Example 1 with CertificatePolicyInformationType
use of org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType in project xipki by xipki.
the class ExtensionConfBuilder method createCertificatePolicies.
// method createValidityModel
public static CertificatePolicies createCertificatePolicies(Map<ASN1ObjectIdentifier, String> policies) {
if (policies == null || policies.isEmpty()) {
return null;
}
CertificatePolicies extValue = new CertificatePolicies();
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformations();
for (ASN1ObjectIdentifier oid : policies.keySet()) {
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(oid));
List<PolicyQualifier> qualifiers = new ArrayList<>(1);
String cpsUri = policies.get(oid);
if (cpsUri != null) {
PolicyQualifier qualifier = new PolicyQualifier();
qualifier.setType(PolicyQualfierType.cpsUri);
qualifier.setValue(cpsUri);
qualifiers.add(qualifier);
}
single.setPolicyQualifiers(qualifiers);
}
return extValue;
}
Also used :
CertificatePolicyInformationType(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PolicyQualifier(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)
Example 2 with CertificatePolicyInformationType
use of org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType in project xipki by xipki.
the class A2gChecker method checkExtnCertificatePolicies.
// method checkExtnBiometricInfo
void checkExtnCertificatePolicies(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns, ExtensionControl extnControl) {
CertificatePolicies certificatePolicies = caller.getCertificatePolicies();
if (certificatePolicies == null) {
caller.checkConstantExtnValue(Extension.certificatePolicies, failureMsg, extnValue, requestedExtns, extnControl);
return;
}
Map<String, CertificatePolicyInformationType> expPoliciesMap = new HashMap<>();
for (CertificatePolicyInformationType cp : caller.getCertificatePolicies().getCertificatePolicyInformations()) {
expPoliciesMap.put(cp.getPolicyIdentifier().getOid(), cp);
}
Set<String> expPolicyIds = new HashSet<>(expPoliciesMap.keySet());
org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(extnValue);
PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();
for (PolicyInformation isPolicyInformation : isPolicyInformations) {
ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
expPolicyIds.remove(isPolicyId.getId());
CertificatePolicyInformationType expCp = expPoliciesMap.get(isPolicyId.getId());
if (expCp == null) {
failureMsg.append("certificate policy '").append(isPolicyId).append("' is not expected; ");
continue;
}
List<PolicyQualifier> expCpPq = expCp.getPolicyQualifiers();
if (isEmpty(expCpPq)) {
continue;
}
ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
List<String> isCpsUris = new LinkedList<>();
List<String> isUserNotices = new LinkedList<>();
int size = isPolicyQualifiers.size();
for (int i = 0; i < size; i++) {
PolicyQualifierInfo isPolicyQualifierInfo = PolicyQualifierInfo.getInstance(isPolicyQualifiers.getObjectAt(i));
ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
String isCpsUri = DERIA5String.getInstance(isQualifier).getString();
isCpsUris.add(isCpsUri);
} else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
if (isUserNotice.getExplicitText() != null) {
isUserNotices.add(isUserNotice.getExplicitText().getString());
}
}
}
for (PolicyQualifier qualifierInfo : expCpPq) {
String value = qualifierInfo.getValue();
switch(qualifierInfo.getType()) {
case cpsUri:
if (!isCpsUris.contains(value)) {
failureMsg.append("CPSUri '").append(value).append("' is absent but is required; ");
}
continue;
case userNotice:
if (!isUserNotices.contains(value)) {
failureMsg.append("userNotice '").append(value).append("' is absent but is required; ");
}
continue;
default:
throw new IllegalStateException("should not reach here");
}
}
}
for (String policyId : expPolicyIds) {
failureMsg.append("certificate policy '").append(policyId).append("' is absent but is required; ");
}
}
Also used :
PolicyQualifier(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)
org.bouncycastle.asn1.x509(org.bouncycastle.asn1.x509)
CertificatePolicyInformationType(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)
CertificatePolicies(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies)
Example 3 with CertificatePolicyInformationType
use of org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType in project xipki by xipki.
the class ComplexProfileConfDemo method certprofileAppleWwdr.
