Examples with DescribableOid org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid used on opensource projects

Search in sources :

Example 1 with DescribableOid

use of org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid in project xipki by xipki.

the class ProfileConfBuilder method createKeyAlgorithms.

// method createCabKeyAlgorithms
protected static List<AlgorithmType> createKeyAlgorithms(ASN1ObjectIdentifier[] curveIds, CertLevel certLevel, boolean withEddsa) {
    List<AlgorithmType> list = new LinkedList<>();
    // RSA
    list.addAll(createRSAKeyAlgorithms());
    // DSA
    list.add(new AlgorithmType());
    last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
    last(list).setParameters(new KeyParametersType());
    DsaParametersType dsaParams = new DsaParametersType();
    last(list).getParameters().setDsa(dsaParams);
    List<Range> plengths = new LinkedList<>();
    dsaParams.setPlengths(plengths);
    plengths.add(createRange(1024));
    plengths.add(createRange(2048));
    plengths.add(createRange(3072));
    List<Range> qlengths = new LinkedList<>();
    dsaParams.setQlengths(qlengths);
    qlengths.add(createRange(160));
    qlengths.add(createRange(224));
    qlengths.add(createRange(256));
    // EC
    list.add(new AlgorithmType());
    last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
    last(list).setParameters(new KeyParametersType());
    EcParametersType ecParams = new EcParametersType();
    last(list).getParameters().setEc(ecParams);
    if (curveIds != null && curveIds.length > 0) {
        List<DescribableOid> curves = new LinkedList<>();
        ecParams.setCurves(curves);
        for (ASN1ObjectIdentifier curveId : curveIds) {
            String name = AlgorithmUtil.getCurveName(curveId);
            curves.add(createOidType(curveId, name));
        }
    }
    ecParams.setPointEncodings(Collections.singletonList(((byte) 4)));
    // EdDSA
    if (withEddsa) {
        list.addAll(createEdwardsOrMontgomeryKeyAlgorithms(true, true, true));
    }
    return list;
}
Also used : EcParametersType(org.xipki.ca.certprofile.xijson.conf.KeyParametersType.EcParametersType) Range(org.xipki.ca.api.profile.Range) DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid) DsaParametersType(org.xipki.ca.certprofile.xijson.conf.KeyParametersType.DsaParametersType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with DescribableOid

use of org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid in project xipki by xipki.

the class ComplexProfileConfDemo method certprofileEeComplex.

