Search in sources :

Example 16 with X509ProfileType

use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileRootCa.

// method marshal
private static X509ProfileType certprofileRootCa() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile rootca", X509CertLevel.RootCA, "10y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 17 with X509ProfileType

use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileScep.

// method certprofileOcsp
private static X509ProfileType certprofileScep() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile scep", X509CertLevel.EndEntity, "5y", false);
    profile.setKeyAlgorithms(createRSAKeyAlgorithms());
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 18 with X509ProfileType

use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileMultipleOus.

// method certprofileGsmcK
private static X509ProfileType certprofileMultipleOus() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile multiple-ous", X509CertLevel.EndEntity, "5y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    final String regexOu1 = "[A-Z]{1,1}[\\d]{5,5}";
    final String regexOu2 = "[\\d]{5,5}";
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 2, 2, new String[] { regexOu1, regexOu2 }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    return profile;
}
Also used : ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)

Example 19 with X509ProfileType

use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileTls.

// method certprofileScep
private static X509ProfileType certprofileTls() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile tls", X509CertLevel.EndEntity, "5y", true);
    profile.setDuplicateKey(true);
    // Subject
    Subject subject = profile.getSubject();
    subject.setDuplicateSubjectPermitted(true);
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null));
    // Extensions
    // Extensions - general
    ExtensionsType extensions = profile.getExtensions();
    // SubjectToSubjectAltName
    extensions.setSubjectToSubjectAltNames(new SubjectToSubjectAltNamesType());
    SubjectToSubjectAltNameType s2sType = new SubjectToSubjectAltNameType();
    extensions.getSubjectToSubjectAltNames().getSubjectToSubjectAltName().add(s2sType);
    s2sType.setSource(createOidType(ObjectIdentifiers.DN_CN));
    s2sType.setTarget(new Target());
    s2sType.getTarget().setDnsName("");
    // Extensions - controls
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - SubjectAltNames
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setIpAddress("");
    ExtensionValueType extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // Extensions - basicConstraints
    extensionValue = null;
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(true);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null);
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Extensions - extenedKeyUsage
    extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth });
    list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue));
    // Extensions - tlsFeature
    extensionValue = createTlsFeature(new TlsExtensionType[] { TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL });
    list.add(createExtension(ObjectIdentifiers.id_pe_tlsfeature, true, true, extensionValue));
    // Extensions - SMIMECapabilities
    extensionValue = createSmimeCapabilities();
    list.add(createExtension(ObjectIdentifiers.id_smimeCapabilities, true, false, extensionValue));
    return profile;
}
Also used : TlsExtensionType(org.xipki.security.TlsExtensionType) SubjectToSubjectAltNamesType(org.xipki.ca.certprofile.x509.jaxb.SubjectToSubjectAltNamesType) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) Target(org.xipki.ca.certprofile.x509.jaxb.SubjectToSubjectAltNameType.Target) SubjectToSubjectAltNameType(org.xipki.ca.certprofile.x509.jaxb.SubjectToSubjectAltNameType) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 20 with X509ProfileType

use of org.xipki.ca.certprofile.x509.jaxb.X509ProfileType in project xipki by xipki.

the class ProfileConfCreatorDemo method certprofileSubCaComplex.

