use of org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType in project xipki by xipki.
the class ComplexProfileConfDemo method certprofileEeComplex.
// method certprofileQc
private static void certprofileEeComplex(String destFilename) throws Exception {
X509ProfileType profile = getBaseProfile("certprofile ee-complex", CertLevel.EndEntity, "5y", true, false);
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(false);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
rdnControls.add(createRdn(DN.dateOfBirth, 0, 1));
rdnControls.add(createRdn(DN.postalAddress, 0, 1));
rdnControls.add(createRdn(DN.userid, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationCountryName, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationLocalityName, 1, 1));
rdnControls.add(createRdn(DN.jurisdictionOfIncorporationStateOrProvinceName, 1, 1));
rdnControls.add(createRdn(Extn.id_extension_admission, 0, 99));
// Extensions
// Extensions - general
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
list.add(createExtension(Extension.freshestCRL, false, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, false));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
last(list).setAuthorityKeyIdentifier(createAKIwithSerialAndSerial());
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.digitalSignature, KeyUsage.dataEncipherment, KeyUsage.keyEncipherment }, null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_clientAuth }));
// Extension - subjectDirectoryAttributes
list.add(createExtension(Extension.subjectDirectoryAttributes, true, false));
SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
last(list).setSubjectDirectoryAttributs(subjectDirAttrType);
List<DescribableOid> attrTypes = subjectDirAttrType.getTypes();
attrTypes.add(createOidType(DN.countryOfCitizenship));
attrTypes.add(createOidType(DN.countryOfResidence));
attrTypes.add(createOidType(DN.gender));
attrTypes.add(createOidType(DN.dateOfBirth));
attrTypes.add(createOidType(DN.placeOfBirth));
// Extensions - tlsFeature
list.add(createExtension(Extn.id_pe_tlsfeature, true, true));
last(list).setTlsFeature(createTlsFeature(TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL));
// Extension - Admission
list.add(createExtension(Extn.id_extension_admission, true, false));
AdmissionSyntax admissionSyntax = new AdmissionSyntax();
last(list).setAdmissionSyntax(admissionSyntax);
admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
AdmissionsType admissions = new AdmissionsType();
admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL2.setUrl("http://naming-authority-level2.myorg.org");
namingAuthorityL2.setText("namingAuthrityText level 2");
admissions.setNamingAuthority(namingAuthorityL2);
admissionSyntax.getContentsOfAdmissions().add(admissions);
ProfessionInfoType pi = new ProfessionInfoType();
admissions.getProfessionInfos().add(pi);
pi.getProfessionOids().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
pi.getProfessionItems().add("demo item");
NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
namingAuthorityL3.setUrl("http://naming-authority-level3.myorg.org");
namingAuthorityL3.setText("namingAuthrityText level 3");
pi.setNamingAuthority(namingAuthorityL3);
pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
RegistrationNumber regNum = new RegistrationNumber();
pi.setRegistrationNumber(regNum);
regNum.setRegex("a*b");
// restriction
list.add(createExtension(Extn.id_extension_restriction, true, false));
last(list).setRestriction(createRestriction(DirectoryStringType.utf8String, "demo restriction"));
// additionalInformation
list.add(createExtension(Extn.id_extension_additionalInformation, true, false));
last(list).setAdditionalInformation(createAdditionalInformation(DirectoryStringType.utf8String, "demo additional information"));
// validationModel
list.add(createExtension(Extn.id_extension_validityModel, true, false));
last(list).setValidityModel(createValidityModel(createOidType(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1"), "chain")));
// privateKeyUsagePeriod
list.add(createExtension(Extension.privateKeyUsagePeriod, true, false));
last(list).setPrivateKeyUsagePeriod(createPrivateKeyUsagePeriod("3y"));
// QcStatements
list.add(createExtension(Extension.qCStatements, true, false));
last(list).setQcStatements(createQcStatements(true));
// biometricInfo
list.add(createExtension(Extension.biometricInfo, true, false));
last(list).setBiometricInfo(createBiometricInfo());
// SubjectAltName
list.add(createExtension(Extension.subjectAlternativeName, true, true));
GeneralNameType gn = new GeneralNameType();
last(list).setSubjectAltName(gn);
gn.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
gn.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
// SubjectInfoAccess
list.add(createExtension(Extension.subjectInfoAccess, true, false));
SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
last(list).setSubjectInfoAccess(subjectInfoAccess);
List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
accessMethods.add(Extn.id_ad_caRepository);
for (int i = 0; i < 10; i++) {
accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
}
for (ASN1ObjectIdentifier accessMethod : accessMethods) {
SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
subjectInfoAccess.getAccesses().add(access);
access.setAccessMethod(createOidType(accessMethod));
GeneralNameType accessLocation = new GeneralNameType();
access.setAccessLocation(accessLocation);
accessLocation.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
accessLocation.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
}
marshall(profile, destFilename, true);
}
Aggregations