List of usage examples for org.bouncycastle.asn1.x509 Extension authorityInfoAccess
ASN1ObjectIdentifier authorityInfoAccess
To view the source code for org.bouncycastle.asn1.x509 Extension authorityInfoAccess.
Click Source Link
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Setting up key-pairs, mocked crypto tokens, certificates and CRLs used * by the tests.//from w ww. j a v a 2 s . c om */ @BeforeClass public static void setUpClass() throws Exception { Security.addProvider(new BouncyCastleProvider()); JcaX509CertificateConverter conv = new JcaX509CertificateConverter(); // Root CA, sub CA rootcaCRLFile = File.createTempFile("xadestest-", "-rootca.crl"); LOG.debug("rootcaCRLFile: " + rootcaCRLFile); subca1CRLFile = File.createTempFile("xadestest-", "-subca.crl"); LOG.debug("subcaCRLFile: " + subca1CRLFile); rootcaKeyPair = CryptoUtils.generateRSA(1024); anotherKeyPair = CryptoUtils.generateRSA(1024); rootcaCert = new CertBuilder().setSelfSignKeyPair(rootcaKeyPair).setSubject("CN=Root, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.keyUsage, false, new X509KeyUsage( X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(true))).build(); final KeyPair subca1KeyPair = CryptoUtils.generateRSA(1024); subca1Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(subca1KeyPair.getPublic()) .addCDPURI(rootcaCRLFile.toURI().toURL().toExternalForm()) .setSubject("CN=Sub 1, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.keyUsage, false, new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(true))).build(); subca2KeyPair = CryptoUtils.generateRSA(1024); subca2Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(subca2KeyPair.getPublic()) .setSubject("CN=Sub 2, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.keyUsage, false, new X509KeyUsage( X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign | X509KeyUsage.digitalSignature))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(true))) .addExtension(new CertExt(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, "http://ocsp.example.com")))) .build(); // Signer 1 is issued directly by the root CA final KeyPair signer1KeyPair = CryptoUtils.generateRSA(1024); final X509CertificateHolder signer1Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(signer1KeyPair.getPublic()) .setSubject("CN=Signer 1, O=XAdES Test, C=SE") .addCDPURI(rootcaCRLFile.toURI().toURL().toExternalForm()) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))).build(); final List<Certificate> chain1 = Arrays.<Certificate>asList(conv.getCertificate(signer1Cert), conv.getCertificate(rootcaCert)); token1 = new MockedCryptoToken(signer1KeyPair.getPrivate(), signer1KeyPair.getPublic(), conv.getCertificate(signer1Cert), chain1, "BC"); LOG.debug("Chain 1: \n" + new String(CertTools.getPEMFromCerts(chain1), "ASCII") + "\n"); // Sign a document by signer 1 XAdESSigner instance = new MockedXAdESSigner(token1); WorkerConfig config = new WorkerConfig(); instance.init(4712, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-201-1"); GenericSignRequest request = new GenericSignRequest(201, "<test201/>".getBytes("UTF-8")); GenericSignResponse response = (GenericSignResponse) instance.processData(request, requestContext); byte[] data = response.getProcessedData(); signedXml1 = new String(data); LOG.debug("Signed document by signer 1:\n\n" + signedXml1 + "\n"); // Signer 2 is issued by the sub CA final KeyPair signer2KeyPair = CryptoUtils.generateRSA(1024); final X509CertificateHolder signer2Cert = new CertBuilder().setIssuerPrivateKey(subca1KeyPair.getPrivate()) .setIssuer(subca1Cert.getSubject()).setSubjectPublicKey(signer2KeyPair.getPublic()) .setSubject("CN=Signer 2, O=XAdES Test, C=SE") .addCDPURI(subca1CRLFile.toURI().toURL().toExternalForm()) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))).build(); final List<Certificate> chain2 = Arrays.