// method certprofileSubCa
private static X509ProfileType certprofileSubCaComplex() throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile subca-complex (with most extensions)", X509CertLevel.SubCA, "8y", false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setIncSerialNumber(false);
    List<RdnType> rdnControls = subject.getRdn();
    rdnControls.add(createRdn(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_O, 1, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_OU, 0, 1));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null));
    rdnControls.add(createRdn(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX"));
    // Extensions
    ExtensionsType extensions = profile.getExtensions();
    List<ExtensionType> list = extensions.getExtension();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    ExtensionValueType extensionValue = createBasicConstraints(1);
    list.add(createExtension(Extension.basicConstraints, true, true, extensionValue));
    // Extensions - AuthorityInfoAccess
    extensionValue = createAuthorityInfoAccess();
    list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue));
    // Extensions - AuthorityKeyIdentifier
    extensionValue = createAuthorityKeyIdentifier(false);
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue));
    // Extensions - keyUsage
    extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.CRL_SIGN });
    list.add(createExtension(Extension.keyUsage, true, true, extensionValue));
    // Certificate Policies
    extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1"));
    list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue));
    // Policy Mappings
    PolicyMappings policyMappings = new PolicyMappings();
    policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1")));
    policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2")));
    extensionValue = createExtensionValueType(policyMappings);
    list.add(createExtension(Extension.policyMappings, true, true, extensionValue));
    // Policy Constraints
    PolicyConstraints policyConstraints = createPolicyConstraints(2, 2);
    extensionValue = createExtensionValueType(policyConstraints);
    list.add(createExtension(Extension.policyConstraints, true, true, extensionValue));
    // Name Constrains
    NameConstraints nameConstraints = createNameConstraints();
    extensionValue = createExtensionValueType(nameConstraints);
    list.add(createExtension(Extension.nameConstraints, true, true, extensionValue));
    // Inhibit anyPolicy
    InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1);
    extensionValue = createExtensionValueType(inhibitAnyPolicy);
    list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue));
    // SubjectAltName
    SubjectAltName subjectAltNameMode = new SubjectAltName();
    OtherName otherName = new OtherName();
    otherName.getType().add(createOidType(ObjectIdentifiers.DN_O));
    subjectAltNameMode.setOtherName(otherName);
    subjectAltNameMode.setRfc822Name("");
    subjectAltNameMode.setDnsName("");
    subjectAltNameMode.setDirectoryName("");
    subjectAltNameMode.setEdiPartyName("");
    subjectAltNameMode.setUniformResourceIdentifier("");
    subjectAltNameMode.setIpAddress("");
    subjectAltNameMode.setRegisteredID("");
    extensionValue = createExtensionValueType(subjectAltNameMode);
    list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue));
    // SubjectInfoAccess
    SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess();
    SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
    subjectInfoAccessMode.getAccess().add(access);
    access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository));
    GeneralNameType accessLocation = new GeneralNameType();
    access.setAccessLocation(accessLocation);
    accessLocation.setDirectoryName("");
    accessLocation.setUniformResourceIdentifier("");
    extensionValue = createExtensionValueType(subjectInfoAccessMode);
    list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue));
    // Custom Extension
    ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4");
    extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded(), "DER Null");
    list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1"));
    return profile;
}
Also used : PolicyConstraints(org.xipki.ca.certprofile.x509.jaxb.PolicyConstraints) NameConstraints(org.xipki.ca.certprofile.x509.jaxb.NameConstraints) InhibitAnyPolicy(org.xipki.ca.certprofile.x509.jaxb.InhibitAnyPolicy) OtherName(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType.OtherName) AuthorityInfoAccess(org.xipki.ca.certprofile.x509.jaxb.AuthorityInfoAccess) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) X509ProfileType(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType) ExtensionValueType(org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType) Subject(org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject) RdnType(org.xipki.ca.certprofile.x509.jaxb.RdnType) KeyUsageEnum(org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum) SubjectAltName(org.xipki.ca.certprofile.x509.jaxb.SubjectAltName) SubjectInfoAccess(org.xipki.ca.certprofile.x509.jaxb.SubjectInfoAccess) ExtensionsType(org.xipki.ca.certprofile.x509.jaxb.ExtensionsType) ExtensionType(org.xipki.ca.certprofile.x509.jaxb.ExtensionType) TlsExtensionType(org.xipki.security.TlsExtensionType) PolicyMappings(org.xipki.ca.certprofile.x509.jaxb.PolicyMappings) GeneralNameType(org.xipki.ca.certprofile.x509.jaxb.GeneralNameType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

X509ProfileType (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType)21 ExtensionsType (org.xipki.ca.certprofile.x509.jaxb.ExtensionsType)18 Subject (org.xipki.ca.certprofile.x509.jaxb.X509ProfileType.Subject)18 RdnType (org.xipki.ca.certprofile.x509.jaxb.RdnType)17 ExtensionType (org.xipki.ca.certprofile.x509.jaxb.ExtensionType)16 ExtensionValueType (org.xipki.ca.certprofile.x509.jaxb.ExtensionValueType)16 KeyUsageEnum (org.xipki.ca.certprofile.x509.jaxb.KeyUsageEnum)16 TlsExtensionType (org.xipki.security.TlsExtensionType)16 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)11 IOException (java.io.IOException)3 JAXBException (javax.xml.bind.JAXBException)3 CertprofileException (org.xipki.ca.api.profile.CertprofileException)3 SubjectAltName (org.xipki.ca.certprofile.x509.jaxb.SubjectAltName)3 SAXException (org.xml.sax.SAXException)3 URL (java.net.URL)2 LinkedList (java.util.LinkedList)2 SchemaFactory (javax.xml.validation.SchemaFactory)2 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)2 AdmissionSyntax (org.xipki.ca.certprofile.x509.jaxb.AdmissionSyntax)2 AdmissionsType (org.xipki.ca.certprofile.x509.jaxb.AdmissionsType)2