// method certprofileQc
private static void certprofileEeComplex(String destFilename) throws Exception {
    X509ProfileType profile = getBaseProfile("certprofile ee-complex", CertLevel.EndEntity, "5y", true, false);
    // Subject
    Subject subject = profile.getSubject();
    subject.setKeepRdnOrder(false);
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.CN, 1, 1));
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1, REGEX_SN, null, null));
    rdnControls.add(createRdn(DN.dateOfBirth, 0, 1));
    rdnControls.add(createRdn(DN.postalAddress, 0, 1));
    rdnControls.add(createRdn(DN.userid, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationCountryName, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationLocalityName, 1, 1));
    rdnControls.add(createRdn(DN.jurisdictionOfIncorporationStateOrProvinceName, 1, 1));
    rdnControls.add(createRdn(Extn.id_extension_admission, 0, 99));
    // Extensions
    // Extensions - general
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - controls
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null));
    list.add(createExtension(Extension.cRLDistributionPoints, false, false, null));
    list.add(createExtension(Extension.freshestCRL, false, false, null));
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, false));
    // Extensions - AuthorityInfoAccess
    list.add(createExtension(Extension.authorityInfoAccess, true, false));
    last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
    // Extensions - AuthorityKeyIdentifier
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
    last(list).setAuthorityKeyIdentifier(createAKIwithSerialAndSerial());
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.digitalSignature, KeyUsage.dataEncipherment, KeyUsage.keyEncipherment }, null));
    // Extensions - extenedKeyUsage
    list.add(createExtension(Extension.extendedKeyUsage, true, false));
    last(list).setExtendedKeyUsage(createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.XKU.id_kp_clientAuth }));
    // Extension - subjectDirectoryAttributes
    list.add(createExtension(Extension.subjectDirectoryAttributes, true, false));
    SubjectDirectoryAttributs subjectDirAttrType = new SubjectDirectoryAttributs();
    last(list).setSubjectDirectoryAttributs(subjectDirAttrType);
    List<DescribableOid> attrTypes = subjectDirAttrType.getTypes();
    attrTypes.add(createOidType(DN.countryOfCitizenship));
    attrTypes.add(createOidType(DN.countryOfResidence));
    attrTypes.add(createOidType(DN.gender));
    attrTypes.add(createOidType(DN.dateOfBirth));
    attrTypes.add(createOidType(DN.placeOfBirth));
    // Extensions - tlsFeature
    list.add(createExtension(Extn.id_pe_tlsfeature, true, true));
    last(list).setTlsFeature(createTlsFeature(TlsExtensionType.STATUS_REQUEST, TlsExtensionType.CLIENT_CERTIFICATE_URL));
    // Extension - Admission
    list.add(createExtension(Extn.id_extension_admission, true, false));
    AdmissionSyntax admissionSyntax = new AdmissionSyntax();
    last(list).setAdmissionSyntax(admissionSyntax);
    admissionSyntax.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 1")).getEncoded());
    AdmissionsType admissions = new AdmissionsType();
    admissions.setAdmissionAuthority(new GeneralName(new X500Name("C=DE,CN=admissionAuthority level 2")).getEncoded());
    NamingAuthorityType namingAuthorityL2 = new NamingAuthorityType();
    namingAuthorityL2.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL2.setUrl("http://naming-authority-level2.myorg.org");
    namingAuthorityL2.setText("namingAuthrityText level 2");
    admissions.setNamingAuthority(namingAuthorityL2);
    admissionSyntax.getContentsOfAdmissions().add(admissions);
    ProfessionInfoType pi = new ProfessionInfoType();
    admissions.getProfessionInfos().add(pi);
    pi.getProfessionOids().add(createOidType(new ASN1ObjectIdentifier("1.2.3.4"), "demo oid"));
    pi.getProfessionItems().add("demo item");
    NamingAuthorityType namingAuthorityL3 = new NamingAuthorityType();
    namingAuthorityL3.setOid(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5")));
    namingAuthorityL3.setUrl("http://naming-authority-level3.myorg.org");
    namingAuthorityL3.setText("namingAuthrityText level 3");
    pi.setNamingAuthority(namingAuthorityL3);
    pi.setAddProfessionInfo(new byte[] { 1, 2, 3, 4 });
    RegistrationNumber regNum = new RegistrationNumber();
    pi.setRegistrationNumber(regNum);
    regNum.setRegex("a*b");
    // restriction
    list.add(createExtension(Extn.id_extension_restriction, true, false));
    last(list).setRestriction(createRestriction(DirectoryStringType.utf8String, "demo restriction"));
    // additionalInformation
    list.add(createExtension(Extn.id_extension_additionalInformation, true, false));
    last(list).setAdditionalInformation(createAdditionalInformation(DirectoryStringType.utf8String, "demo additional information"));
    // validationModel
    list.add(createExtension(Extn.id_extension_validityModel, true, false));
    last(list).setValidityModel(createValidityModel(createOidType(new ASN1ObjectIdentifier("1.3.6.1.4.1.8301.3.5.1"), "chain")));
    // privateKeyUsagePeriod
    list.add(createExtension(Extension.privateKeyUsagePeriod, true, false));
    last(list).setPrivateKeyUsagePeriod(createPrivateKeyUsagePeriod("3y"));
    // QcStatements
    list.add(createExtension(Extension.qCStatements, true, false));
    last(list).setQcStatements(createQcStatements(true));
    // biometricInfo
    list.add(createExtension(Extension.biometricInfo, true, false));
    last(list).setBiometricInfo(createBiometricInfo());
    // SubjectAltName
    list.add(createExtension(Extension.subjectAlternativeName, true, true));
    GeneralNameType gn = new GeneralNameType();
    last(list).setSubjectAltName(gn);
    gn.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
    gn.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
    // SubjectInfoAccess
    list.add(createExtension(Extension.subjectInfoAccess, true, false));
    SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
    last(list).setSubjectInfoAccess(subjectInfoAccess);
    List<ASN1ObjectIdentifier> accessMethods = new LinkedList<>();
    accessMethods.add(Extn.id_ad_caRepository);
    for (int i = 0; i < 10; i++) {
        accessMethods.add(new ASN1ObjectIdentifier("2.3.4." + (i + 1)));
    }
    for (ASN1ObjectIdentifier accessMethod : accessMethods) {
        SubjectInfoAccess.Access access = new SubjectInfoAccess.Access();
        subjectInfoAccess.getAccesses().add(access);
        access.setAccessMethod(createOidType(accessMethod));
        GeneralNameType accessLocation = new GeneralNameType();
        access.setAccessLocation(accessLocation);
        accessLocation.addTags(GeneralNameTag.rfc822Name, GeneralNameTag.DNSName, GeneralNameTag.directoryName, GeneralNameTag.ediPartyName, GeneralNameTag.uniformResourceIdentifier, GeneralNameTag.IPAddress, GeneralNameTag.registeredID);
        accessLocation.addOtherNames(createOidType(new ASN1ObjectIdentifier("1.2.3.1")), createOidType(new ASN1ObjectIdentifier("1.2.3.2")));
    }
    marshall(profile, destFilename, true);
}
Also used : KeyUsage(org.xipki.security.KeyUsage) X500Name(org.bouncycastle.asn1.x500.X500Name) AdmissionsType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.AdmissionsType) ProfessionInfoType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.ProfessionInfoType) RegistrationNumber(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.RegistrationNumber) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType) TlsExtensionType(org.xipki.security.TlsExtensionType) GeneralName(org.bouncycastle.asn1.x509.GeneralName) DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) NamingAuthorityType(org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType)

