangesType();
dsaParams.setQLength(ranges);
List<RangeType> qlengths = ranges.getRange();
qlengths.add(createRange(160));
qlengths.add(createRange(224));
qlengths.add(createRange(256));
// EC
algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
ECParameters ecParams = new ECParameters();
algorithm.setParameters(createKeyParametersType(ecParams));
if (curveIds != null && curveIds.length > 0) {
Curves curves = new Curves();
ecParams.setCurves(curves);
for (ASN1ObjectIdentifier curveId : curveIds) {
String name = AlgorithmUtil.getCurveName(curveId);
curves.getCurve().add(createOidType(curveId, name));
}
}
ecParams.setPointEncodings(new PointEncodings());
final Byte unpressed = 4;
ecParams.getPointEncodings().getPointEncoding().add(unpressed);
return ret;
}
Also used :
RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters)
KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms)
ECParameters(org.xipki.ca.certprofile.x509.jaxb.ECParameters)
PointEncodings(org.xipki.ca.certprofile.x509.jaxb.ECParameters.PointEncodings)
RangeType(org.xipki.ca.certprofile.x509.jaxb.RangeType)
AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)
RangesType(org.xipki.ca.certprofile.x509.jaxb.RangesType)
DSAParameters(org.xipki.ca.certprofile.x509.jaxb.DSAParameters)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Curves(org.xipki.ca.certprofile.x509.jaxb.ECParameters.Curves)
Example 2 with KeyAlgorithms
use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms in project xipki by xipki.
the class ProfileConfCreatorDemo method createRSAKeyAlgorithms.
// method createKeyAlgorithms
// CHECKSTYLE:SKIP
private static KeyAlgorithms createRSAKeyAlgorithms() {
KeyAlgorithms ret = new KeyAlgorithms();
List<AlgorithmType> list = ret.getAlgorithm();
AlgorithmType algorithm = new AlgorithmType();
list.add(algorithm);
algorithm.getAlgorithm().add(createOidType(PKCSObjectIdentifiers.rsaEncryption, "RSA"));
RSAParameters params = new RSAParameters();
algorithm.setParameters(createKeyParametersType(params));
RangesType ranges = new RangesType();
params.setModulusLength(ranges);
List<RangeType> modulusLengths = ranges.getRange();
modulusLengths.add(createRange(2048));
modulusLengths.add(createRange(3072));
modulusLengths.add(createRange(4096));
return ret;
}
Also used :
RSAParameters(org.xipki.ca.certprofile.x509.jaxb.RSAParameters)
RangeType(org.xipki.ca.certprofile.x509.jaxb.RangeType)
AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)
KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms)
RangesType(org.xipki.ca.certprofile.x509.jaxb.RangesType)
Example 3 with KeyAlgorithms
use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms in project xipki by xipki.
the class XmlX509CertprofileUtil method buildKeyAlgorithms.
public static Map<ASN1ObjectIdentifier, KeyParametersOption> buildKeyAlgorithms(KeyAlgorithms keyAlgos) throws CertprofileException {
ParamUtil.requireNonNull("keyAlgos", keyAlgos);
Map<ASN1ObjectIdentifier, KeyParametersOption> keyAlgorithms = new HashMap<>();
for (AlgorithmType type : keyAlgos.getAlgorithm()) {
List<OidWithDescType> algIds = type.getAlgorithm();
List<ASN1ObjectIdentifier> oids = new ArrayList<>(algIds.size());
for (OidWithDescType algId : algIds) {
ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(algId.getValue());
if (keyAlgorithms.containsKey(oid)) {
throw new CertprofileException("duplicate definition of keyAlgorithm " + oid.getId());
}
oids.add(oid);
}
KeyParametersOption keyParamsOption = convertKeyParametersOption(type);
for (ASN1ObjectIdentifier oid : oids) {
keyAlgorithms.put(oid, keyParamsOption);
}
}
return CollectionUtil.unmodifiableMap(keyAlgorithms);
}
Also used :
OidWithDescType(org.xipki.ca.certprofile.x509.jaxb.OidWithDescType)
AlgorithmType(org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)
KeyParametersOption(org.xipki.ca.api.profile.KeyParametersOption)
HashMap(java.util.HashMap)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
ArrayList(java.util.ArrayList)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 4 with KeyAlgorithms
use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms in project xipki by xipki.
the class XmlX509Certprofile method initialize0.
