Search in sources :

Example 1 with ExtensionType

use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.

the class CheckerUtil method buildConstantExtesions.

static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(Map<String, ExtensionType> extensions) throws CertprofileException {
    if (extensions == null) {
        return null;
    }
    Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
    for (Entry<String, ExtensionType> entry : extensions.entrySet()) {
        String type = entry.getKey();
        ExtensionType extn = entry.getValue();
        if (extn.getConstant() == null) {
            continue;
        }
        ASN1ObjectIdentifier oid = extn.getType().toXiOid();
        if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
            continue;
        }
        byte[] encodedValue;
        try {
            encodedValue = extn.getConstant().toASN1Encodable().toASN1Primitive().getEncoded();
        } catch (IOException | InvalidConfException ex) {
            throw new CertprofileException("could not parse the constant extension value of type" + type, ex);
        }
        QaExtensionValue extension = new QaExtensionValue(extn.isCritical(), encodedValue);
        map.put(oid, extension);
    }
    if (isEmpty(map)) {
        return null;
    }
    return Collections.unmodifiableMap(map);
}
Also used : CertprofileException(org.xipki.ca.api.profile.CertprofileException) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) InvalidConfException(org.xipki.util.InvalidConfException) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) IOException(java.io.IOException)

Example 2 with ExtensionType

use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabRootCa.

// method main
private static void certprofileCabRootCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)", CertLevel.RootCA, "10y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    marshall(profile, destFilename, true);
}
Also used : ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 3 with ExtensionType

use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabDomainValidatedTls.

// method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Domain Validated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 4 with ExtensionType

use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabIndividualValidatedTls.

// method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.ST, 0, 1));
    rdnControls.add(createRdn(DN.localityName, 0, 1));
    rdnControls.add(createRdn(DN.givenName, 1, 1));
    rdnControls.add(createRdn(DN.surname, 1, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 5 with ExtensionType

use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabSubCa.

// method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)", CertLevel.SubCA, "8y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - controls
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    list.add(createExtension(Extension.cRLDistributionPoints, true, false));
    last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    last(list).setBasicConstrains(createBasicConstraints(1));
    // Extensions - AuthorityInfoAccess
    list.add(createExtension(Extension.authorityInfoAccess, true, false));
    last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
    // Extensions - AuthorityKeyIdentifier
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Aggregations

ExtensionType (org.xipki.ca.certprofile.xijson.conf.ExtensionType)7 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 Subject (org.xipki.ca.certprofile.xijson.conf.Subject)5 RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)5 X509ProfileType (org.xipki.ca.certprofile.xijson.conf.X509ProfileType)5 HashMap (java.util.HashMap)4 IOException (java.io.IOException)2 CertprofileException (org.xipki.ca.api.profile.CertprofileException)2 KeyUsage (org.xipki.security.KeyUsage)2 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 QaExtensionValue (org.xipki.qa.ca.extn.QaExtensionValue)1 InvalidConfException (org.xipki.util.InvalidConfException)1