<Certificate>asList(conv.getCertificate(signer2Cert), conv.getCertificate(subca1Cert), conv.getCertificate(rootcaCert)); token2 = new MockedCryptoToken(signer2KeyPair.getPrivate(), signer2KeyPair.getPublic(), conv.getCertificate(signer2Cert), chain2, "BC"); LOG.debug("Chain 2: \n" + new String(CertTools.getPEMFromCerts(chain2)) + "\n"); // Sign a document by signer 2 instance = new MockedXAdESSigner(token2); config = new WorkerConfig(); instance.init(4713, config, null, null); requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-202-1"); request = new GenericSignRequest(202, "<test202/>".getBytes("UTF-8")); response = (GenericSignResponse) instance.processData(request, requestContext); data = response.getProcessedData(); signedXml2 = new String(data); LOG.debug("Signed document by signer 2:\n\n" + signedXml2 + "\n"); // CRL with all active (empty CRL) rootcaCRLEmpty = new CRLBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).build(); subca1CRLEmpty = new CRLBuilder().setIssuerPrivateKey(subca1KeyPair.getPrivate()) .setIssuer(subca1Cert.getSubject()).build(); rootcaCRLSubCAAndSigner1Revoked = new CRLBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()) .addCRLEntry(subca1Cert.getSerialNumber(), new Date(), CRLReason.keyCompromise) .addCRLEntry(signer1Cert.getSerialNumber(), new Date(), CRLReason.keyCompromise).build(); subca1CRLSigner2Revoked = new CRLBuilder().setIssuerPrivateKey(subca1KeyPair.getPrivate()) .setIssuer(subca1Cert.getSubject()) .addCRLEntry(signer2Cert.getSerialNumber(), new Date(), CRLReason.keyCompromise).build(); otherCRL = new CRLBuilder().setIssuer(subca1Cert.getSubject()) // Setting Sub CA DN all though an other key will be used .build(); // signer 3, issued by the root CA with an OCSP authority information access in the signer cert final KeyPair signer3KeyPair = CryptoUtils.generateRSA(1024); signer3Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(signer3KeyPair.getPublic()) .setSubject("CN=Signer 3, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, "http://ocsp.example.com")))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))).build(); final List<Certificate> chain3 = Arrays.<Certificate>asList(conv.getCertificate(signer3Cert), conv.getCertificate(rootcaCert)); token3 = new MockedCryptoToken(signer3KeyPair.getPrivate(), signer3KeyPair.getPublic(), conv.getCertificate(signer3Cert), chain3, "BC"); LOG.debug("Chain 3: \n" + new String(CertTools.getPEMFromCerts(chain3)) + "\n"); // signer 4, issued by the sub CA2 with an OCSP authority information access in the signer cert final KeyPair signer4KeyPair = CryptoUtils.generateRSA(1024); signer4Cert = new CertBuilder().setIssuerPrivateKey(subca2KeyPair.getPrivate()) .setIssuer(subca2Cert.getSubject()).setSubjectPublicKey(signer4KeyPair.getPublic()) .setSubject("CN=Signer 4, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, "http://ocsp.example.com")))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))).build(); final List<Certificate> chain4 = Arrays.<Certificate>asList(conv.getCertificate(signer4Cert), conv.getCertificate(subca2Cert), conv.getCertificate(rootcaCert)); token4 = new MockedCryptoToken(signer4KeyPair.getPrivate(), signer4KeyPair.getPublic(), conv.getCertificate(signer4Cert), chain4, "BC"); LOG.debug("Chain 4: \n" + new String(CertTools.getPEMFromCerts(chain4)) + "\n"); // ocspSigner 1, OCSP responder issued by the root CA with an ocsp-nocheck in the signer cert ocspSigner1KeyPair = CryptoUtils.generateRSA(1024); ocspSigner1Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(ocspSigner1KeyPair.getPublic()) .setSubject("CN=OCSP Responder 1, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))) .addExtension(new CertExt(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning))) .addExtension(new CertExt(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, new DERNull())) .build(); // ocspSigner 2, OCSP responder issued by the sub CA2 with an ocsp-nocheck in the signer cert ocspSigner2KeyPair = CryptoUtils.generateRSA(1024); ocspSigner2Cert = new CertBuilder().setIssuerPrivateKey(subca2KeyPair.getPrivate()) .setIssuer(subca2Cert.getSubject()).setSubjectPublicKey(ocspSigner2KeyPair.getPublic()) .setSubject("CN=OCSP Responder 2, O=XAdES Test, C=SE") .