// method initialize
private void initialize0(X509ProfileType conf) throws CertprofileException {
if (conf.getVersion() != null) {
String versionText = conf.getVersion();
this.version = X509CertVersion.forName(versionText);
if (this.version == null) {
throw new CertprofileException(String.format("invalid version '%s'", versionText));
}
} else {
this.version = X509CertVersion.v3;
}
if (conf.getSignatureAlgorithms() != null) {
List<String> algoNames = conf.getSignatureAlgorithms().getAlgorithm();
List<String> list = new ArrayList<>(algoNames.size());
for (String algoName : algoNames) {
try {
list.add(AlgorithmUtil.canonicalizeSignatureAlgo(algoName));
} catch (NoSuchAlgorithmException ex) {
throw new CertprofileException(ex.getMessage(), ex);
}
}
this.signatureAlgorithms = Collections.unmodifiableList(list);
}
this.raOnly = conf.isRaOnly();
this.maxSize = conf.getMaxSize();
this.validity = CertValidity.getInstance(conf.getValidity());
String str = conf.getCertLevel();
if ("RootCA".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.RootCA;
} else if ("SubCA".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.SubCA;
} else if ("EndEntity".equalsIgnoreCase(str)) {
this.certLevel = X509CertLevel.EndEntity;
} else {
throw new CertprofileException("invalid CertLevel '" + str + "'");
}
str = conf.getNotBeforeTime();
if ("midnight".equalsIgnoreCase(str)) {
this.notBeforeMidnight = true;
} else if ("current".equalsIgnoreCase(str)) {
this.notBeforeMidnight = false;
} else {
throw new CertprofileException("invalid notBefore '" + str + "'");
}
String specBehavior = conf.getSpecialBehavior();
if (specBehavior != null) {
this.specialBehavior = SpecialX509CertprofileBehavior.forName(specBehavior);
}
this.duplicateKeyPermitted = conf.isDuplicateKey();
this.serialNumberInReqPermitted = conf.isSerialNumberInReq();
// KeyAlgorithms
KeyAlgorithms keyAlgos = conf.getKeyAlgorithms();
if (keyAlgos != null) {
this.keyAlgorithms = XmlX509CertprofileUtil.buildKeyAlgorithms(keyAlgos);
}
// parameters
Parameters confParams = conf.getParameters();
if (confParams == null) {
parameters = null;
} else {
Map<String, String> tmpMap = new HashMap<>();
for (NameValueType nv : confParams.getParameter()) {
tmpMap.put(nv.getName(), nv.getValue());
}
parameters = Collections.unmodifiableMap(tmpMap);
}
// Subject
Subject subject = conf.getSubject();
duplicateSubjectPermitted = subject.isDuplicateSubjectPermitted();
List<RdnControl> subjectDnControls = new LinkedList<>();
for (RdnType rdn : subject.getRdn()) {
ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getValue());
List<Pattern> patterns = null;
if (CollectionUtil.isNonEmpty(rdn.getRegex())) {
patterns = new LinkedList<>();
for (String regex : rdn.getRegex()) {
Pattern pattern = Pattern.compile(regex);
patterns.add(pattern);
}
}
if (patterns == null) {
Pattern pattern = SubjectDnSpec.getPattern(type);
if (pattern != null) {
patterns = Arrays.asList(pattern);
}
}
Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null;
RdnControl rdnControl = new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs());
subjectDnControls.add(rdnControl);
StringType stringType = XmlX509CertprofileUtil.convertStringType(rdn.getStringType());
rdnControl.setStringType(stringType);
rdnControl.setStringLengthRange(range);
rdnControl.setPatterns(patterns);
rdnControl.setPrefix(rdn.getPrefix());
rdnControl.setSuffix(rdn.getSuffix());
rdnControl.setGroup(rdn.getGroup());
SubjectDnSpec.fixRdnControl(rdnControl);
}
this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder());
this.incSerialNoIfSubjectExists = subject.isIncSerialNumber();
// Extensions
ExtensionsType extensionsType = conf.getExtensions();
// Extension controls
this.extensionControls = XmlX509CertprofileUtil.buildExtensionControls(extensionsType);
Set<ASN1ObjectIdentifier> extnIds = new HashSet<>(this.extensionControls.keySet());
// SubjectToSubjectAltName
initSubjectToSubjectAltNames(extensionsType);
// AdditionalInformation
initAdditionalInformation(extnIds, extensionsType);
// Admission
initAdmission(extnIds, extensionsType);
// AuthorityInfoAccess
initAuthorityInfoAccess(extnIds, extensionsType);
// AuthorityKeyIdentifier
initAuthorityKeyIdentifier(extnIds, extensionsType);
// AuthorizationTemplate
initAuthorizationTemplate(extnIds, extensionsType);
// BasicConstrains
initBasicConstraints(extnIds, extensionsType);
// BiometricInfo
initBiometricInfo(extnIds, extensionsType);
// Certificate Policies
initCertificatePolicies(extnIds, extensionsType);
// ExtendedKeyUsage
