Search in sources :

Example 1 with NamingAuthorityType

use of org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType in project xipki by xipki.

the class ComplexProfileConfDemo method certprofileEeComplex.

// method certprofileQc
private static void certprofileEeComplex(String destFilename) throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ee-complex", CertLevel.EndEntity, "5y", true, false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setKeepRdnOrder(false);
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.CN, 1, 1));
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
    rdnControls.add(createRdn(DN.dateOfBirth, 0, 1));
    rdnControls.add(createRdn(DN.postalAddress, 0, 1));
    rdnControls.add(createRdn(DN.userid, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationCountryName, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationLocalityName, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationStateOrProvinceName, 1, 1));
    rdnControls.add(createRdn(Extn.id_extension_admission, 0, 99));
    // Extensions
    // Extensions - general
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - controls
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, false));
    // Extensions - AuthorityInfoAccess
    list.add(createExtension(Extension.authorityInfoAccess, true, false));
    last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
    // Extensions - AuthorityKeyIdentifier
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
    last(list).setAuthorityKeyIdentifier(createAKIwithSerialAndSerial());
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.digitalSignature, KeyUsage.dataEncipherment, KeyUsage.keyEncipherment }, null));
    // Extensions - extenedKeyUsage
    list.add(createExtension(Extension.extendedKeyUsage, true, false));
    last(list).setExtendedKeyUsage(createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_clientAuth }));
    // Extension - subjectDirectoryAttributes
    list.add(createExtension(Extension.subjectDirectoryAttributes, true, false));
    SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
    last(list).setSubjectDirectoryAttributs(subjectDirAttrType);
    List<DescribableOid> attrTypes = subjectDirAttrType.getTypes();
    attrTypes.add(createOidType(DN.countryOfCitizenship));
    attrTypes.add(createOidType(DN.countryOfResidence));
    attrTypes.add(createOidType(DN.gender));
    attrTypes.add(createOidType(DN.dateOfBirth));
    attrTypes.add(createOidType(DN.placeOfBirth));
    // Extensions - tlsFeature
    list.add(createExtension(Extn.id_pe_tlsfeature, true, true));
    last(list).setTlsFeature(createTlsFeature(TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL));
    // Extension - Admission
    list.add(createExtension(Extn.id_extension_admission, true, false));
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    last(list).setAdmissionSyntax(admissionSyntax);
    admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
    AdmissionsType admissions = new AdmissionsType();
    admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
    NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
    namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL2.setUrl("http://naming-authority-level2.myorg.org");
    namingAuthorityL2.setText("namingAuthrityText level 2");
    admissions.setNamingAuthority(namingAuthorityL2);
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfos().add(pi);
    pi.getProfessionOids().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
    pi.getProfessionItems().add("demo item");
    NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
    namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL3.setUrl("http://naming-authority-level3.myorg.org");
    namingAuthorityL3.setText("namingAuthrityText level 3");
    pi.setNamingAuthority(namingAuthorityL3);
    pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
    RegistrationNumber regNum = new RegistrationNumber();
    pi.setRegistrationNumber(regNum);
    regNum.setRegex("a*b");
    // restriction
    list.add(createExtension(Extn.id_extension_restriction, true, false));
    last(list).setRestriction(createRestriction(DirectoryStringType.utf8String, "demo restriction"));
    // additionalInformation
    list.add(createExtension(Extn.id_extension_additionalInformation, true, false));
    last(list).setAdditionalInformation(createAdditionalInformation(DirectoryStringType.utf8String, "demo additional information"));
    // validationModel
    list.add(createExtension(Extn.id_extension_validityModel, true, false));
    last(list).setValidityModel(createValidityModel(createOidType(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1"), "chain")));
    // privateKeyUsagePeriod
    list.add(createExtension(Extension.privateKeyUsagePeriod, true, false));
    last(list).setPrivateKeyUsagePeriod(createPrivateKeyUsagePeriod("3y"));
    // QcStatements
    list.add(createExtension(Extension.qCStatements, true, false));
    last(list).setQcStatements(createQcStatements(true));
    // biometricInfo
    list.add(createExtension(Extension.biometricInfo, true, false));
    last(list).setBiometricInfo(createBiometricInfo());
    // SubjectAltName
    list.add(createExtension(Extension.subjectAlternativeName, true, true));
    GeneralNameType gn = new GeneralNameType();
    last(list).setSubjectAltName(gn);
    gn.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
    gn.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
    // SubjectInfoAccess
    list.add(createExtension(Extension.subjectInfoAccess, true, false));
    SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
    last(list).setSubjectInfoAccess(subjectInfoAccess);
    List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
    accessMethods.add(Extn.id_ad_caRepository);
    for (int i = 0; i < 10; i++) {
        accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
    }
    for (ASN1ObjectIdentifier accessMethod : accessMethods) {
        SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
        subjectInfoAccess.getAccesses().add(access);
        access.setAccessMethod(createOidType(accessMethod));
        GeneralNameType accessLocation = new GeneralNameType();
        access.setAccessLocation(accessLocation);
        accessLocation.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
        accessLocation.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
    }
    marshall(profile, destFilename, true);
}
Also used : KeyUsage(org.xipki.security.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) AdmissionsType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.AdmissionsType) ProfessionInfoType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.ProfessionInfoType) RegistrationNumber(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.RegistrationNumber) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType) TlsExtensionType(org.xipki.security.TlsExtensionType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) NamingAuthorityType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 GeneralName (org.bouncycastle.asn1.x509.GeneralName)1 AdmissionsType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.AdmissionsType)1 NamingAuthorityType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType)1 ProfessionInfoType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.ProfessionInfoType)1 RegistrationNumber (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.RegistrationNumber)1 DescribableOid (org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid)1 RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)1 KeyUsage (org.xipki.security.KeyUsage)1 TlsExtensionType (org.xipki.security.TlsExtensionType)1