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))) .addExtension(new CertExt(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning))) .addExtension(new CertExt(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, new DERNull())) .build(); // Sign a document by signer 3 instance = new MockedXAdESSigner(token3); config = new WorkerConfig(); instance.init(4714, config, null, null); requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-203-1"); request = new GenericSignRequest(202, "<test203/>".getBytes("UTF-8")); response = (GenericSignResponse) instance.processData(request, requestContext); data = response.getProcessedData(); signedXml3 = new String(data); LOG.debug("Signed document by signer 3:\n\n" + signedXml3 + "\n"); // Sign a document by signer 4 instance = new MockedXAdESSigner(token4); config = new WorkerConfig(); instance.init(4715, config, null, null); requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-204-1"); request = new GenericSignRequest(203, "<test204/>".getBytes("UTF-8")); response = (GenericSignResponse) instance.processData(request, requestContext); data = response.getProcessedData(); signedXml4 = new String(data); LOG.debug("Signed document by signer 4:\n\n" + signedXml4 + "\n"); // Signer 5 is issued directly by the root CA final KeyPair signer5KeyPair = CryptoUtils.generateRSA(1024); signer5Cert = new CertBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()).setSubjectPublicKey(signer5KeyPair.getPublic()) .setSubject("CN=Signer 5, O=XAdES Test, C=SE") .addCDPURI(rootcaCRLFile.toURI().toURL().toExternalForm()) .addExtension(new CertExt(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(AccessDescription.id_ad_ocsp, new GeneralName(GeneralName.uniformResourceIdentifier, "http://ocsp.example.com")))) .addExtension(new CertExt(Extension.basicConstraints, false, new BasicConstraints(false))).build(); final List<Certificate> chain5 = Arrays.<Certificate>asList(conv.getCertificate(signer5Cert), conv.getCertificate(rootcaCert)); token5 = new MockedCryptoToken(signer5KeyPair.getPrivate(), signer5KeyPair.getPublic(), conv.getCertificate(signer1Cert), chain5, "BC"); LOG.debug("Chain 5: \n" + new String(CertTools.getPEMFromCerts(chain5)) + "\n"); // Sign a document by signer 5 instance = new MockedXAdESSigner(token5); config = new WorkerConfig(); instance.init(4712, config, null, null); requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-205-1"); request = new GenericSignRequest(205, "<test205/>".getBytes("UTF-8")); response = (GenericSignResponse) instance.processData(request, requestContext); data = response.getProcessedData(); signedXml5 = new String(data); LOG.debug("Signed document by signer 5:\n\n" + signedXml5 + "\n"); // CRL with signer 5 revoked rootcaCRLSigner5Revoked = new CRLBuilder().setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setIssuer(rootcaCert.getSubject()) .addCRLEntry(signer5Cert.getSerialNumber(), new Date(), CRLReason.keyCompromise).build(); }
From source file:org.wso2.carbon.identity.certificateauthority.CAAdminService.java
License:Open Source License