initExtendedKeyUsage(extnIds, extensionsType);
// Inhibit anyPolicy
initInhibitAnyPolicy(extnIds, extensionsType);
// KeyUsage
initKeyUsage(extnIds, extensionsType);
// Name Constrains
initNameConstraints(extnIds, extensionsType);
// Policy Constraints
initPolicyConstraints(extnIds, extensionsType);
// Policy Mappings
initPolicyMappings(extnIds, extensionsType);
// PrivateKeyUsagePeriod
initPrivateKeyUsagePeriod(extnIds, extensionsType);
// QCStatements
initQcStatements(extnIds, extensionsType);
// Restriction
initRestriction(extnIds, extensionsType);
// SMIMECapatibilities
initSmimeCapabilities(extnIds, extensionsType);
// SubjectAltNameMode
initSubjectAlternativeName(extnIds, extensionsType);
// SubjectInfoAccess
initSubjectInfoAccess(extnIds, extensionsType);
// TlsFeature
initTlsFeature(extnIds, extensionsType);
// validityModel
initValidityModel(extnIds, extensionsType);
// SubjectDirectoryAttributes
initSubjectDirAttrs(extnIds, extensionsType);
// constant extensions
this.constantExtensions = XmlX509CertprofileUtil.buildConstantExtesions(extensionsType);
if (this.constantExtensions != null) {
extnIds.removeAll(this.constantExtensions.keySet());
}
// validate the configuration
if (subjectToSubjectAltNameModes != null) {
ASN1ObjectIdentifier type = Extension.subjectAlternativeName;
if (!extensionControls.containsKey(type)) {
throw new CertprofileException("subjectToSubjectAltNames cannot be configured if extension" + " subjectAltNames is not permitted");
}
if (subjectAltNameModes != null) {
for (ASN1ObjectIdentifier attrType : subjectToSubjectAltNameModes.keySet()) {
GeneralNameTag nameTag = subjectToSubjectAltNameModes.get(attrType);
boolean allowed = false;
for (GeneralNameMode m : subjectAltNameModes) {
if (m.getTag() == nameTag) {
allowed = true;
break;
}
}
if (!allowed) {
throw new CertprofileException("target SubjectAltName type " + nameTag + " is not allowed");
}
}
}
}
// Remove the extension processed not be the CertProfile, but by the CA
extnIds.remove(Extension.issuerAlternativeName);
extnIds.remove(Extension.authorityInfoAccess);
extnIds.remove(Extension.cRLDistributionPoints);
extnIds.remove(Extension.freshestCRL);
extnIds.remove(Extension.subjectKeyIdentifier);
extnIds.remove(Extension.subjectInfoAccess);
extnIds.remove(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck);
Set<ASN1ObjectIdentifier> copyOfExtnIds = new HashSet<>(extnIds);
for (ASN1ObjectIdentifier extnId : copyOfExtnIds) {
Object extnValue = getExtensionValue(extnId, extensionsType, Object.class);
boolean processed = initExtraExtension(extnId, extensionControls.get(extnId), extnValue);
if (processed) {
extnIds.remove(extnId);
}
}
if (!extnIds.isEmpty()) {
throw new CertprofileException("Cannot process the extensions: " + extnIds);
}
}
Also used :
NameValueType(org.xipki.ca.certprofile.x509.jaxb.NameValueType)
HashMap(java.util.HashMap)
DirectoryStringType(org.xipki.ca.api.profile.DirectoryStringType)
StringType(org.xipki.ca.api.profile.StringType)
ArrayList(java.util.ArrayList)
KeyAlgorithms(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RdnControl(org.xipki.ca.api.profile.RdnControl)
CertprofileException(org.xipki.ca.api.profile.CertprofileException)
SubjectControl(org.xipki.ca.api.profile.x509.SubjectControl)
ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)
HashSet(java.util.HashSet)
Pattern(java.util.regex.Pattern)
GeneralNameMode(org.xipki.ca.api.profile.GeneralNameMode)
Parameters(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Parameters)
GeneralNameTag(org.xipki.ca.api.profile.GeneralNameTag)
Range(org.xipki.ca.api.profile.Range)
Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)
LinkedList(java.util.LinkedList)
RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3
AlgorithmType (org.xipki.ca.certprofile.x509.jaxb.AlgorithmType)3
KeyAlgorithms (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.KeyAlgorithms)3
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
CertprofileException (org.xipki.ca.api.profile.CertprofileException)2
RSAParameters (org.xipki.ca.certprofile.x509.jaxb.RSAParameters)2
RangeType (org.xipki.ca.certprofile.x509.jaxb.RangeType)2
RangesType (org.xipki.ca.certprofile.x509.jaxb.RangesType)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
Pattern (java.util.regex.Pattern)1
DERIA5String (org.bouncycastle.asn1.DERIA5String)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1
DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1
DirectoryStringType (org.xipki.ca.api.profile.DirectoryStringType)1
