Search in sources :

Example 1 with X509ProfileType

use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabRootCa.

// method main
private static void certprofileCabRootCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile RootCA (CA/Browser Forum BR)", CertLevel.RootCA, "10y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    marshall(profile, destFilename, true);
}
Also used : ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 2 with X509ProfileType

use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabDomainValidatedTls.

// method certprofileCabSubCa
private static void certprofileCabDomainValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Domain Validated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_domain_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 3 with X509ProfileType

use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabIndividualValidatedTls.

// method certprofileCabOrganizationValidatedTls
private static void certprofileCabIndividualValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Individual Validiated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.ST, 0, 1));
    rdnControls.add(createRdn(DN.localityName, 0, 1));
    rdnControls.add(createRdn(DN.givenName, 1, 1));
    rdnControls.add(createRdn(DN.surname, 1, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_individual_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 4 with X509ProfileType

use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabSubCa.

// method certprofileCabRootCa
private static void certprofileCabSubCa(String destFilename) {
    X509ProfileType profile = getBaseCabProfile("certprofile SubCA (CA/Browser Forum BR)", CertLevel.SubCA, "8y");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1));
    // Extensions
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - controls
    list.add(createExtension(Extension.subjectKeyIdentifier, true, false));
    list.add(createExtension(Extension.cRLDistributionPoints, true, false));
    last(list).setCrlDistributionPoints(createCrlDistibutoionPoints());
    // Extensions - basicConstraints
    list.add(createExtension(Extension.basicConstraints, true, true));
    last(list).setBasicConstrains(createBasicConstraints(1));
    // Extensions - AuthorityInfoAccess
    list.add(createExtension(Extension.authorityInfoAccess, true, false));
    last(list).setAuthorityInfoAccess(createAuthorityInfoAccess());
    // Extensions - AuthorityKeyIdentifier
    list.add(createExtension(Extension.authorityKeyIdentifier, true, false));
    // Extensions - keyUsage
    list.add(createExtension(Extension.keyUsage, true, true));
    last(list).setKeyUsage(createKeyUsage(new KeyUsage[] { KeyUsage.keyCertSign, KeyUsage.cRLSign }, null));
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(new ASN1ObjectIdentifier("1.2.3.4"), "http://abc.def.de/cfp");
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) KeyUsage(org.xipki.security.KeyUsage) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Example 5 with X509ProfileType

use of org.xipki.ca.certprofile.xijson.conf.X509ProfileType in project xipki by xipki.

the class CabProfileConfDemo method certprofileCabOrganizationValidatedTls.

// method certprofileCabDomainValidatedTls
private static void certprofileCabOrganizationValidatedTls(String destFilename) {
    X509ProfileType profile = getBaseCabSubscriberProfile("certprofile TLS (CA/Browser Forum BR, Organization Validiated)");
    // Subject
    Subject subject = profile.getSubject();
    List<RdnType> rdnControls = subject.getRdns();
    rdnControls.add(createRdn(DN.C, 1, 1));
    rdnControls.add(createRdn(DN.ST, 0, 1));
    rdnControls.add(createRdn(DN.localityName, 0, 1));
    rdnControls.add(createRdn(DN.O, 1, 1));
    rdnControls.add(createRdn(DN.OU, 0, 1));
    rdnControls.add(createRdn(DN.SN, 0, 1));
    rdnControls.add(createRdn(DN.CN, 1, 1, REGEX_FQDN, null, null));
    List<ExtensionType> list = profile.getExtensions();
    // Extensions - CertificatePolicies
    list.add(createExtension(Extension.certificatePolicies, true, false));
    Map<ASN1ObjectIdentifier, String> policiesIdAndCpsMap = new HashMap<>();
    policiesIdAndCpsMap.put(BaseRequirements.id_organization_validated, null);
    last(list).setCertificatePolicies(createCertificatePolicies(policiesIdAndCpsMap));
    marshall(profile, destFilename, true);
}
Also used : HashMap(java.util.HashMap) ExtensionType(org.xipki.ca.certprofile.xijson.conf.ExtensionType) X509ProfileType(org.xipki.ca.certprofile.xijson.conf.X509ProfileType) Subject(org.xipki.ca.certprofile.xijson.conf.Subject) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) RdnType(org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)

Aggregations

ExtensionType (org.xipki.ca.certprofile.xijson.conf.ExtensionType)5 Subject (org.xipki.ca.certprofile.xijson.conf.Subject)5 RdnType (org.xipki.ca.certprofile.xijson.conf.Subject.RdnType)5 X509ProfileType (org.xipki.ca.certprofile.xijson.conf.X509ProfileType)5 HashMap (java.util.HashMap)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 KeyUsage (org.xipki.security.KeyUsage)2