protected X509Certificate signCSR(String serialNo, PKCS10CertificationRequest request, int validity, PrivateKey privateKey, X509Certificate caCert) throws CaException { try {//from w w w. j av a 2 s. c o m Date issuedDate = new Date(); Date expiryDate = new Date(System.currentTimeMillis() + validity * MILLIS_PER_DAY); JcaPKCS10CertificationRequest jcaRequest = new JcaPKCS10CertificationRequest(request); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(caCert, new BigInteger(serialNo), issuedDate, expiryDate, jcaRequest.getSubject(), jcaRequest.getPublicKey()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); certificateBuilder .addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)) .addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(jcaRequest.getPublicKey())) .addExtension(Extension.basicConstraints, true, new BasicConstraints(0)) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey); //todo add ocsp extension int tenantID = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); DistributionPointName crlEp = new DistributionPointName(new GeneralNames(new GeneralName( GeneralName.uniformResourceIdentifier, CAUtils.getServerURL() + "/ca/crl/" + tenantID))); DistributionPoint disPoint = new DistributionPoint(crlEp, null, null); certificateBuilder.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[] { disPoint })); AccessDescription ocsp = new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName( GeneralName.uniformResourceIdentifier, CAUtils.getServerURL() + "/ca/ocsp/" + tenantID)); ASN1EncodableVector authInfoAccessASN = new ASN1EncodableVector(); authInfoAccessASN.add(ocsp); certificateBuilder.addExtension(Extension.authorityInfoAccess, false, new DERSequence(authInfoAccessASN)); return new JcaX509CertificateConverter().setProvider("BC") .getCertificate(certificateBuilder.build(signer)); // AccessDescription ocsp = new AccessDescription(ID_AD_OCSP, // new GeneralName(GeneralName.uniformResourceIdentifier, // new DERIA5String(CAUtils.getServerURL()+"/ca/ocsp/" + tenantID)) // ); // // ASN1EncodableVector authInfoAccessASN = new ASN1EncodableVector(); // authInfoAccessASN.add(ocsp); // // certGen.addExtension(X509Extensions.AuthorityInfoAccess, false, new DERSequence(authInfoAccessASN)); // // DistributionPointName crlEP = new DistributionPointName(DNP_TYPE, new GeneralNames( // new GeneralName(GeneralName.uniformResourceIdentifier, CAUtils.getServerURL()+"/ca/crl/" + tenantID))); // // DistributionPoint[] distPoints = new DistributionPoint[1]; // distPoints[0] = new DistributionPoint(crlEP, null, null); // // certGen.addExtension(X509Extensions.CRLDistributionPoints, false, new CRLDistPoint(distPoints)); // // ASN1Set attributes = request.getCertificationRequestInfo().getAttributes(); // for (int i = 0; i != attributes.size(); i++) { // Attribute attr = Attribute.getInstance(attributes.getObjectAt(i)); // // if (attr.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // X509Extensions extensions = X509Extensions.getInstance(attr.getAttrValues().getObjectAt(0)); // // Enumeration e = extensions.oids(); // while (e.hasMoreElements()) { // DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); // X509Extension ext = extensions.getExtension(oid); // // certGen.addExtension(oid, ext.isCritical(), ext.getValue().getOctets()); // } // } // } // X509Certificate issuedCert = certGen.generateX509Certificate(privateKey); // return issuedCert; } catch (Exception e) { throw new CaException("Error in signing the certificate", e); } }
From source file:org.xdi.oxauth.cert.validation.OCSPCertificateVerifier.java
License:MIT License
@SuppressWarnings({ "deprecation", "resource" })
private String getOCSPUrl(X509Certificate certificate) throws IOException {
ASN1Primitive obj;/*from w w w . j a v a 2 s. c o m*/
try {
obj = getExtensionValue(certificate, Extension.authorityInfoAccess.getId());
} catch (IOException ex) {
log.error("Failed to get OCSP URL", ex);
return null;
}
if (obj == null) {
return null;
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(obj);
AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
for (AccessDescription accessDescription : accessDescriptions) {
boolean correctAccessMethod = accessDescription.getAccessMethod()
.equals(X509ObjectIdentifiers.ocspAccessMethod);
if (!correctAccessMethod) {
continue;
}
GeneralName name = accessDescription.getAccessLocation();
if (name.getTagNo() != GeneralName.uniformResourceIdentifier) {
continue;
}
DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false);
return derStr.getString();
}
return null;
}
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_RootCA() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile RootCA", true, "10y", false, new String[] { "SHA256", "SHA1" }); // Subject/*from ww w . j a v a2s.c om*/ Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.C_RL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_Cross() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile Cross", true, "10y", false, new String[] { "SHA256", "SHA1" }); // Subject// w w w . ja v a 2 s . c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_SubCA() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA", true, "8y", false, new String[] { "SHA256", "SHA1" }); // Subject//from w w w. j ava2s. c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.C_RL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_SubCA_Complex() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile SubCA with most extensions", true, "8y", false, new String[] { "SHA256", "SHA1" }); // Subject/*from w w w . ja v a 2 s . c o m*/ Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1, null, "PREFIX ", " SUFFIX")); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = createBasicConstraints(1); list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(false); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.KEY_CERT_SIGN }, new KeyUsageEnum[] { KeyUsageEnum.C_RL_SIGN }); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Certificate Policies extensionValue = createCertificatePolicies(new ASN1ObjectIdentifier("1.2.3.4.5"), new ASN1ObjectIdentifier("2.4.3.2.1")); list.add(createExtension(Extension.certificatePolicies, true, false, extensionValue)); // Policy Mappings PolicyMappings policyMappings = new PolicyMappings(); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.1"), new ASN1ObjectIdentifier("2.1.1.1.1"))); policyMappings.getMapping().add(createPolicyIdMapping(new ASN1ObjectIdentifier("1.1.1.1.2"), new ASN1ObjectIdentifier("2.1.1.1.2"))); extensionValue = createExtensionValueType(policyMappings); list.add(createExtension(Extension.policyMappings, true, true, extensionValue)); // Policy Constraints PolicyConstraints policyConstraints = createPolicyConstraints(2, 2); extensionValue = createExtensionValueType(policyConstraints); list.add(createExtension(Extension.policyConstraints, true, true, extensionValue)); // Name Constrains NameConstraints nameConstraints = createNameConstraints(); extensionValue = createExtensionValueType(nameConstraints); list.add(createExtension(Extension.nameConstraints, true, true, extensionValue)); // Inhibit anyPolicy InhibitAnyPolicy inhibitAnyPolicy = createInhibitAnyPolicy(1); extensionValue = createExtensionValueType(inhibitAnyPolicy); list.add(createExtension(Extension.inhibitAnyPolicy, true, true, extensionValue)); // SubjectAltName SubjectAltName subjectAltNameMode = new SubjectAltName(); OtherName otherName = new OtherName(); otherName.getType().add(createOidType(ObjectIdentifiers.DN_O)); subjectAltNameMode.setOtherName(otherName); subjectAltNameMode.setRfc822Name(""); subjectAltNameMode.setDNSName(""); subjectAltNameMode.setDirectoryName(""); subjectAltNameMode.setEdiPartyName(""); subjectAltNameMode.setUniformResourceIdentifier(""); subjectAltNameMode.setIPAddress(""); subjectAltNameMode.setRegisteredID(""); extensionValue = createExtensionValueType(subjectAltNameMode); list.add(createExtension(Extension.subjectAlternativeName, true, false, extensionValue)); // SubjectInfoAccess SubjectInfoAccess subjectInfoAccessMode = new SubjectInfoAccess(); SubjectInfoAccess.Access access = new SubjectInfoAccess.Access(); access.setAccessMethod(createOidType(ObjectIdentifiers.id_ad_caRepository)); GeneralNameType accessLocation = new GeneralNameType(); access.setAccessLocation(accessLocation); accessLocation.setDirectoryName(""); accessLocation.setUniformResourceIdentifier(""); subjectInfoAccessMode.getAccess().add(access); extensionValue = createExtensionValueType(subjectInfoAccessMode); list.add(createExtension(Extension.subjectInfoAccess, true, false, extensionValue)); // Custom Extension ASN1ObjectIdentifier customExtensionOid = new ASN1ObjectIdentifier("1.2.3.4"); extensionValue = createConstantExtValue(DERNull.INSTANCE.getEncoded()); list.add(createExtension(customExtensionOid, true, false, extensionValue, "custom extension 1")); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_OCSP() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile OCSP", false, "5y", false, new String[] { "SHA256" }); // Subject// w ww . j a v a 2 s. c o m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); list.add(createExtension(ObjectIdentifiers.id_extension_pkix_ocsp_nocheck, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.CONTENT_COMMITMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_OCSPSigning }, null); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_TLS() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLS", false, "5y", true, new String[] { "SHA1" }); // Subject//w ww .ja va 2s.co m Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1, new String[] { REGEX_FQDN }, null, null)); // Extensions // Extensions - general ExtensionsType extensions = profile.getExtensions(); // Extensions - controls List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_serverAuth }, new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); // Admission - just DEMO, does not belong to TLS certificate extensionValue = createAdmission(new ASN1ObjectIdentifier("1.1.1.2"), "demo item"); list.add(createExtension(ObjectIdentifiers.id_extension_admission, true, false, extensionValue)); return profile; }
From source file:org.xipki.ca.certprofile.internal.ProfileConfCreatorDemo.java
License:Open Source License
private static X509ProfileType Certprofile_TLS_C() throws Exception { X509ProfileType profile = getBaseProfile("Certprofile TLS_C", false, "5y", false, new String[] { "SHA1" }); // Subject/*from ww w .j ava 2s.c o m*/ Subject subject = profile.getSubject(); subject.setIncSerialNumber(false); List<RdnType> rdnControls = subject.getRdn(); rdnControls.add(createRDN(ObjectIdentifiers.DN_C, 1, 1, new String[] { "DE|FR" }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_O, 1, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_OU, 0, 1)); rdnControls.add(createRDN(ObjectIdentifiers.DN_SN, 0, 1, new String[] { REGEX_SN }, null, null)); rdnControls.add(createRDN(ObjectIdentifiers.DN_CN, 1, 1)); // Extensions ExtensionsType extensions = profile.getExtensions(); List<ExtensionType> list = extensions.getExtension(); list.add(createExtension(Extension.subjectKeyIdentifier, true, false, null)); list.add(createExtension(Extension.cRLDistributionPoints, false, false, null)); list.add(createExtension(Extension.freshestCRL, false, false, null)); // Extensions - basicConstraints ExtensionValueType extensionValue = null; list.add(createExtension(Extension.basicConstraints, true, true, extensionValue)); // Extensions - AuthorityInfoAccess extensionValue = createAuthorityInfoAccess(); list.add(createExtension(Extension.authorityInfoAccess, true, false, extensionValue)); // Extensions - AuthorityKeyIdentifier extensionValue = createAuthorityKeyIdentifier(true); list.add(createExtension(Extension.authorityKeyIdentifier, true, false, extensionValue)); // Extensions - keyUsage extensionValue = createKeyUsages(new KeyUsageEnum[] { KeyUsageEnum.DIGITAL_SIGNATURE, KeyUsageEnum.DATA_ENCIPHERMENT, KeyUsageEnum.KEY_ENCIPHERMENT }, null); list.add(createExtension(Extension.keyUsage, true, true, extensionValue)); // Extensions - extenedKeyUsage extensionValue = createExtendedKeyUsage(new ASN1ObjectIdentifier[] { ObjectIdentifiers.id_kp_clientAuth }, null); list.add(createExtension(Extension.extendedKeyUsage, true, false, extensionValue)); return profile; }