Example 3 with DescribableOid

use of org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid in project xipki by xipki.

the class ExtensionConfBuilder method createOidType.

public static DescribableOid createOidType(ASN1ObjectIdentifier oid, String description) {
    DescribableOid ret = new DescribableOid();
    ret.setOid(oid.getId());
    String desc = (description == null) ? getDescription(oid) : description;
    if (desc != null) {
        ret.setDescription(desc);
    }
    return ret;
}
Also used : DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid)

Example 4 with DescribableOid

use of org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid in project xipki by xipki.

the class ProfileConfBuilder method createCabKeyAlgorithms.

// method getEeBaseProfileForEdwardsOrMontgomeryCurves
protected static List<AlgorithmType> createCabKeyAlgorithms() {
    List<AlgorithmType> list = new LinkedList<>();
    // RSA
    list.addAll(createRSAKeyAlgorithms());
    // DSA
    list.add(new AlgorithmType());
    last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_dsa, "DSA"));
    last(list).setParameters(new KeyParametersType());
    DsaParametersType dsaParams = new DsaParametersType();
    last(list).getParameters().setDsa(dsaParams);
    List<Range> plengths = new LinkedList<>();
    dsaParams.setPlengths(plengths);
    plengths.add(createRange(2048));
    plengths.add(createRange(3072));
    List<Range> qlengths = new LinkedList<>();
    dsaParams.setQlengths(qlengths);
    qlengths.add(createRange(224));
    qlengths.add(createRange(256));
    // EC
    list.add(new AlgorithmType());
    last(list).getAlgorithms().add(createOidType(X9ObjectIdentifiers.id_ecPublicKey, "EC"));
    last(list).setParameters(new KeyParametersType());
    EcParametersType ecParams = new EcParametersType();
    last(list).getParameters().setEc(ecParams);
    ASN1ObjectIdentifier[] curveIds = new ASN1ObjectIdentifier[] { SECObjectIdentifiers.secp256r1, SECObjectIdentifiers.secp384r1, SECObjectIdentifiers.secp521r1 };
    List<DescribableOid> curves = new LinkedList<>();
    ecParams.setCurves(curves);
    for (ASN1ObjectIdentifier curveId : curveIds) {
        String name = AlgorithmUtil.getCurveName(curveId);
        curves.add(createOidType(curveId, name));
    }
    ecParams.setPointEncodings(Collections.singletonList(((byte) 4)));
    return list;
}
Also used : EcParametersType(org.xipki.ca.certprofile.xijson.conf.KeyParametersType.EcParametersType) Range(org.xipki.ca.api.profile.Range) DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid) DsaParametersType(org.xipki.ca.certprofile.xijson.conf.KeyParametersType.DsaParametersType) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 5 with DescribableOid

use of org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid in project xipki by xipki.