// method certprofileFixedPartialSubject
private static void certprofileAppleWwdr(String destFilename) {
X509ProfileType profile = getBaseProfile("certprofile apple WWDR", CertLevel.EndEntity, "395d");
// Subject
Subject subject = profile.getSubject();
subject.setKeepRdnOrder(true);
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 1, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
rdnControls.add(createRdn(DN.UID, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, true, false, null));
// Extensions - CeritifcatePolicies
// Certificate Policies
list.add(createExtension(Extension.certificatePolicies, true, false));
CertificatePolicies extValue = new CertificatePolicies();
last(list).setCertificatePolicies(extValue);
List<CertificatePolicyInformationType> pis = extValue.getCertificatePolicyInformations();
CertificatePolicyInformationType single = new CertificatePolicyInformationType();
pis.add(single);
single.setPolicyIdentifier(createOidType(new ASN1ObjectIdentifier("1.2.840.113635.100.5.1")));
List<PolicyQualifier> qualifiers = new ArrayList<>(1);
single.setPolicyQualifiers(qualifiers);
PolicyQualifier qualifier = new PolicyQualifier();
qualifiers.add(qualifier);
qualifier.setType(PolicyQualfierType.userNotice);
qualifier.setValue("Reliance on this certificate by any party assumes acceptance of the then " + "applicable standard terms and conditions of use, certificate policy and certification " + "practice statements.");
qualifier = new PolicyQualifier();
qualifiers.add(qualifier);
qualifier.setType(PolicyQualfierType.cpsUri);
qualifier.setValue("http://www.apple.com/certificateauthority");
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.digitalSignature }, null));
// Extensions - extenedKeyUsage
list.add(createExtension(Extension.extendedKeyUsage, true, false));
last(list).setExtendedKeyUsage(createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_clientAuth }, null));
// apple custom extension 1.2.840.113635.100.6.3.1
list.add(createConstantExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.1"), true, false, null, FieldType.NULL, null));
// apple custom extension 1.2.840.113635.100.6.3.2
list.add(createConstantExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.2"), true, false, null, FieldType.NULL, null));
// apple custom extension 1.2.840.113635.100.6.3.6
list.add(createExtension(new ASN1ObjectIdentifier("1.2.840.113635.100.6.3.6"), true, false));
ExtnSyntax syntax = new ExtnSyntax(FieldType.SEQUENCE);
last(list).setSyntax(syntax);
last(list).setPermittedInRequest(true);
/*
* 1. SEQUENCE or SET {
* 2. UTF8String # abc.def.myBlog EXPLICIT
* 3. SEQUENCE
* 4. UTF8String # app
* 5. UTF8String # abc.def.myBlog.voip EXPLICIT
* 6. SEQUENCE EXPLICIT
* 7. UTF8String # voip
* 8. UTF8String # abc.def.myBlog.complication IMPLICIT
* 9. SEQUENCE IMPLICIT
* 10. UTF8String # complication
* 11. }
*/
List<SubFieldSyntax> subFields = new LinkedList<>();
// Line 2
SubFieldSyntax subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setRequired(true);
// Line 3-4
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
SubFieldSyntax subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Collections.singletonList(subsubField));
// Line 5
subField = new SubFieldSyntax(FieldType.UTF8String);
subField.setRequired(true);
subFields.add(subField);
// Line 6-7
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Collections.singletonList(subsubField));
// Line 8
subField = new SubFieldSyntax(FieldType.UTF8String);
subFields.add(subField);
subField.setRequired(true);
// Line 9-10
subField = new SubFieldSyntax(FieldType.SEQUENCE);
subFields.add(subField);
subField.setRequired(true);
subsubField = new SubFieldSyntax(FieldType.UTF8String);
subsubField.setRequired(true);
subField.setSubFields(Collections.singletonList(subsubField));
syntax.setSubFields(subFields);
marshall(profile, destFilename, true);
}
Also used :
KeyUsage(org.xipki.security.KeyUsage)
PolicyQualifier(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
CertificatePolicyInformationType(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)
TlsExtensionType(org.xipki.security.TlsExtensionType)
SubFieldSyntax(org.xipki.ca.certprofile.xijson.conf.ExtnSyntax.SubFieldSyntax)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
CertificatePolicyInformationType (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)3
PolicyQualifier (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)3
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)2
org.bouncycastle.asn1.x509 (org.bouncycastle.asn1.x509)1
CertificatePolicies (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies)1
SubFieldSyntax (org.xipki.ca.certprofile.xijson.conf.ExtnSyntax.SubFieldSyntax)1
RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)1
KeyUsage (org.xipki.security.KeyUsage)1
TlsExtensionType (org.xipki.security.TlsExtensionType)1
