Examples with RdnType org.xipki.ca.certprofile.xijson.conf.Subject.RdnType used on opensource projects

Search in sources :

Example 1 with RdnType

use of org.xipki.ca.certprofile.xijson.conf.Subject.RdnType in project xipki by xipki.

the class XijsonCertprofile method initialize0.

// method initialize
private void initialize0(X509ProfileType conf) throws CertprofileException {
    this.version = conf.getVersion();
    if (this.version == null) {
        this.version = X509CertVersion.v3;
    }
    if (conf.getSignatureAlgorithms() != null) {
        List<String> algoNames = conf.getSignatureAlgorithms();
        List<SignAlgo> list = new ArrayList<>(algoNames.size());
        for (String algoName : algoNames) {
            try {
                list.add(SignAlgo.getInstance(algoName));
            } catch (NoSuchAlgorithmException ex) {
                LOG.warn("unsupported signature algorithm: {}, ignore it", algoName);
            }
        }
        if (list.isEmpty()) {
            throw new CertprofileException("none of the signature algorithms is supported: " + conf.getSignatureAlgorithms());
        }
        this.signatureAlgorithms = Collections.unmodifiableList(list);
    }
    this.raOnly = conf.getRaOnly() != null && conf.getRaOnly();
    this.maxSize = conf.getMaxSize();
    this.validity = Validity.getInstance(conf.getValidity());
    this.notAfterMode = conf.getNotAfterMode();
    this.certLevel = conf.getCertLevel();
    if (this.certLevel == null) {
        throw new CertprofileException("invalid CertLevel");
    }
    this.certDomain = conf.getCertDomain() == null ? CertDomain.RFC5280 : conf.getCertDomain();
    // KeypairGenControl
    KeypairGenerationType kg = conf.getKeypairGeneration();
    this.serialNumberMode = conf.getSerialNumberMode();
    if (kg == null || kg.isForbidden()) {
        this.keypairGenControl = KeypairGenControl.ForbiddenKeypairGenControl.INSTANCE;
    } else if (kg.isInheritCA()) {
        this.keypairGenControl = KeypairGenControl.InheritCAKeypairGenControl.INSTANCE;
    } else {
        KeyType keyType = kg.getKeyType();
        ASN1ObjectIdentifier keyAlgOid = new ASN1ObjectIdentifier(kg.getAlgorithm().getOid());
        Map<String, String> params = kg.getParameters();
        if (keyType == KeyType.RSA) {
            int keySize = Integer.parseInt(params.get(KeypairGenerationType.PARAM_keysize));
            this.keypairGenControl = new KeypairGenControl.RSAKeypairGenControl(keySize, keyAlgOid);
        } else if (keyType == KeyType.EC) {
            ASN1ObjectIdentifier curveOid = new ASN1ObjectIdentifier(params.get(KeypairGenerationType.PARAM_curve));
            this.keypairGenControl = new KeypairGenControl.ECKeypairGenControl(curveOid, keyAlgOid);
        } else if (keyType == KeyType.DSA) {
            int plen = Integer.parseInt(params.get(KeypairGenerationType.PARAM_plength));
            String tmp = params.get(KeypairGenerationType.PARAM_qlength);
            int qlen = tmp == null ? 0 : Integer.parseInt(tmp);
            this.keypairGenControl = new KeypairGenControl.DSAKeypairGenControl(plen, qlen, keyAlgOid);
        } else if (keyType == KeyType.ED25519 || keyType == KeyType.ED448 || keyType == KeyType.X25519 || keyType == KeyType.X448) {
            this.keypairGenControl = new KeypairGenControl.EDDSAKeypairGenControl(keyAlgOid);
        } else {
            throw new CertprofileException("unknown KeypairGeneration type " + keyType);
        }
    }
    String str = conf.getNotBeforeTime().toLowerCase().trim();
    Long offsetSeconds = null;
    TimeZone midnightTimeZone = null;
    if (str.startsWith("midnight")) {
        int seperatorIdx = str.indexOf(':');
        String timezoneId = (seperatorIdx == -1) ? "GMT+0" : str.substring(seperatorIdx + 1).toUpperCase();
        final List<String> validIds = Arrays.asList("GMT+0", "GMT+1", "GMT+2", "GMT+3", "GMT+4", "GMT+5", "GMT+6", "GMT+7", "GMT+8", "GMT+9", "GMT+10", "GMT+11", "GMT+12", "GMT-0", "GMT-1", "GMT-2", "GMT-3", "GMT-4", "GMT-5", "GMT-6", "GMT-7", "GMT-8", "GMT-9", "GMT-10", "GMT-11", "GMT-12");
        if (!validIds.contains(timezoneId)) {
            throw new CertprofileException("invalid time zone id " + timezoneId);
        }
        midnightTimeZone = TimeZone.getTimeZone(timezoneId);
    } else if ("current".equalsIgnoreCase(str)) {
        offsetSeconds = 0L;
    } else if (str.length() > 2) {
        char sign = str.charAt(0);
        char suffix = str.charAt(str.length() - 1);
        if (sign == '+' || sign == '-') {
            long digit = Long.parseLong(str.substring(1, str.length() - 1));
            long seconds;
            switch(suffix) {
                case 'd':
                    seconds = digit * (24L * 60 * 60);
                    break;
                case 'h':
                    seconds = digit * (60L * 60);
                    break;
                case 'm':
                    seconds = digit * 60L;
                    break;
                case 's':
                    seconds = digit;
                    break;
                default:
                    throw new CertprofileException("invalid notBefore " + str);
            }
            offsetSeconds = (sign == '+') ? seconds : -1 * seconds;
        } else {
            throw new CertprofileException("invalid notBefore '" + str + "'");
        }
    } else {
        throw new CertprofileException("invalid notBefore '" + str + "'");
    }
    if (offsetSeconds != null) {
        this.notBeforeOption = NotBeforeOption.getOffsetOption(offsetSeconds);
    } else {
        this.notBeforeOption = NotBeforeOption.getMidNightOption(midnightTimeZone);
    }
    this.serialNumberInReqPermitted = conf.isSerialNumberInReq();
    // KeyAlgorithms
    this.keyAlgorithms = conf.toXiKeyAlgorithms();
    // Subject
    Subject subject = conf.getSubject();
    List<RdnControl> subjectDnControls = new LinkedList<>();
    for (RdnType rdn : subject.getRdns()) {
        ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(rdn.getType().getOid());
        Range range = (rdn.getMinLen() != null || rdn.getMaxLen() != null) ? new Range(rdn.getMinLen(), rdn.getMaxLen()) : null;
        ValueType value = rdn.getValue();
        RdnControl rdnControl = (value == null) ? new RdnControl(type, rdn.getMinOccurs(), rdn.getMaxOccurs()) : new RdnControl(type, value.getText(), value.isOverridable());
        subjectDnControls.add(rdnControl);
        rdnControl.setStringType(rdn.getStringType());
        rdnControl.setStringLengthRange(range);
        if (rdn.getRegex() != null) {
            rdnControl.setPattern(TextVadidator.compile(rdn.getRegex()));
        }
        rdnControl.setPrefix(rdn.getPrefix());
        rdnControl.setSuffix(rdn.getSuffix());
        rdnControl.setGroup(rdn.getGroup());
        if (rdn.getNotInSubject() != null) {
            rdnControl.setNotInSubject(rdn.getNotInSubject());
        }
        fixRdnControl(rdnControl);
    }
    this.subjectControl = new SubjectControl(subjectDnControls, subject.isKeepRdnOrder());
    // Extensions
    this.extensions = new XijsonExtensions(conf, subjectControl);
}
Also used : KeyType(org.xipki.ca.certprofile.xijson.conf.KeypairGenerationType.KeyType) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ValueType(org.xipki.ca.certprofile.xijson.conf.Subject.ValueType) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType) SignAlgo(org.xipki.security.SignAlgo)

Example 2 with RdnType

use of org.xipki.ca.certprofile.xijson.conf.Subject.RdnType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabRootCa.

// method main
private static void certprofileCabRootCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)", CertLevel.RootCA, "10y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    marshall(profile, destFilename, true);
}
Also used : ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 3 with RdnType

use of org.xipki.ca.certprofile.xijson.conf.Subject.RdnType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabDomainValidatedTls.

// method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Domain Validated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 4 with RdnType

use of org.xipki.ca.certprofile.xijson.conf.Subject.RdnType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabIndividualValidatedTls.

// method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.ST, 0, 1));
    rdnControls.add(createRdn(DN.localityName, 0, 1));
    rdnControls.add(createRdn(DN.givenName, 1, 1));
    rdnControls.add(createRdn(DN.surname, 1, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 5 with RdnType

use of org.xipki.ca.certprofile.xijson.conf.Subject.RdnType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabSubCa.

// method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)", CertLevel.SubCA, "8y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - controls
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    list.add(createExtension(Extension.cRLDistributionPoints, true, false));
    last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    last(list).setBasicConstrains(createBasicConstraints(1));
    // Extensions - AuthorityInfoAccess
    list.add(createExtension(Extension.authorityInfoAccess, true, false));
    last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
    // Extensions - AuthorityKeyIdentifier
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Aggregations

RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)13 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)8 KeyUsage (org.xipki.security.KeyUsage)7 ExtensionType (org.xipki.ca.certprofile.xijson.conf.ExtensionType)5 Subject (org.xipki.ca.certprofile.xijson.conf.Subject)5 X509ProfileType (org.xipki.ca.certprofile.xijson.conf.X509ProfileType)5 HashMap (java.util.HashMap)4 TlsExtensionType (org.xipki.security.TlsExtensionType)4 ValueType (org.xipki.ca.certprofile.xijson.conf.Subject.ValueType)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 GeneralName (org.bouncycastle.asn1.x509.GeneralName)1 AdmissionsType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.AdmissionsType)1 NamingAuthorityType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.NamingAuthorityType)1 ProfessionInfoType (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.ProfessionInfoType)1 RegistrationNumber (org.xipki.ca.certprofile.xijson.conf.AdmissionSyntax.RegistrationNumber)1 CertificatePolicyInformationType (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)1 PolicyQualifier (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)1 DescribableOid (org.xipki.ca.certprofile.xijson.conf.Describable.DescribableOid)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial