use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.
the class CheckerUtil method buildConstantExtesions.
static Map<ASN1ObjectIdentifier, QaExtensionValue> buildConstantExtesions(Map<String, ExtensionType> extensions) throws CertprofileException {
if (extensions == null) {
return null;
}
Map<ASN1ObjectIdentifier, QaExtensionValue> map = new HashMap<>();
for (Entry<String, ExtensionType> entry : extensions.entrySet()) {
String type = entry.getKey();
ExtensionType extn = entry.getValue();
if (extn.getConstant() == null) {
continue;
}
ASN1ObjectIdentifier oid = extn.getType().toXiOid();
if (Extension.subjectAlternativeName.equals(oid) || Extension.subjectInfoAccess.equals(oid) || Extension.biometricInfo.equals(oid)) {
continue;
}
byte[] encodedValue;
try {
encodedValue = extn.getConstant().toASN1Encodable().toASN1Primitive().getEncoded();
} catch (IOException | InvalidConfException ex) {
throw new CertprofileException("could not parse the constant extension value of type" + type, ex);
}
QaExtensionValue extension = new QaExtensionValue(extn.isCritical(), encodedValue);
map.put(oid, extension);
}
if (isEmpty(map)) {
return null;
}
return Collections.unmodifiableMap(map);
}
use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabRootCa.
// method main
private static void certprofileCabRootCa(String destFilename) {
X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)", CertLevel.RootCA, "10y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
marshall(profile, destFilename, true);
}
use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabDomainValidatedTls.
// method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) {
X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Domain Validated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabIndividualValidatedTls.
// method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) {
X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.ST, 0, 1));
rdnControls.add(createRdn(DN.localityName, 0, 1));
rdnControls.add(createRdn(DN.givenName, 1, 1));
rdnControls.add(createRdn(DN.surname, 1, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
use of org.xipki.ca.certprofile.xijson.conf.ExtensionType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabSubCa.
// method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) {
X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)", CertLevel.SubCA, "8y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, true, false));
last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
Aggregations