the class AdmissionSyntax method toXiAdmissionSyntax.

public AdmissionExtension.AdmissionSyntaxOption toXiAdmissionSyntax(boolean critical) throws CertprofileException {
    List<AdmissionExtension.AdmissionsOption> admissionsList = new LinkedList<>();
    for (AdmissionsType at : getContentsOfAdmissions()) {
        List<AdmissionExtension.ProfessionInfoOption> professionInfos = new LinkedList<>();
        for (ProfessionInfoType pi : at.getProfessionInfos()) {
            NamingAuthority namingAuthorityL3 = null;
            if (pi.getNamingAuthority() != null) {
                namingAuthorityL3 = buildNamingAuthority(pi.getNamingAuthority());
            }
            List<DescribableOid> oidTypes = pi.getProfessionOids();
            List<ASN1ObjectIdentifier> oids = null;
            if (CollectionUtil.isNotEmpty(oidTypes)) {
                oids = new LinkedList<>();
                for (DescribableOid k : oidTypes) {
                    oids.add(new ASN1ObjectIdentifier(k.getOid()));
                }
            }
            RegistrationNumber rnType = pi.getRegistrationNumber();
            AdmissionExtension.RegistrationNumberOption rno = (rnType == null) ? null : new AdmissionExtension.RegistrationNumberOption(rnType.getRegex(), rnType.getConstant());
            AdmissionExtension.ProfessionInfoOption pio = new AdmissionExtension.ProfessionInfoOption(namingAuthorityL3, pi.getProfessionItems(), oids, rno, pi.getAddProfessionInfo());
            professionInfos.add(pio);
        }
        GeneralName admissionAuthority = null;
        if (at.getNamingAuthority() != null) {
            admissionAuthority = GeneralName.getInstance(asn1PrimitivefromByteArray(at.getAdmissionAuthority()));
        }
        NamingAuthority namingAuthority = null;
        if (at.getNamingAuthority() != null) {
            namingAuthority = buildNamingAuthority(at.getNamingAuthority());
        }
        AdmissionExtension.AdmissionsOption admissionsOption = new AdmissionExtension.AdmissionsOption(admissionAuthority, namingAuthority, professionInfos);
        admissionsList.add(admissionsOption);
    }
    GeneralName tmpAdmissionAuthority = null;
    if (admissionAuthority != null) {
        tmpAdmissionAuthority = GeneralName.getInstance(admissionAuthority);
    }
    return new AdmissionExtension.AdmissionSyntaxOption(critical, tmpAdmissionAuthority, admissionsList);
}
Also used : LinkedList(java.util.LinkedList) AdmissionExtension(org.xipki.ca.certprofile.xijson.AdmissionExtension) NamingAuthority(org.bouncycastle.asn1.isismtt.x509.NamingAuthority) GeneralName(org.bouncycastle.asn1.x509.GeneralName) DescribableOid(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

DescribableOid (org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 GeneralName (org.bouncycastle.asn1.x509.GeneralName)2 Range (org.xipki.ca.api.profile.Range)2 DsaParametersType (org.xipki.ca.certprofile.xijson.conf.KeyParametersType.DsaParametersType)2 EcParametersType (org.xipki.ca.certprofile.xijson.conf.KeyParametersType.EcParametersType)2 LinkedList (java.util.LinkedList)1 NamingAuthority (org.bouncycastle.asn1.isismtt.x509.NamingAuthority)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 CertprofileException (org.xipki.ca.api.profile.CertprofileException)1 KeyParametersOption (org.xipki.ca.api.profile.KeyParametersOption)1 AdmissionExtension (org.xipki.ca.certprofile.xijson.AdmissionExtension)1 AdmissionsType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.AdmissionsType)1 NamingAuthorityType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType)1 ProfessionInfoType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.ProfessionInfoType)1 RegistrationNumber (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.RegistrationNumber)1 RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)1 KeyUsage (org.xipki.security.KeyUsage)1 TlsExtensionType (org.xipki.security.TlsExtensionType)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial