Example 1 with X509ProfileType
use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabRootCa.
// method main
private static void certprofileCabRootCa(String destFilename) {
X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)", CertLevel.RootCA, "10y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
marshall(profile, destFilename, true);
}
Also used :
ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType)
KeyUsage(org.xipki.security.KeyUsage)
X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType)
Subject(org.xipki.ca.certprofile.xijson.conf.Subject)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
Example 2 with X509ProfileType
use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabDomainValidatedTls.
// method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) {
X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Domain Validated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
Also used :
HashMap(java.util.HashMap)
ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType)
X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType)
Subject(org.xipki.ca.certprofile.xijson.conf.Subject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
Example 3 with X509ProfileType
use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabIndividualValidatedTls.
// method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) {
X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.ST, 0, 1));
rdnControls.add(createRdn(DN.localityName, 0, 1));
rdnControls.add(createRdn(DN.givenName, 1, 1));
rdnControls.add(createRdn(DN.surname, 1, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
Also used :
HashMap(java.util.HashMap)
ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType)
X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType)
Subject(org.xipki.ca.certprofile.xijson.conf.Subject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
Example 4 with X509ProfileType
use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabSubCa.
// method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) {
X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)", CertLevel.SubCA, "8y");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1));
// Extensions
List<ExtensionType> list = profile.getExtensions();
// Extensions - controls
list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
list.add(createExtension(Extension.cRLDistributionPoints, true, false));
last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
// Extensions - basicConstraints
list.add(createExtension(Extension.basicConstraints, true, true));
last(list).setBasicConstrains(createBasicConstraints(1));
// Extensions - AuthorityInfoAccess
list.add(createExtension(Extension.authorityInfoAccess, true, false));
last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
// Extensions - AuthorityKeyIdentifier
list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
// Extensions - keyUsage
list.add(createExtension(Extension.keyUsage, true, true));
last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
Also used :
HashMap(java.util.HashMap)
ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType)
KeyUsage(org.xipki.security.KeyUsage)
X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType)
Subject(org.xipki.ca.certprofile.xijson.conf.Subject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
Example 5 with X509ProfileType
use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.
the class CabProfileConfDemo method certprofileCabOrganizationValidatedTls.
// method certprofileCabDomainValidatedTls
private static void certprofileCabOrganizationValidatedTls(String destFilename) {
X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Organization Validiated)");
// Subject
Subject subject = profile.getSubject();
List<RdnType> rdnControls = subject.getRdns();
rdnControls.add(createRdn(DN.C, 1, 1));
rdnControls.add(createRdn(DN.ST, 0, 1));
rdnControls.add(createRdn(DN.localityName, 0, 1));
rdnControls.add(createRdn(DN.O, 1, 1));
rdnControls.add(createRdn(DN.OU, 0, 1));
rdnControls.add(createRdn(DN.SN, 0, 1));
rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
List<ExtensionType> list = profile.getExtensions();
// Extensions - CertificatePolicies
list.add(createExtension(Extension.certificatePolicies, true, false));
Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
policiesIdAndCpsMap.put(BaseRequirements.id_organization_validated, null);
last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
marshall(profile, destFilename, true);
}
Also used :
HashMap(java.util.HashMap)
ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType)
X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType)
Subject(org.xipki.ca.certprofile.xijson.conf.Subject)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)
Aggregations
ExtensionType (org.xipki.ca.certprofile.xijson.conf.ExtensionType)5
Subject (org.xipki.ca.certprofile.xijson.conf.Subject)5
RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)5
X509ProfileType (org.xipki.ca.certprofile.xijson.conf.X509ProfileType)5
HashMap (java.util.HashMap)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
KeyUsage (org.xipki.security.KeyUsage)2
